Unable to send mail from newly configured CDS for Email
search cancel

Unable to send mail from newly configured CDS for Email

book

Article ID: 265860

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email

Issue/Introduction

You have the Cloud Managed DLP option with a Cloud Email Detector in Forwarding mode.

Your Transport Rules appear to have been setup as per documentation but no mails are being sent through the service.

Environment

Release : 16.0

Cause

Microsoft's UI for M365 Exchange Admin Center (i.e., for O365) may have changed since Broadcom's documentation about setting up DLP Cloud Service for Email. Some details are updated in this article to provide clarity.

Resolution

In the section for Transport Rule, our documentation for Configuring Microsoft 365 to use Symantec Email Security.cloud for email delivery (Forwarding mode) (broadcom.com) states the following for the recipient:

3. In the *Apply this rule if field, select The recipient is located .... Then select Outside the organization in the select recipient location field and click OK.

However, the Apply this rule if option now has 2 drop downs.

When choosing "is external/internal" a fly-out menu opens from the right, with the default setting of "Inside the organization". Change this to "Outside the organization" and click Save.

The choice now reads: The recipient is located 'NotInOrganization

 

Note that the documentation for Reflecting mode: Configuring Microsoft 365 to use Microsoft 365 for email delivery (Reflecting mode) (broadcom.com) does not contain the details above about setting a recipient

That step is still required.

 

The sender option is also changed. Our documentation for Configuring Microsoft 365 to use Symantec Email Security.cloud for email delivery (Forwarding mode) (broadcom.com) states the following for the sender

5. In the Apply this rule if field, select The Sender is, then select one or multiple users or user groups.

However, the Apply this rule if option also has 2 drop downs.

Do not choose "is a member of this group" in the second menu. Instead, choose "is this person":

This instruction is given more clearly in another page in our Help Center: Detecting emails from a subset of Microsoft 365 Exchange Online users (broadcom.com).

 

In the section for the Transport Rule exception, documentation:

Click add exception and choose IP address is in any of these ranges or exactly matches.
In the specify IP address ranges dialog, enter an IPv4 address or range.
To avoid loops for cloud detectors in the US data center and the EU data center, when prompted, add this DLP Cloud Service IP block: 144.49.0.0/16.

But the M365 wizard is slightly different - simply (again) select "The sender" and then use the second drop down to choose the IP address option:

A new fly-out window opens to enter, and save, the IP range as above.

Additional Information

In at least one case, choosing the sender option "is a member of this group" meant that emails would be sent, but would not go through the DLP Cloud Service (presumably via MX Record instead).

Powered by Wolken Software