Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 6 replies
  • Subscribers 0 subscribers
  • Views 2210 views
  • Users 0 members are here
Options
Suggested

[9.200][ANSWERED] SMTP: Data Protection not working for DENMARK

twister5800
Hi,

I have testet the "Data Protection" feature today, I have enabled ALL possible SophosLabs CCLs for Denmark, and set the Action to Allow and Notify for Administrator.

I have send mails with all kinds of secret stuff, phone numbers, bank accounts and social security numbers, but I was never notified.

Am I missing something or are the CCLs for Dk inaccurate?
Parents
  • 0
    Hi Benjamin,

    Thanks for your input, I try to test with this:

    Subject: TEST
    5800

    ​5800

    5800

    ​5000

    57435

    3344

    6789

    4565

    3456

    2222

    4600

    87096

    4567

    2222

    9999

    0000

    2014:02:28-18:31:22 mail smtpd[32292]: SCANNER[32292]: Nothing to do, exiting.
    2014:02:28-18:31:35 mail exim-in[5023]: 2014-02-28 18:31:35 SMTP connection from [***.***.***.***]:54545 (TCP/IP connection count = 1)
    2014:02:28-18:31:36 mail exim-in[32349]: 2014-02-28 18:31:36 H=([***x.***x.***x.***x]) [***.***.***.***]:54545 Warning: bbbb.dk profile excludes greylisting: Skipping greylisting for this message
    2014:02:28-18:31:36 mail exim-in[32349]: 2014-02-28 18:31:36 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="***.***.***.***" from="adbacc8a2@123tanz.at" to="adbacc8a2@bbbb.dk" size="-1" reason="rbl" extra="black.rbl.ctipd.astaro.local"
    2014:02:28-18:31:36 mail exim-in[32349]: 2014-02-28 18:31:36 SMTP connection from ([***x.***x.***x.***x]) [***x.***x.***x.***x]:54545 closed by DROP in ACL
    2014:02:28-18:32:00 mail exim-out[32381]: 2014-02-28 18:32:00 Start queue run: pid=32381
    2014:02:28-18:32:00 mail exim-out[32381]: 2014-02-28 18:32:00 End queue run: pid=32381
    2014:02:28-18:32:44 mail exim-in[5023]: 2014-02-28 18:32:44 SMTP connection from [192.168.10.11]:28007 (TCP/IP connection count = 1)
    2014:02:28-18:32:44 mail exim-in[32501]: 2014-02-28 18:32:44 H=(EXCH01.twister.local) [192.168.10.11]:28007 Warning: Exception matched: Skipping greylisting for this message
    2014:02:28-18:32:44 mail exim-in[32501]: 2014-02-28 18:32:44 [192.168.10.11] F= R= Accepted: from relay
    2014:02:28-18:32:44 mail exim-in[32501]: 2014-02-28 18:32:44 1WJRIi-0008SD-1C ctasd reports 'Unknown' RefID:str=0001.0A0B0209.5310C83C.0090,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
    2014:02:28-18:32:44 mail exim-in[32501]: 2014-02-28 18:32:44 1WJRIi-0008SD-1C martin@bbbb.dk H=(EXCH01.twister.local) [192.168.10.11]:28007 P=esmtps X=TLSv1:AES256-SHA:256 S=4772 id=0c22bed6ec8d4253a1f68be3d2f9cf5a@EXCH01.twister.local
    2014:02:28-18:32:44 mail exim-in[32501]: 2014-02-28 18:32:44 SMTP connection from (EXCH01.twister.local) [192.168.10.11]:28007 closed by QUIT
    2014:02:28-18:32:45 mail smtpd[4958]: QMGR[4958]: 1WJRIi-0008SD-1C moved to work queue
    2014:02:28-18:32:49 mail exim-in[5023]: 2014-02-28 18:32:49 SMTP connection from [190.238.109.136]:10595 (TCP/IP connection count = 1)
    2014:02:28-18:32:50 mail smtpd[32520]: SCANNER[32520]: 1WJRIo-0008SW-24 martin@bbbb.dk R=1WJRIi-0008SD-1C P=INPUT S=3532
    2014:02:28-18:32:54 mail smtpd[32520]: SCANNER[32520]: [DLP] Matching DLP expressions
    2014:02:28-18:32:54 mail smtpd[32520]: SCANNER[32520]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="192.168.10.11" from="martin@bbbb.dk" to="martin@aaa.dk" subject="VS: TEST" queueid="1WJRIo-0008SW-24" size="3532"
    2014:02:28-18:32:54 mail smtpd[32520]: SCANNER[32520]: 1WJRIi-0008SD-1C => work R=SCANNER T=SCANNER
    2014:02:28-18:32:54 mail smtpd[32520]: SCANNER[32520]: 1WJRIi-0008SD-1C Completed
    2014:02:28-18:32:55 mail exim-out[32525]: 2014-02-28 18:32:55 1WJRIo-0008SW-24 => martin@aaa.dk P= R=dnslookup T=remote_smtp H=mailscan.aaa.dk [188.182.18.74]:25 X=UNKNOWN:AES256-SHA:256 C="250 OK id=1WJRIt-000863-1J"
    2014:02:28-18:32:55 mail exim-out[32525]: 2014-02-28 18:32:55 1WJRIo-0008SW-24 Completed
    2014:02:28-18:33:00 mail exim-out[32534]: 2014-02-28 18:33:00 Start queue run: pid=32534
    2014:02:28-18:33:00 mail exim-out[32534]: 2014-02-28 18:33:00 End queue run: pid=32534 

    Am I missing something?

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v19 Architect

  • 0 in reply to twister5800
    Hi,

    it seems that only the postcode is not enough. As the rulename says it's about postal addresses.
    I found "DK-8660 SKANDERBORG" to be a valid postal format for Denmark from the UPU, try playing with this.
    Nevertheless the description of the rule should be improved.

    Hope that helps.

    Regards,
    Benjamin
Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?