Hi DLP 14.5 installed as Single Tier configuration with inline SMTP monitor and REFLECT configured.
EU_UK Solutions pack installed National Insurance number (wide detection) configured and added to Test_Group Policy (and active)
MTA configured to send all emails to Network Prevent server and listening on 10026 for returned email.
When I send an email that should violate the policy, the following appears in the SMTP logs on the Network Prevent Server. 08/Oct/16:22:08:29:275+0100 [INFO] (SMTP_CONNECTION.1201) Connection accepted (tid=31 cid=be00639d-b034-4a2d-be22-8f1e13824d9d local=y.y.y.y:10025 remote=x.x.x.x:49552)
08/Oct/16:22:08:29:278+0100 [INFO] (SMTP_CONNECTION.1203) Forward connection established (tid=31 cid=23b83abc-f970-4982-b8a7-92e7f7e41285 local=y.y.y.y:3605 remote=x.x.x.x:10026)
08/Oct/16:22:08:29:281+0100 [INFO] (SMTP_CONNECTION.1204) Forward connection closed (tid=31 cid=23b83abc-f970-4982-b8a7-92e7f7e41285 local=y.y.y.y:3605 remote=x.x.x.x:10026)
08/Oct/16:22:08:29:282+0100 [INFO] (SMTP_CONNECTION.1205) Service connection closed (tid=31 cid=be00639d-b034-4a2d-be22-8f1e13824d9d local=y.y.y.y:10025 remote=x.x.x.x:49552 messages=0 time=0.01s)
So it seems to at least be accepting and reflecting the emails, however I get no incidents generated. I guess i am missing something simple. What further fault finding can I do. Is there somewhere to check the result of the email scan?
Thanks