Types of Policy Rules
There can be two types of Policy Rules, LDAP Rules or rules based on regular expressions. The latter is more commonly used and is the default for new policy rules.
Policy rules based on regular expressions
Policy rules of this kind can be configured to either match to
- Email addresses, i.e. 'John.Doe@cryptshare.com', 'Jane.Doe@befine-solutions.com'
- Email domains, i.e. 'cryptshare.com', 'befine-solutions.com'
- Regular expressions, i.e '.*?@cryptshare\.com'
In each rule, you can define one or multiple patterns of this kind.
Using multiple patterns in a rule, it is possible to grant access to one single user from domain 'A' but also grant it to all users from domain 'B'. For instance, allow it to 'John.Doe@cryptshare.com' and to all users in 'befine-solutions.com'.
With regular expressions, a rule can be made even more precise. For example, you could easily exclude certain recipients from a domain. The regular expression '^(?!jane\.doe@cryptshare\.com)(.*?@cryptshare\.com)' would exclude Jane from 'cryptshare.com' while including all others in 'cryptshare.com'.
Policy Rule based on regular expressions
For being able to setup these rules, it first is necessary to set up the LDAP Server. Once this has been done an LDAP based rule can be created. For this, a custom policy rule needs to be used, as default rules are always based on regular expressions. Once the rule is listed with all the others it can also be edited using the edit mode.
Instead of defining a set of regular expressions, this rule allows selecting certain users or groups from your LDAP directory. In LDAP settings you can define which attributes in your LDAP directory contain email addresses. Cryptshare will match the email address inputs with the contents of the attributes defined here.
When using Microsoft Active Directory
When the configured LDAP Server is of type Microsoft Active Directory, inactive users are automatically excluded during policy rule processing and cannot be used.
LDAP based Policy Rule
Rules using Network Patterns
For the sender pattern of a policy rule there is an additional way to restrict the possible list of senders: Network-based patterns.
By specifying a network pattern using the CIDR notation it is possible to restrict the access of a sender to certain hosts or network sections.
Default Rule Set
A default rule set consists of two separate policy rules. The combination of these two rules guarantees three things:
- Internal users can send transfers to anyone, including external users.
- External users can send transfers to anyone inside the licensed domains.
- No external user can abuse the system for sending transfers to other external users.
Creating Policy Rules
Cryptshare offers 4 possibilities for creating policy rules.
New Policy Rules are created using the servers default settings. If the default server setting is changed, this will NOT affect existing Policy Rules.
Default Settings of Policy Rules
If you want to apply changed server settings to existing rules, this can be done by using the reset-function in the policy section. Please note that this will reset all existing rules!
Each policy rule can be set up using an individual setting for the retention period and the maximum transfer size. The settings in this rule supersede the .
Message Content Settings
Each policy rule can be set up using an individual setting for a variety of messaging and message content settings. The settings in this rule supersede the general server settings.
Each policy rule can be set up using individual download security settings. The settings in this rule supersede the general server settings.
Mail Server Settings
Each policy rule can be set up using individual mail server settings. The settings in this rule supersede the general server settings.
Each policy rule can be set up using individual log settings. The settings in this rule supersede the general server settings.
Each policy rule can be set up using individual pre-processing settings. This settings in this rule supersede the general server settings.