A Content Filter rule or Compliance policy is configured to look for a specific string of text in an email address and is triggering on more than expected.


Symptoms
A compliance policy is configured as folllows:

Condition
"If text in Envelope recipient contains 1 or more occurences of "[email protected]"
Action
Delete message

Messages destined for other addresses like [email protected] gets deleted as well triggering that exact rule shown in the message audit log and bmserver_log.
No other compliance policy is configured or triggered.

If the desired effect is to block messages intended for a specific recipient, this compliance policy is specified incorrectly. It should state 'matches exactly as opposed to 'contains 1 or more'.

The compliance policy should be reconfigured as follows:

Condition
"If text in Envelope recipient part of the message matches exactly "[email protected]"
Action
Delete message
 

Applies To

Symantec Brightmail Gateway (SBG) 8.x
Symantec Messaging Gateway (SMG) 9.x