Modify SMTP Message does not work in DLP Network Prevent
search cancel

Modify SMTP Message does not work in DLP Network Prevent

book

Article ID: 159846

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email Data Loss Prevention

Issue/Introduction

You have implemented Network Prevent for SMTP and are unable to use "Network Prevent: Modify SMTP Message" as a Response Rule.

Environment

Symantec Data Loss Prevention

Resolution

  1. First, check that the Prevent Server is not in Trial Mode.
    Enforce Console > System > Servers and Detectors > Overview > Select the SMTP detection server > Configure 

  2. From Enforce, check that incident history shows that the email message was modified, but the actual email is not showing modified.

  3. Check the DNS settings for the SMTP Prevent Server.  The hostname, hosts file, and DNS suffix must be correct. If they do not match correctly, reboot the server.

    If the DNS settings are incorrect, the RequestProcessor debug will show a message similar to the following:

    WARNING: RPT(2a): java.net.UnknownHostException: <DNS name>: <DNS name>
    com.vontu.mta.rp.MTAException: java.net.UnknownHostException: <DNS name>: <DNS name>
    at com.vontu.mta.rp.ESMTPRequestProcessorThread.getReceiverOrReconnect(ESMTPRequestProcessorThread.java:529)
    at com.vontu.mta.rp.ResponseProcessor._addAdditionalHeaders(ResponseProcessor.java:181)
    at com.vontu.mta.rp.ResponseProcessor.respond(ResponseProcessor.java:130)
    at com.vontu.mta.rp.DataProcessingState._endTransfer(DataProcessingState.java:315)
    at com.vontu.mta.rp.DataProcessingState.buffer(DataProcessingState.java:55)
    at com.vontu.mta.rp.RequestProcessorHandler.handleLine(RequestProcessorHandler.java:57)
    at com.vontu.mta.rp.ESMTPRequestProcessorThread._readPeer(ESMTPRequestProcessorThread.java:713)
    at com.vontu.mta.rp.ESMTPRequestProcessorThread._process(ESMTPRequestProcessorThread.java:780)
    at com.vontu.mta.rp.ESMTPRequestProcessorThread.run(ESMTPRequestProcessorThread.java:1094)
    at java.lang.Thread.run(Thread.java:595)
    Caused by: java.net.UnknownHostException: <DNS name>: <DNS name>
    at java.net.InetAddress.getLocalHost(InetAddress.java:1346)
    at com.vontu.mta.rp.ESMTPRequestProcessorThread._sayHello(ESMTPRequestProcessorThread.java:557)
    at com.vontu.mta.rp.ESMTPRequestProcessorThread.getReceiverOrReconnect(ESMTPRequestProcessorThread.java:525)

 

 

 

 

 

Powered by Wolken Software