Sender/Recipient Matches Pattern Field Limitations

book

Article ID: 160274

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

When setting up exception rules what are the field limitations for the "sender/recipient matches pattern" rule?

Resolution

The recipient rule has the ability to set domains in either/both of the "Email Address/Newsgroup Pattern" or "URL Domain" fields.  Within the product, the detection engine will apply the domain field to any traffic, i.e. HTTP, NNTP, SMTP, IM, etc. Email address will only be applied to messages that have identifiable users, i.e. SMTP and NNTP. The domain field therefore has the broadest capability, allowing a single rule to prevent any message flowing to a certain domain. Since the intention is to be broad at the domain level, a limit in the user interface was set as 512 characters.

 

The email address field is intended to be more specific to email and newsgroups. As such, it provides the ability to enter specific emails or patterns, such as [email protected] , sale*@*.company.com , or a discrete list of email addresses.  DLP allows for a much larger list in the email field as a result. This field has no limit in the user interface. The database likewise no limit. The web application has a configured limit of 2MB for any posted data, so the actual limit is somewhat closer to 2MB. In reality, the browser would need to be able to handle that large of a post. In addition, we would not recommend trying to push the limit due to the size of data being pushed through policy to Endpoint Agents and Detection Servers.

 

 

References:

 

 

How many IP addresses can be entered into the IP address field of Sender/User Matches Conditions?

https://support.symantec.com/en_US/article.TECH220225.html