Data Loss Prevention

Hello,

I am facing some issues with the parameter RequestProcessor.AllowHosts, as the default value is "any" this might lead to security issue so I have changed it to a limited set of servers'FQDN.

My problem is that today I need to extend the list from 10 servers to 100+ servers but I am facing a limitation on the server settings.

I was wondering if a workaround exists such as using wildcard like serversXXX.domain.com or a config file that I can on the server side.

Does someone have a feedback on this ?

Thank you for your help ! 

Regards,

The default value of any permits all systems to make connections to the Network Prevent for Email Server on the SMTP service port. You can define either IP address or Fully-Qualified Domain Name (FQDN) of one or more systems restricts SMTP connections to just those designated systems. Certain browsers may have  it's own limit to process data so you can give it a try updating 10 to 20 entries at a time.

This setting works with Email Prevent, I am wondering if you have 100+ upstream MTA connecting to Email Prevent Server?

hi

 if you have more than 100 IP addresses to allow to access your prevent server, i think you wont be able to manage it at DLP level so from my point of view :

- it means you dont need anymore to limit machine which can access it as you will allow so many machine that it is equivalent to "any"

- you have to think about a different architecture by adding a MTA between your servers and you detection server, so like this even if everyone is able to access your MTA you will be able to control it at DLP level or setting your DLP behind a firewall which will limit which machine are allowed to connect to DLP.

 regards