Data Loss Prevention Prevent email protection 'bounce back' action attaches an HTML file that contains incident details

Technical Articles ID: KB96095
Last Modified: 2022-11-04 12:42:10 Etc/GMT

Environment

Data Loss Prevention (DLP) Prevent 11.6.x and later

Problem

An HTML file attachment with incident details gets added to the bounced back email. The HTML file is added when an email protection rule is configured for DLP Prevent with bounce back action.

NOTE: Customers can manually disable this behavior of an HTML file attachment that gets added. For details, see the Solution below.

Sample Bounced Back Email with HTML file

Sample Bounced Back Email with HTML file

Cause

This behavior is by design.

Solution

Follow the steps below if you do not want to send the HTML file with incident details:

On the appliance, open the /config/wsxmlconf/Native/smtp-config.xml file.
Search for AttachAdditionalDetailsToBounce in the XML file.

<SmtpPMPPolicySettings RefSettings="SCM:1" root="1"> <ScmSettings AddIPReceivedHeader="1" AddReceivedHeader="1" AttachAdditionalDetailsToBounce="1" AttemptNextConnection="1" DLPBounceSubjectPrefix="" DumpInputMail="0" DumpOutputMail="0" MaxNumberARecordLookups="100" MaxNumberMXLookups="100" MinDeferredFileSpace="5" MinDeferredMBSize="1000" MinDeferredPercentageSize="15" PermFailIsTempFail="0" ResetClientConnectionOnClose="0" ResetClientConnectionOnHeaderError="0" SendPort="25" SendPortForAuth="587" WelcomeMessage=""/> </SmtpPMPPolicySettings>
If AttachAdditionalDetailsToBounce="1" then change it to "0".

<SmtpPMPPolicySettings RefSettings="SCM:1" root="1"> <ScmSettings AddIPReceivedHeader="1" AddReceivedHeader="1" AttachAdditionalDetailsToBounce="0" AttemptNextConnection="1" DLPBounceSubjectPrefix="" DumpInputMail="0" DumpOutputMail="0" MaxNumberARecordLookups="100" MaxNumberMXLookups="100" MinDeferredFileSpace="5" MinDeferredMBSize="1000" MinDeferredPercentageSize="15" PermFailIsTempFail="0" ResetClientConnectionOnClose="0" ResetClientConnectionOnHeaderError="0" SendPort="25" SendPortForAuth="587" WelcomeMessage=""/> </SmtpPMPPolicySettings>
To restart the proxy, execute the following command:

scm update-xmlconf
Retest the rule to confirm that the HTML file isn’t returned to the user.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Data Loss Prevention Prevent email protection 'bounce back' action attaches an HTML file that contains incident details

Environment

Problem

Cause

Solution

Affected Products

Languages:

Title

Title

Knowledge Center

Data Loss Prevention Prevent email protection 'bounce back' action attaches an HTML file that contains incident details

Environment

Problem

Cause

Solution

Affected Products

Languages:

Choose your region

Title

Title