Data Loss Prevention

I have a server running Network Prevent for E-mail in Forward mode. I configured a test policy containing a single Content Matches Keyword rule and a Modify SMTP Message response rule set to prepend a string to the subject and add an X-CFilter with specific value.

To test the policy I sent an email containing the trigger keyword, and subsequently an SMTP incident was created. In the details of the incident it says "Network Prevent Action" =Message Modified.

However, when looking at my sent email in the receiving inbox, there is no modification, i.e. no addition to the subject and no specified X-CFilter value.

Has anyone else run into this problem?

What's the Email Server you used?

Postfix

funny thing is though, I don't get a block action on Endpoint Prevent either. Incidents created, but block (or alter) actions don't work.

The default behavior of the Network Prevent for Email is to add a header field to every message that passes through the system. There are two server settings that control this:

RequestProcessor.DefaultPassHeader: contains the header value to add to each message. The default value is: X-Cfilter-Loop: Reflected . You can change this value; however, the SMTP convention is that customized headers should begin with "X-" for compatibility reasons.

RequestProcessor.AddDefaultHeader: is either true (default) or false. If true, the header in the field above will be added to each message.

These settings are located in the Server Settings screen, and are configured on a per-server basis. You can capture the network packet to checkout whether your emial is modified by the Prevent.

It happened to me awhile ago it seems to be a "feature" of DLP, you need to turn off "TRIAL" mode  and then it will all work. for some reason when in trial mode, the headers dont get modified.

I have checked to make sure all our prevent server settings are set to 'false' for 'IncidentDetection.TrialMode', and still not getting the subject prepended. Any ideas/suggestions?