Configuring an Attachment Protection Bypass Policy

Document created by user.oxriBaJeN4 Employee on Sep 7, 2015Last modified by user.oxriBaJeN4 Employee on Feb 13, 2017
Version 3Show Document
  • View in full screen mode

You may want to exclude specific senders or recipients from Targeted Treat Protection - Attachment Protect. For example, where it is enabled for messages sent from everyone to all internal recipients, but you want a specific team to be exempt. This is achieved by creating an Attachment Protection Bypass policy.


To configure an Attachment Protection Bypass policy:

  1. Log in to the Administration Console.
  2. Click on the Services toolbar button. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item.
  4. Click on the Attachment Protection Bypass item. This displays a list of existing bypass policies.
  5. Click on the New Policy button.
  6. Complete the Options section as follows:

    Field / OptionDescription
    Policy NarrativeProvide a description of the bypass policy to enable you to identify it. This is kept with in the archive with the email.
    Select Option

    From the drop down select whether to:

    - Take no action

    - Disable Attachment Protection

  7. Complete the Emails From and Emails To sections as follows:

    Field / OptionDescription
    Addresses Based On

    Specifies the email address characteristics that the policy is based on. The options are:

    - The Return Address (Mail Envelope From): This default setting applies the bypass policy to the SMTP address match, based on the email's envelope or true address (i.e. the address used during SMTP transmission).

    - The Message From Address (Message Header From): Applies the bypass policy based on the masked address used in the message's header.

    This option is only available in the Emails From section

    Applies From / To

    Specifies the Sender characteristics that the policy is based on. For multiple bypass policies, you should apply them from the most to least specific. The options are:

    - Everyone: Includes all email users (i.e. both internal and external). This option is only available in the Emails From section.

    - Internal Address: Includes only internal organization addresses.

    - External Address: Includes only external organization addresses. This option is only available in the Emails From section.

    - Email Domain: Enables you to specify a domain name to which this bypass policy is applied. The domain name is entered in the Specifically field.

    - Address Groups: Enables you to specify a pre-defined AD or Local Group. The group is selected from the Profile Group field below using the Lookup button.

    - Address Attributes: Enables you to specify a pre-defined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.

    - Individual Email Address: Enables you to specify an SMTP address. The email address is entered in the Specifically field.

  8. Complete the Validity section as required:

    Field / OptionDescription
    Set Policy as PerpetualSpecifies that the policy's start and end dates are set to Eternal. The result is the policy never expires.
    Date RangeYou can turn off the Set Policy as Perpetual option, and specify a start and end date for the policy. Deselect the Eternal option and select the required dates.
    Policy OverrideSelect this option to override the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type have also been configured with an override.
    Bi-DirectionalUse this setting if you want the policy to also apply when the policy's recipient is the sender and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the email data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Select Save and Exit. The policy is created.

It can take up to ten minutes for the bypass policy to be applied after selecting Save.