POST-内容审查-邮件通道
介绍如何调用接口对邮件通道中的内容进行进行安全审查。
接口介绍
邮件通道内容审查接口用于检测在邮件通道中,用户发送的邮件是否违反企业或组织的数据防泄漏DLP策略,并执行允许数据传输,或阻断数据传输等响应动作。
请求方式
POST
接口地址
/skg/v1/dlp/channel/email/<协议类型>/<请求模式>请求参数
| 参数名称 | 参数位置 | 是否必须 | 描述 |
|---|---|---|---|
| <协议类型> | URL参数 | 是 | 邮件通道下支持的邮件协议,如SMTP。完整的协议支持列表,可以通过获取通道详情接口取得,GET-获取通道详情。 |
| <请求模式> | URL参数 | 是 | 指定请求模式为同步或异步。 |
| 参数名 | 类型 | 适用状态 | 说明 |
|---|---|---|---|
| sender | String(可选) | 同步和异步 | 发件人邮箱 |
| recipients | List(可选) | 同步和异步 | 收件人邮箱 - 包括To,cc,bcc |
| queryID | String(必选) | 同步和异步 | 与此请求关联的事件查询ID,保持唯一。若请求无事件生成则无法查询到事件详情。 注: queryid的值对应于第三方云服务中的流量UUID。 |
| redaction | Dict(可选) | 同步和异步 | 脱敏后内容的处理。
|
| md5 | String(可选) | 同步和异步 | 文件MD5值,用于记录和缓存加速。支持MD5和文档一同送检,也支持仅送检MD5。示例如下: |
| callback_url | String(可选) | 异步 | 只限于异步模式填写回调函数的url |
| uploadtype | String(必选) | 异步 | 只限于异步。支持AWS S3、阿里云OSS、腾讯云COS、Swift等云存储,以及本地文件和下载URL。
|
| objectInfo |
Dict(可选) |
异步 | 只限于异步模式并使用对象存储时使用。异步模式支持审查存储在亚马逊S3、Swfit、阿里云OSS、腾讯云COS等云服务的对象存储。具体设置参数,参阅章节:异步模式下审查云服务存储内容的objectinfo参数 |
Python请求示例 - 本地邮件文件(同步模式)
以下示例为使用Python代码调用接口,以在同步模式下,对本地邮件文件进行内容安全审查。
# -*- coding: utf-8 -*- from requests.packages.urllib3.exceptions import InsecureRequestWarning from ucwi_config import UCWIConfig from ucwi_auth import get_headers import requests import json import os import uuid requests.packages.urllib3.disable_warnings(InsecureRequestWarning) api = "/skg/v1/dlp/channel/email/smtp/sync" url = "{0}{1}".format(UCWIConfig.base_url, api) file_path = "test.eml" metadata = { "sender": "skgqa-senduser@skyguard.com.cn", "recipients": [ "cloud-receiveruser@skyguard.com.cn", "external-receiveruser@163.com", ], "queryID": str(uuid.uuid4()), } headers = get_headers() data = {"metadata": json.dumps(metadata)} fd = open(file_path) files = { "request": fd } response = requests.post(url, headers=headers, data=data, files=files, verify=False) fd.close() if response.status_code != 200: print("Bad request, response code:", response.status_code) print(response.text) else: result = response.json() # print(json.dumps(result, indent=4).decode('raw_unicode_escape')) if result["responseCode"] != 200: print("Bad request, response code:", result["responseCode"]) print(result["message"]) else: hint = "# 1:允许; 2:阻断;3:确认;4:删除附件;5:邮件加密;6:邮件隔离;7:终端系统加密;8:邮件内容加密;9:终端个人密钥加密" print("action:{} {}".format(result["actionCode"], hint)) if len(result["incident_info"]) == 0: print("not matched.") else: print("matched policy:") for policy in result["incident_info"]["matchedPolicies"]: print(json.dumps(policy, indent=2).encode('utf-8').decode('raw_unicode_escape'))
Python请求示例 - 本地邮件文件 (异步模式)
以下示例为使用Python代码调用接口,以在异步模式下,对本地邮件文件进行内容安全审查。
# -*- coding: utf-8 -*- from requests.packages.urllib3.exceptions import InsecureRequestWarning from ucwi_config import UCWIConfig from ucwi_auth import get_headers import requests import json import os import uuid requests.packages.urllib3.disable_warnings(InsecureRequestWarning) api = "/skg/v1/dlp/channel/email/smtp/async" url = "{0}{1}".format(UCWIConfig.base_url, api) file_path = "test.eml" metadata = { "sender": "skgqa-senduser@skyguard.com.cn", "recipients": [ "cloud-receiveruser@skyguard.com.cn", "external-receiveruser@163.com", ], "queryID": str(uuid.uuid4()), "uploadtype": "file", "callback_url": UCWIConfig.callback_url + "/email" } headers = get_headers() data = {"metadata": json.dumps(metadata)} fd = open(file_path) files = { "request": fd } response = requests.post(url, headers=headers, data=data, files=files, verify=False) fd.close() if response.status_code != 200: print("Bad request, response code:", response.status_code) print(response.text) else: result = response.json() print(result["message"])
Python请求示例 - S3上存储的文件(异步模式)
以下示例为使用Python代码调用接口,以在异步模式下,对存储在S3上的文件进行内容安全审查。
# -*- coding: utf-8 -*- from requests.packages.urllib3.exceptions import InsecureRequestWarning from ucwi_config import UCWIConfig from ucwi_auth import get_headers import requests import json import os import uuid requests.packages.urllib3.disable_warnings(InsecureRequestWarning) api = "/skg/v1/dlp/channel/email/smtp/async" url = "{0}{1}".format(UCWIConfig.base_url, api) file_path = "test.eml" metadata = { "sender": "skgqa-senduser@skyguard.com.cn", "recipients": [ "cloud-receiveruser@skyguard.com.cn", "external-receiveruser@163.com", ], "queryID": str(uuid.uuid4()), "uploadtype": "s3", "callback_url": UCWIConfig.callback_url + "/email", "objectInfo": { "accessKey": "7WDU84VEZPA4OM1I7TEH", "secretKey": "70Jsmd1HfovY6aHjEwhNdWeZvIZPjdZH5cjSlOZb", "endpointUrl": "http://172.22.110.14:8080", "s3Bucket": "test-new-bucket", "s3Key": "ucwi-test.txt", } } headers = get_headers() data = {"metadata": json.dumps(metadata)} fd = open(file_path) files = { "request": fd } response = requests.post(url, headers=headers, data=data, files=files, verify=False) fd.close() if response.status_code != 200: print("Bad request, response code:", response.status_code) print(response.text) else: result = response.json() print(result["message"])
cURL请求示例 - S3上存储的文件 (异步模式)
以下示例适用于上传类型为S3的情况:
- 带callback:
curl -H "Content-Type: multipart/form-data" -F 'metadata={"uploadtype": "s3", "callback_url": "http://172.22.113.12:9999/post/email","sender":"hwsh-senduser2@huawei.com", "recipients":["hwsh-receiveruser2@huaweicom","external-receiveruser2@126.com"],"queryID":"9affdc62-4b2e-11e7-81f7-9ef3ee527981"}' -F "request=http://172.22.78.91:8070/test-email/home/test/email/Fwdaaaa.eml" https://172.22.78.107:5443/skg/v1/dlp/channel/email/smtp/async
- 不带callback:
curl -H "Content-Type: multipart/form-data" -F 'metadata={"uploadtype": "s3", "sender":"hwsh-senduser2@huawei.com","recipients":["hwsh-receiveruser2@huaweicom","external-receiveruser2@126.com"], "queryID":"9affdc62-4b2e-11e7-81f7-9ef3ee527981"}' -F "request=http://172.22.78.91:8070/test-email/home/test/email/Fwdaaaa.eml" https://172.22.78.107:5443/skg/v1/dlp/channel/email/smtp/async
以下示例适用于上传类型为localhost的情况:
- 带callback:
curl -H "Content-Type: multipart/form-data" -F 'metadata={"uploadtype": "localhost", "callback_url": "http://172.22.113.12:9999/post/email","sender":"hwsh-senduser2@huawei.com", "recipients":["hwsh-receiveruser2@huaweicom","external-receiveruser2@126.com"],"queryID":"9affdc62-4b2e-11e7-81f7-9ef3ee527981"}' -F "request=@/home/test/email/Fwdaaaa.eml" https://172.22.78.107:5443/skg/v1/dlp/channel/email/smtp/async
- 不带callback:
curl -H "Content-Type: multipart/form-data" -F 'metadata={"uploadtype": "localhost", "sender":"hwsh-senduser2@huawei.com","recipients":["hwsh-receiveruser2@huaweicom","external-receiveruser2@126.com"], "queryID":"9affdc62-4b2e-11e7-81f7-9ef3ee527981"}' -F "request=@/home/test/email/Fwdaaaa.eml" https://172.22.78.107:5443/skg/v1/dlp/channel/email/smtp/async
返回参数
内容审查请求返回结果中包含以下参数:
| 名称 | 描述 |
|---|---|
| result | 请求是否成功,成功为0,失败为1 |
| actionCode | 请求成功时,用户可选择对符合请求条件的内容进行默认操作,默认操作包括1-允许数据传输和2-阻断数据传输 |
| errorCode | 请求失败时返回的错误代码 |
| message | 请求失败时返回的错误消息 |
返回示例
内容审查请求的回复如下。
- 请求成功:
{ "result" : 0, "actionCode" : 1/2 } actionCode: 1 - allow, 2 - block注: 若匹配策略,发现违规内容,系统还将返回策略匹配信息,具体请参照送检策略匹配返回值定义 - 请求失败:
{ "result" : 1, "errorCode" : 500, "message" : "Invalid parameter" }
EML文件示例
EML例子如下:
Date: Fri,20 Jan 2017 03:28:09 UTC From: asmith@skg.com To: eyee@skg.com Subject: Normal_Mail Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Spirent_Avalanche_SMTP" This is a mime encoded message --Spirent_Avalanche_SMTP Content-Type: text/plain Dear David and Steve, Good morning. This is the body of this E-Mail.Aaaaa, aaaaaaa, aaa, aaa, aa, aaaaaaaaaa, aaaaaaaaaaaaaaaaaaa. Please contact us at any time. Best Regards. Someone --Spirent_Avalanche_SMTP--
错误代码
若调用出现错误,将返回以下错误代码:
| 错误码 | 描述 |
|---|---|
| 400 | 无效参数 |
| 404 | 未知错误,例如请求了未触发的事件等。 |
| 500 | 无效参数 |