Create DLP Gateway exception mail flow rule(s) in Exchange Online

Introduction

This page covers the configuration of additional mail flow rules in Exchange Online to exclude certain email traffic from being routed to the Zivver DLP Gateway.

This is required for emails originating from the Zivver Platform. These should not be rerouted to the Zivver Platform, but delivered within Exchange. Without excluding these emails, they could enter a loop and result in a bounce.

Getting started

  1. Go to the Exchange Admin Center.
  2. Click on mail_outline Mail flow in the menu on the left.
  3. Click on Rules.
  4. Click on the add Add a rule button.
  5. Click on Create a new rule.
  6. Enter Zivver: Detect processed messages for the name.

Set mail flow rule conditions

  1. Under Apply this rule if * select The message headers….
  2. Under Select one select matches these text patterns.
  3. Click the Enter text field.
  4. Set the message header to X-Zivver-Transport.
  5. Click .
  6. Click the Enter words field.
  7. Set the value to ..*. (that is 2 dots, 1 asterisk/wildcard, 1 dot).
  8. Click .
  9. Click .

Set mail flow rule actions

  1. Under Do the following * select Modify the message properties.
  2. Under Select one select set a message header.
  3. Click the first Enter text field.
  4. Set the message header to skip-zivver-relay.
  5. Click .
  6. Click the second Enter text field.
  7. Set the value to true.
  8. Click .
  9. Click .

Set rule settings

  1. Leave the Rule mode on the default setting of Enforce.
  2. Leave the Severity on the default setting of Not specified.
  3. Optional: Enable Activate this rule on and select a date and time, if you want this mail flow rule be automatically activated from a specific date and time.
  4. Leave Deactivate this rule on disabled.
  5. Leave the option Stop processing more rules disabled.
  6. Leave the option Defer the message if rule processing doesn’t complete disabled.
  7. Leave Match sender address in message to the default setting of Header.
  8. Enter the following text in the Comments section:
Exclude messages that have been processed and sent by the Zivver Platform to avoid mail looping.
  1. Click .

Review and finish

  1. When you are satisfied that the mail flow rule is configured correctly, click .

Set the priority

  1. Ensure the mail flow rule has a higher priority than the primary DLP Gateway mail flow rule configured in Part 1.

Activate the rule

After creating and correctly setting the priority of the rule, it can be enabled. See Enable Primary DLP Gateway mail flow rule in Exchange Online for instructions on activating the rule.

Repeat steps for X-Zivver-DLP header

If your organization also uses a Zivver client integration (such as Zivver for Outlook or Zivver for Gmail), this additional exception is strongly advised for emails that have been scanned by a Zivver client integration and for which the user decided not to activate Zivver. These can be excluded from being routed to the DLP Gateway, because the DLP Gateway may end up overruling the user’s decision, causing unwanted and unexpected behavior.

  1. Repeat all steps above with the following changes:
  2. Name the rule Zivver: Detect messages scanned by client integration.
  3. Substitute the X-Zivver-Transport header with the X-Zivver-DLP header wherever it occurs.
  4. Include an exception with the following steps:
    1. Under Except if, select The subject or body.
    2. Under Select one, select subject matches these text patterns.
    3. Enter (?i)\[secure\] in the input field.
    4. Click .
    5. Click .
  5. Enter the following text in the Comments section:
Exclude messages that have already been scanned by a Zivver client integration to avoid DLP Gateway overruling user decisions or making a suggestion that was already provided while the message was composed.

Next step

Go back to Setup DLP Gateway and continue with Part 3.