Network Implementation Guide › Applying User Policy to NBA Events › Machine Policy Changes

Machine Policy Changes

On the CMS, you also need to edit various machine policy settings in the Policy Engine folder. These settings determine how policy engines assign imported e‑mails and files to CA DLP user accounts.

We recommend that you make these changes in the common gateway policy to ensure that each policy engine inherits these policy changes. The machine policy settings that you need to edit are summarized below. Full details for configuring policy engines are in the Deployment guide; search the index for ‘policy engines; configuring’.

Unknown Internal Sender

This setting specifies the name of a CA DLP user. It defaults to UnknownInternalSender; this user account is created automatically when you install a new CMS.

Policy engines use this setting to apply policy to e‑mails sent from someone within your organization. The policy engine applies the Unknown Internal Sender’s policy if the sender’s address matches an address pattern listed in the Internal E‑mail Address Pattern setting (see below) but no corresponding user exists.

Important! If you specify a different account, this must be a user account, not a group account. Restart the policy engine for the changes to take effect.

External Sender

This setting specifies the name of a CA DLP user. It defaults to ExternalSender; this user account is created automatically when you install a new CMS.

Policy engines use this setting to apply policy to external emails (that is, emails sent from someone outside your organization) or outbound Webmails sent from an unrecognized address (such as mysteryman@hotmail.com). The policy engine applies the External Sender’s policy if the sender’s address does not match an address pattern listed in the Internal E‑mail Address Pattern setting (see below).

Important! If you specify a different account, this must be a user account, not a group account. Restart the policy engine for the changes to take effect.

Internal E-mail Address Pattern

This setting specifies a semi-colon separated list of full or partial email addresses. The policy engine uses this setting to determine which policy to apply. When the policy engine processes an email:

• If the sender’s e‑mail address matches this address pattern and the address is stored in the CMS database, the policy engine applies the sender’s CA DLP policy to the email.
• If the sender’s e‑mail address matches this address pattern but the address is not in the CMS database, the policy engine applies the policy associated with the Unknown Internal User—see above.
• If the sender’s e‑mail address does not match this address pattern, the policy engine simply applies the policy associated with the External User—see above.

Default Policy for Files

This setting specifies the name of a CA DLP user. A policy engine will apply this user's policy to scanned, captured or imported files if no other means are available to determine the policy participant.

For example, if an Import Policy job or FSA scanning job omits to specify the policy participant, or if the specified user account does not exist, the policy engine applies the Default Policy for Files to the imported or scanned files.