DLP's behavior with certificate validation checks on Email Prevent servers
Release : 15.7
Component : Default-Sym
DLP Does validation on the downstream MTA's certificate by default. For certificates on the email prevent server itself, it does not do certificate validation checks. The upstream MTA should be doing those checks on the certificate. At present, there isn't any mechanism in DLP to monitor expired certificates or about to expire certificates.
We can disable the downstream verification check if needed with the setting "RequestProcessor.AllowUnAuthenticatedConnections" found in the Enforce console >> System >> Servers and detectors >> Overview >> [Detection Server] >> Server Settings >> RequestProcessor.AllowUnAuthenticatedConnections