Create DLP Gateway exception mail flow rule(s) in Exchange On premise

Introduction

This page covers configuration of additional mail flow rules in Exchange On premise which will exclude email traffic from being routed to Zivver DLP Gateway.

This is required for emails that originate from the Zivver Platform. These should not be rerouted to the Zivver Platform, but delivered within the Exchange. Without excluding these emails, they would go into a loop and result in a bounce.

Getting started

  1. Go to the Exchange Administrative Center (EAC).
  2. Log into EAC as an administrator.
  3. Click on mail flow in the menu on the left.
  4. Click on rules.
  5. Click on the add icon.
  6. Click on Create a new rule….
  7. Enter a name. For example: Exclude X-Zivver-Transport from DLP Gateway.
  8. On the bottom of the page, click on More options….

Set mail flow rule conditions

  1. Under * Apply this rule if… select The message header… and then matches these text patterns.
  2. Click the *Enter text… field.
  3. Set the message header to X-Zivver-Transport.
  4. Click OK.
  5. Click the *Enter text patterns… field.
  6. Enter the value ..*. (that is 2 dots, 1 asterisk/wildcard, 1 dot).
  7. Click the add icon.
  8. Click OK.

Set mail flow rule actions

  1. Under * Do the following… select Modify the message properties… and then set a message header.
  2. Click the first * Enter text… field.
  3. Set the message header to skip-zivver-relay.
  4. Click OK.
  5. Click the second * Enter text… field.
  6. Set the value to true.
  7. Click OK.

Set rule settings

  1. Leave the Audit this rule with severity level on the default setting of Not specified.
  2. Leave the Choose a mode for this rule on the default setting of Enforce.
  3. Optional: Enable Activate this rule on the following date and select a date and time, if you want this mail flow rule be automatically activated from a specific date and time.
  4. Leave Deactivate this rule on the following date disabled.
  5. Leave the option Stop processing more rules disabled.
  6. Leave the option Defer the message if rule processing doesn’t complete disabled.
  7. Leave Match sender address in message to the default setting of Header.
  8. Leave the Comments section blank, unless otherwise desired.
  9. When you are satisfied that the mail flow rule is configured correctly, click Save.

Set the priority

  1. Ensure the mail flow rule has a higher priority than the primary DLP Gateway mail flow rule configured in Part 1.

Repeat steps for X-Zivver-DLP header

If your organization also uses a Zivver client integration (such as Zivver for Outlook, or Zivver for Gmail), this additional exception is strongly advised for emails that have been scanned by a Zivver client integration and for which the user decided not to activate Zivver. These can be excluded from being routed to DLP Gateway, because DLP Gateway may end up overruling the user’s decision, causing unwanted and unexpected behavior.

  1. Repeat all steps in above, substituting the X-Zivver-Transport header with the X-Zivver-DLP header wherever it occurs.

Next step

Go back to Setup DLP Gateway and continue with Part 3.