Data Loss Prevention

DLP 11.6.3 on RHEL

Network Prevent (Email) in Forwarding Mode

Exchange MTA --> DLP Prevent Server --> MessageLabs

I am trying to test blocking of SMTP emails and I have added a "Bounce Message to Sender".  But that message is being sent to my downstream MTA instead of the sender.  According to the Prevent_MTA_Integration Guide:

"This rule blocks the message by returning a 550SMTPmessage to the Prevent-integrated MTA or to the upstream MTA."

How do I get this to be returned to the upstream MTA instead of the downstream MTA (MessageLabs)?

Which MTA does the message originate?

Is your upstream MTA configured to route incoming emails as well?

The message originates in the upstream, Exchange MTA.

The upstream MTA should be routing incoming emails, but I am having a difficult time confirming this with our Exchange admin.

Ron,

My reccomendtion to Everyone is to not populate the Block SMTP Message if possible. I would send a "redirected Message' to a dead email that goes no where. 

Then have a "send email message" that  then is customized and sent to the Sender.

This eliminates 2 messages being sent out. or issues with bounce back handling.

Ronak

If this answers your question, please marked as solved.

Ronak,

I tried your suggestion, and it resulted in the email that was to be sent to the recipient getting stuck in the Exchange edge server's queue, blocking other emails from going out.  I think this is because Exchange is somehow expecting ONLY a positive response from the downstream MTA (MessageLabs), or else it retries the send again every few minutes until it finally does receive a positive response.

This also caused retries of my sender-reply email being resent every 3-10 minutes, which was not a desired result, either.

I'm working with my Exchange admin to figure out what else we can do at this time.