HOW TO: Setup and Use Dictionaries in PGP Universal Server

Article:TECH148965  |  Created: 2006-09-25  |  Updated: 2012-02-02  |  Article URL http://www.symantec.com/docs/TECH148965
Article Type
Technical Solution


Issue



This article provides information to help administrators setup and use Dictionaries in PGP Universal Server.

 


Solution



HOW TO: Setup and Use Dictionaries in PGP Universal Server

Dictionaries are lists of terms to be matched. Dictionaries work with mail policy to allow you to define content lists that can trigger rules or fulfill the conditions of a rule to trigger actions. For example, Dictionaries can contain addresses you want excluded from processing, key words like confidential, or user names for internal users whose messages need special handling.

A policy rule can have a dictionary associated with it as a condition. If a message meets the condition, the PGP Universal Server processes the message according the rule's action.

For example, one of the default Outbound rules is called Excluded Signed. The condition for that rule is If any of the following are true: Recipient address is in dictionary Excluded Addresses: Sign. This means the rule applies to any message in which the recipient address matches a term in the dictionary. If that condition is met, the action for the rule is triggered. The action is to sign and send the message with no further processing.

Dictionaries are also used to match external users to the correct external user policy. Create a dictionary containing a list of external user names, then create an external user policy with a membership made up of users with names in that dictionary.

The Dictionaries card lets you add and edit Dictionaries. There are 4 default dictionaries,and you can also create your own.

There are two types of dictionaries:
 

  • Static dictionaries are editable lists of literal or pattern strings. All except one of the dictionaries are static. 

     
  • Dynamic dictionaries are not editable but are maintained by the PGP Universal Server. Information in the dictionary comes from data elsewhere on the PGP Universal Server rather than added directly to the dictionary by hand. There is one dynamic dictionary, the Managed Domains dictionary.

There are two types of entries in a dictionary: 

 

  • Literals are dictionary entries that can only match against the exact characters in the entry. There is one and only one possible match. For example, if the dictionary entry is jsmith@example.com, then a message matches the entry only if it contains jsmith@example.com. Similar strings, for example, smith@example.com, will not match. 

     
  • Patterns are dictionary entries that match against characters in messages that satisfy the pattern. For example, the pattern j.*@example.com requires a match for the letter j, then any number of other characters, then the sequence @example.com, it will match jsmith@example.com and jgreen@example.com. Use regular expression syntax to create patterns. For more information on using regular expressions in building mail policy, refer to the PGP Universal online help.

Default Dictionaries

There are four default dictionaries that exist on the server when installed. You cannot delete these dictionaries.

 

  1. Excluded Addresses: Sign: The addresses in this dictionary do not receive normally encrypted messages; messages to these addresses are signed. These addresses are generally mailing lists. The list of sign default excluded addresses includes:

    .*-announce@*
    .*-bugs@*
    .*-devel@*
    .*-digest@*
    .*-docs@*
    .*-help@*
    .*-list@* 
    .*-news@*
    .*-users@*

    This dictionary corresponds to the default Outbound rule Excluded Signed. The rule applies to any message in which the recipient address matches a term in this dictionary. If that condition is met, the action for the rule is triggered. The action is send the message signed but not encrypted.

     
  2. Excluded Addresses: Do Not Sign: The addresses in this dictionary receive unsigned and unencrypted email. These addresses are generally mailing lists.

    PGP Universal Server includes default exclusion rules that handle email addresses common to mailing lists. You do not need to add these to the Excluded Email Addresses list. The list of do not sign default excluded addresses includes:

    .*-bounces@*.
    .*-report@*
    .*-request@*
    .*-subscribe@*
    .*-unsubscribe@*

    This dictionary corresponds to the default Outbound rule Excluded Unsigned. The rule applies to any message in which the recipient address matches a term in this dictionary. If that condition is met, the action for the rule is triggered. The action is to send the message unsigned and not encrypted.

     
  3. Excluded Addresses: Pending: If your PGP Universal Server proxies email, possible excluded addresses will be detected and added to this dictionary automatically. You can approve addresses on this list to add them to either Excluded Addresses: Sign or Excluded Addresses: Do Not Sign.

    While in Learn Mode, the PGP Universal Server will automatically detect and add to the Excluded Email Addresses dictionary those mailing lists that use standards-based header identification.

    When Learn Mode is turned off, the PGP Universal Server will still automatically detect mailing lists, but it will add them to the Excluded Addresses: Pending dictionary. The PGP Universal administrator must approve the mailing lists before messages to it will be excluded.

    The PGP Universal Server detects mailing lists per RFC 2919, List-Id: A Structured Field and Namespace for the Identification of Mailing Lists, as well as by using default exclusion rules.

    If you are using the Directory Synchronization feature, mailing lists found in the directory will be automatically added without requiring approval when using directories that support proper identification of mailing lists, such as Active Directory with Exchange Server.

    If a mailing list is not in the Excluded Addresses: Pending dictionary, it could be because the list wasn't detected or because the mailing list does not use standards-based header identification.

    If a mailing list is not automatically detected and added to the Excluded Addresses: Pending dictionary, you can easily add it directly to either of the Excluded Addresses dictionaries manually.

     
  4. Managed Domains: You cannot edit this dictionary from the Dictionaries card. If you want to add or delete a managed domain, use the Organization/Managed Domains tab.

    The dynamic managed domains dictionary automatically includes subdomains. To exclude or include specific subdomains in a rule, create a dictionary listing those domains and reference it in the rule's conditions.

     

Editing Default Dictionaries:

 

  1. From the Policy/Dictionaries tab, click Excluded Addresses: Sign or Excluded Addresses: Do Not Sign.

    The View Dictionary card appears.

     
  2. To delete terms from the dictionary, click the icon in the Delete column of the term you wish to delete, or click checkboxes to select multiple exclusions, and choose Delete Selected from the Options drop-down list.

    A confirmation dialog appears.

     
  3. Click OK.

     
  4. To add to the contents of the dictionary, click Add Exclusions near the bottom of the screen.

    The Edit Dictionary dialog appears.

     
  5. Select from the drop-down whether you are adding plain text terms, an XML file, or a ZIP file.

     
  6. Type in or paste a list of terms, each separated on its own line, or choose Import File and select a file to import.

     
  7. Specify whether the terms are Patterns or Literals.

     
  8. Choose whether to append the new terms to the current contents of the dictionary or to replace the existing terms with the new terms.

     
  9. Click Import.
     


Approving Pending Excluded Addresses:

 

  1. From the Policy/Dictionaries tab, click the Excluded Addresses: Pending dictionary.

    The View Dictionary card appears.

     
  2. To approve excluded addresses, click the checkboxes of the addresses you wish to approve, and choose Approve Selected from the Options drop-down list.

    A confirmation dialog appears.

     
  3. Click OK.

 

User-Defined Dictionaries

You can add dictionaries to use with specific policy rules.

Adding a User-Defined Dictionary:

 

  1. From the Policy/Dictionaries tab, near the bottom of the Dictionaries card, click Add Dictionary.

    The Add Dictionary dialog appears.

     
  2. Select from the drop-down whether you are adding plain text terms, an XML file, or a ZIP file.

     
  3. Add a Dictionary Name and Description. For example, you can add a dictionary named Managers and the description might be Messages from these users must always be encrypted and signed.

     
  4. Type in or paste a list of terms, each separated on its own line, or choose Import Text File and select a file to import.

     
  5. Specify whether the terms are Patterns or Literals.

     
  6. Click Import.


Editing a User Defined Dictionary:
 

  1. From the Policy/Dictionaries tab, click the name of the dictionary in the Name column you wish to edit.

    The View Dictionary card appears.

     
  2. To remove terms from the dictionary, click the icon in the Delete column of the term you wish to delete.

    A confirmation dialog appears.

     
  3. Click OK.

     
  4. Click Add Terms to add to the contents of the dictionary.

    The Edit Dictionary dialog appears.

     
  5. Select from the drop-down whether you are adding plain text terms, and XML file, or a ZIP file.

     
  6. Type in or paste a list of terms, each separated on its own line, or choose Import Text File and select a file to import.

     
  7. Specify whether the terms are Patterns or Literals.

     
  8. Choose whether to append the new terms to the current contents of the dictionary or to replace the existing terms with the new terms.

     
  9. Click Import.

     
  10. Click the Dictionary Settings button to change the name or description of the dictionary.

    Caution: If you do not want a rule to use a particular dictionary, you can simply remove it from that rule's conditions. If you delete a dictionary from the Dictionaries card, it will no longer be available for any rule in your mail policy and can make your rules invalid.

    The Dictionary Settings dialog appears.

     
  11. Choose the appropriate setting, then click Save.


Legacy ID



648


Article URL http://www.symantec.com/docs/TECH148965


Terms of use for this information are found in Legal Notices