I am a Zivver admin
Configure and manage Zivver
Create DLP Gateway exception mail flow rule(s) in Exchange On premise
Introduction
This page covers the configuration of additional mail flow rules in Exchange On-premises that will exclude certain email traffic from being routed to the Zivver DLP Gateway.
This is required for emails originating from the Zivver Platform. These emails should not be rerouted to the Zivver Platform, but delivered within Exchange. Without excluding these emails, they could loop and result in a bounce.
Getting started
- Go to the Exchange Admin Center (EAC).
- Log in to the EAC as an administrator.
- Click on Mail flow in the menu on the left.
- Click on Rules.
- Click on the add icon.
- Click on Create a new rule....
- Enter
Zivver: Detect processed messages
as the name. - At the bottom of the page, click on More options....
Set mail flow rule conditions
- Under *Apply this rule if..., select The message headers ... and then matches these text patterns.
- Click the *Enter text... field.
- Set the message header to
X-Zivver-Transport
. - Click .
- Click the *Enter text patterns... field.
- Enter the value
..*.
(that is 2 dots, 1 asterisk/wildcard, 1 dot). - Click the add icon.
- Click .
Set mail flow rule actions
- Under *Do the following..., select Modify the message properties... and then set a message header.
- Click the first *Enter text... field.
- Set the message header to
skip-zivver-relay
. - Click .
- Click the second *Enter text... field.
- Set the value to
true
. - Click .
Set rule settings
- Leave the Audit this rule with severity level on the default setting of Not specified.
- Leave the Choose a mode for this rule on the default setting of Enforce.
- Optional: Enable Activate this rule on the following date and select a date and time if you want this mail flow rule to be automatically activated from a specific date and time.
- Leave Deactivate this rule on the following date disabled.
- Leave the option Stop processing more rules disabled.
- Leave the option Defer the message if rule processing doesn’t complete disabled.
- Leave Match sender address in message: on the default setting of [i18n] header.
- Enter the following text in the Comments section:
Exclude messages that have been processed and sent by the Zivver Platform to avoid mail looping.
- When you are satisfied that the mail flow rule is configured correctly, click .
Set the priority
- Ensure the mail flow rule has a higher priority than the primary DLP Gateway mail flow rule configured in Part 1.
Repeat steps for X-Zivver-DLP header
If your organization also uses a Zivver client integration (such as Zivver for Outlook or Zivver for Gmail), applying this additional exception is strongly advised for emails that have been scanned by a Zivver client integration and for which the user has decided not to activate Zivver. These emails can be excluded from being routed to the DLP Gateway, because the DLP Gateway might otherwise override the user’s decision, causing unwanted and unexpected behavior.
- Repeat all steps above with the following changes:
- Name the rule
Zivver: Detect messages scanned by client integration
. - Substitute the X-Zivver-Transport header with the X-Zivver-DLP header wherever it occurs.
- Include an exception with the following steps:
- Under Except if..., click the button.
- Select The subject or body... and then subject matches these text patterns.
- Enter
(?i)\[secure\]
in the input field. - Click on the add icon.
- Click .
- Enter the following text in the Comments section:
Exclude messages that have already been scanned by a Zivver client integration to avoid DLP Gateway overruling user decisions or making a suggestion that was already provided while the message was composed.
Next step
Go back to Setup DLP Gateway and continue with Part 3.