When attempting to remediate quarantine incidents in Messaging Gateway(SMG) using the DLP Flexresponse pluging, remediation fails in DLP but no error is generated in SMG and the incident is not remediated:

DLP errors

Component : DLP Connect

SMG is configured to use DLP "reflect mode" but messages are being delivered through DLP to SMG without first traversing the SMG system.

When SMG DLP Connect is enabled, there is an implied contract that SMG receives the message first before forwarding it to DLP for anaysis. When DLP Connect is configured in SMG but DLP is operating in "forward mode" i.e. DLP receives the message before SMG, a message audit id is not properly assigned to the message when it is received from the DLP server. The lack of an audit ID prevents the Flexresponse quarantine management API from operating as designed.

SMG - DLP operating "modes"

• Reflect Mode (DLP Connect enabled)
  • Mail flow: Internal server > SMG (outbound) > DLP > SMG (outbound)
  • The message audit id is created and added when SMG first receives the message, not when SMG receives the message from DLP
• Forward Mode
  • Mail flow: Internal server > DLP > SMG (outbound)
  • The message audit id is created and added when SMG received the message from DLP

If DLP is configured in "Forward mode", i.e receives email traffic before Messaging Gateway, SMG DLP Connect should be disabled to allow the DLP Flexresponse API to operate properly.

To disable the SMG DLP Connect

1. In the SMG Control Center go to Content > DLP Connect
2. Uncheck Enable DLP for the outbound Scanner host