cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1808
Views
5
Helpful
3
Replies

Test DLP with backup IronPort

chmeehan0421
Level 1
Level 1

I have a backup Ironport that I recently upgrade to the latest version of AsyncOS 7.1.2-020. My DLP trial key expires in a few days but is activated and I have setup a test policy.

I configured a Mozilla thunderbird client to use the internal private IP as it's smtp server and attemtpted to send some HIPPA and so on through it. First thing I got was address rejected. If I add the public free email domain to the RAT the message will make it to my free personal account but does not get flagged as outgoing mail, but incoming mail. Therefore, I don't think my DLP policy is being hit.

Can anyone assist with a good method of testing this with a backup appliance and a simple mail client?

Any help is appreciated.

Thanks.

Chris

3 Replies 3

Andreas Mueller
Level 4
Level 4

Hello Chris,

no problem to test this with a normal mailclient (I do use Thunderbird too when running test on our lab appliances). There is no difference of activating  DLP inbound or outbound, but note that in your setup you have sent the test message through a public listener with a simple ACCEPT policy, this is considered an inbound connection. So for this setup you'd have to enable DLP in you inbound mail policy. If you want to use Thunderbird to generate outbound messages, you have two possibilities:

1. Add a sendergroup RELAYLIST (or whatever name you prefer) to the HAT of your public listener, assign it to a RELAY mail flow policy, and add the IP address of the computer/server where Thunderbird is installed on to the sendergroup. Also place this group on top of your HAT.

2. Create a private listener on a different interface, or on the same interface as your public listener, with a different port (i.e. 26). Configure Thunderbird to to use this listeners IP/port. Also add the IP of the computer/server Thunderbird runs on in the RELAYLIST of that listener (private listener always come with one).

BTW, basic rules how AsynncOS considers a connection to be inbound or outbound:

Public Listener, non relay mail flow policy --> Inbound

Private listener OR Relay mail flow policy OR SMTP authentication -> Outbound

Like I said before, it does not really matter if the message is inbound or outbound, you just have to make sure DLP is enabled on your Inbound or Outbound Mail Policies. Also, for testing purposes on a production system, we recomment to create a separate mail policy for a specific sender or recipient, and enable DLP for this policy only.

Hope that helps,

Andreas