ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Avoid Policy-Based Encryption mail-loop

book

Article ID: 172495

calendar_today

Updated On:

Products

Email Security.cloud Email Encryption.cloud

Issue/Introduction

My organization is using Policy-based encryption service and getting a Message Not Delivered notification

could not be delivered because the message is either malformed or corrupted, so it could not be processed and did not reach

or

The secure message that you sent with the subject of "example" was not successfully delivered to the following recipients

Cause

An email loop occurs when the sender domain is an Email Security.cloud customer and the Policy-Based encryption provider are configured under the same infrastructure. e.g.: EU or US Cluster 8

or

An email loop can also occur when the two customers on the same cluster, e.g.: US Cluster 1

Environment

Email Encryption.cloud

Resolution

Implementation:

  1. Access the ClientNet portal > Services > Data Protection > Email Policies
  2. Open the policy that you want to amend, or choose to create a new policy for Policy-based encryption.
  3. Click Add Rule
    • Name the rule: Inbound IP Exceptions
  4. Under this rule, select ALL conditions are met under Execute If
  5. Select Content Regular Expression List condition from the Add a condition drop-down list
     
  6. Click on Create a new Regular Expression List
    • Name the List: Bypass Symantec IPs
    • Add the following list:

\b216\.82\.(2(4[0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\b

\b67\.219\.(2(4[0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\b

\b85\.158\.(1(3[6-9]|4[0-3]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\b

\b95\.131\.(1(0[4-9]|1[0-1]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\b

\b46\.226\.(4[8-9]|5[0-5])\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\b

\b117\.120\.(1[6-9]|2[0-3])\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\b

\b193\.109\.(2(5[4-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\b

\b194\.106\.(2(2[0-1]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\b

\b195\.245\.(2(3[0-1]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\b

\b103\.9\.(9[6-9])\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\b

  • Select Email contains: a match for none of the regexes in the selected lists
    The condition is satisfied when no match is found in the content for any of the regular expressions in the selected lists.

Condition options:

  • Case sensitive: No
  • Look in: Header
  • Matched text: Log
  1. Select Content Regular Expression List condition from the Add a condition drop-down list
  2. Click on Create a new Regular Expression List
    • If you are using PBE with our PBE - Echoworx Encryption provider
    • Name the List: Bypass Echoworx IPs and  add the following IPs:

\b35\.178\.116\.203\b
\b35\.77\.96\.234\b
\b52\.56\.142\.64\b
\b35\.177\.155\.206\b
\b13\.58\.136\.73\b
\b18\.191\.85\.155\b
\b18\.217\.225\.34\b
\b18\.223\.14\.153\b

    • If you are using PBE with our ZixCorp Encryption provider
    • Name the List: Bypass Zix IPs and  add the following IPs to the list:

\b91\.209\.6\.10\b
\b91\.209\.6\.201\b
\b199\.30\.239\.7\b
\b63\.71\.11\.89\b

  • Select Email contains: a match for none of the regexes in the selected lists
    The condition is satisfied when no match is found in the content for any of the regular expressions in the selected lists.

Condition options:

  • Case sensitive: No
  • Look in: Header
  • Matched text: Log
  1. Save