search cancel

DLP Quarantine plugin remediation is failing to remediate messages in Messaging Gateway

book

Article ID: 214146

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

When attempting to remediate quarantine incidents in Messaging Gateway(SMG) using the DLP Flexresponse pluging, remediation fails in DLP but no error is generated in SMG and the incident is not remediated:

DLP errors

Date Submitted By Summary
2/8/21 10:02 AM xxxxxx FlexResponse Action Failed
[Email Quarantine Connect Approve Action] failed with message: The remediation request was not successful: Unable to remediate DlpUniqueMessageId 605EDEDC-A433-4618-97EB-C43568275B6F.
2/8/21 10:02 AM xxxxxx

FlexResponse Action Requested
[Email Quarantine Connect Approve Action]

 

Cause

SMG is configured to use DLP "reflect mode" but messages are being delivered through DLP to SMG without first traversing the SMG system.

When SMG DLP Connect is enabled, there is an implied contract that SMG receives the message first before forwarding it to DLP for anaysis. When DLP Connect is configured in SMG but DLP is operating in "forward mode" i.e. DLP receives the message before SMG, a message audit id is not properly assigned to the message when it is received from the DLP server. The lack of an audit ID prevents the Flexresponse quarantine management API from operating as designed.

SMG - DLP operating "modes"

  • Reflect Mode (DLP Connect enabled)
    • Mail flow: Internal server > SMG (outbound) > DLP > SMG (outbound)
    • The message audit id is created and added when SMG first receives the message, not when SMG receives the message from DLP
  • Forward Mode
    • Mail flow: Internal server > DLP > SMG (outbound)
    • The message audit id is created and added when SMG received the message from DLP

 

Environment

Component : DLP Connect

Resolution

If DLP is configured in "Forward mode", i.e receives email traffic before Messaging Gateway, SMG DLP Connect should be disabled to allow the DLP Flexresponse API to operate properly.

To disable the SMG DLP Connect

  1. In the SMG Control Center go to Content > DLP Connect
  2. Uncheck Enable DLP for the outbound Scanner host