POST-Content Review-Email Channel

Introduces how to call the interface to perform security reviews on content in the email channel.

Interface Introduction

The Email Channel Content Review interface is used to detect whether the emails sent by users in the email channel violate the enterprise or organization's Data Loss Prevention (DLP) policies and to perform response actions such as allowing or blocking data transmission.

Request method

POST
URL

Interface URL

/skg/v1/dlp/channel/email/<Protocol Type>/<Request Mode>

Request Parameters

Parameter Name Parameter Location Required Description
<Protocol Type> URL Parameter Yes Email protocols supported under the email channel, such as SMTP. The complete list of supported protocols can be obtained through the channel details interface, GET-Get Channel Details.
<Request Mode> URL Parameter Yes Specify the request mode as synchronous or asynchronous.
Body Parameters
Parameter Name Type Applicable Status Description
sender String (Optional) Synchronous and Asynchronous Sender's email address
recipients List (Optional) Synchronous and Asynchronous Recipient email addresses - including To, CC, BCC
queryID String (Required) Synchronous and Asynchronous The event query ID associated with this request, must be unique. If the request does not generate an event, the event details cannot be queried.
Note: The value of queryid corresponds to the traffic UUID in the third-party cloud service.
redaction Dict (Optional) Synchronous and Asynchronous Related to redaction functionality. Whether to enable redaction. For specific redaction settings, please refer to the sendBack parameter. 
 "redaction": {
        "enable": true # Redaction request takes effect when enable is true
  }
sendBack Dict (Optional) Synchronous and Asynchronous Related to redaction functionality. Handling of redacted content.
Note: To use the redaction feature, set the value of the redaction parameter to true.

This field requires an input of a required type attribute, indicating the way the file is returned. The Type attribute supports the following options:

response: Return the redacted content to the current path

httpUpload: Send the redacted content to the specified URL

s3: Upload the redacted content to Amazon S3 storage space

Note: This step also applies to storage in Swift, COS, OSS, etc. For specific related configuration parameters, please refer to the chapter objectinfo Parameters for Reviewing Cloud Service Stored Content in Asynchronous Mode.
  • response: Return the redacted content to the current path. The following is a code example: 
      "sendBack": {
    "type": "response" # Return the redacted content to the current path
  },
  • httpUpload: Send the redacted content to the specified URL. The following is a code example: 
     "sendBack": {
    "type": "httpUpload",
    "url": "http://172.11.11.6/callback " # Send the redacted content to this url
  },
  • S3: Upload the redacted content to cloud storage. The following is a code example applicable to S3: 
     "sendBack": {
        "type": "s3",
        "s3Bucket": "test",
        "s3Region": "", # Upload the redacted file to this location. The value here is the region name when using s3.
# If running on EC2 and using AWS IAM role, the following three items can be omitted, then the following three accessKey, secretKey, endpointUrl can be omitted
        "accessKey": "aws_accessKey",
        "secretKey": "aws_secretKey",
        "endpointUrl": ""
  },
md5 String (Optional) Synchronous and Asynchronous The MD5 value of the file, used for recording and cache acceleration. Supports sending MD5 together with the document for inspection, as well as sending only MD5 for inspection. Example: 
"md5":"09e066b382d4225de3c0594aa89b5fi"
callback_url String (Optional) Asynchronous Only for asynchronous mode, fill in the URL of the callback function
uploadtype String (Required) Asynchronous Only for asynchronous. Supports AWS S3, Alibaba Cloud OSS, Tencent Cloud COS, Swift, as well as local files and download URLs.
  • swift
  • oss
  • cos
  • s3
  • file
  • http
objectInfo

Dict (Optional)

 Asynchronous Only for asynchronous mode and when using object storage. Asynchronous mode supports reviewing objects stored in Amazon S3, Swfit, Alibaba Cloud OSS, Tencent Cloud COS, and other cloud services. For specific setting parameters, refer to the chapter: objectinfo Parameters for Reviewing Cloud Service Stored Content in Asynchronous Mode

Obtaining Authentication Information

Use the following example with cURL to obtain the key information required for authentication.

curl -k https://<Host IP>:<Port>/skg/v1/ws_token

Python Request Example - Local Email File (Synchronous Mode)

The following example shows how to use Python code to call the interface to perform content security review of local email files in synchronous mode.

Note: In the following Python code example, the imported header files ucwi_config and ucwi_auth need to be created beforehand. For detailed reference examples, see Header File Examples.
# -*- coding: utf-8 -*-
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from ucwi_config import UCWIConfig
from ucwi_auth import get_headers
import requests
import json
import os
import uuid

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)


api = "/skg/v1/dlp/channel/email/smtp/sync"
url = "{0}{1}".format(UCWIConfig.base_url, api)
file_path = "test.eml"

metadata = {
    "sender": "skgqa-senduser@skyguard.com.cn",
    "recipients": [
        "cloud-receiveruser@skyguard.com.cn",
        "external-receiveruser@163.com",
    ],
    "queryID": str(uuid.uuid4()),
}

headers = get_headers()
data = {"metadata": json.dumps(metadata)}
fd = open(file_path)
files = {
    "request": fd
}
response = requests.post(url, headers=headers, data=data, files=files, verify=False)
fd.close()

if response.status_code != 200:
    print("Bad request, response code:", response.status_code)
    print(response.text)
else:
    result = response.json()
    # print(json.dumps(result, indent=4).decode('raw_unicode_escape'))
    if result["responseCode"] != 200:
        print("Bad request, response code:", result["responseCode"])
        print(result["message"])
    else:
        hint = "# 1: Allow; 2: Block; 3: Confirm; 4: Delete Attachment; 5: Email Encryption; 6: Email Quarantine; 7: Terminal System Encryption; 8: Email Content Encryption; 9: Terminal Personal Key Encryption"
        print("action:{}    {}".format(result["actionCode"], hint))
        if len(result["incident_info"]) == 0:
            print("not matched.")
        else:
            print("matched policy:")
            for policy in result["incident_info"]["matchedPolicies"]:
                print(json.dumps(policy, indent=2).encode('utf-8').decode('raw_unicode_escape'))

Python Request Example - Local Email File (Asynchronous Mode)

The following example shows how to use Python code to call the interface to perform content security review of local email files in asynchronous mode.

Note: In the following Python code example, the imported header files ucwi_config and ucwi_auth need to be created beforehand. For detailed reference examples, see Header File Examples.
# -*- coding: utf-8 -*-
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from ucwi_config import UCWIConfig
from ucwi_auth import get_headers
import requests
import json
import os
import uuid

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)


api = "/skg/v1/dlp/channel/email/smtp/async"
url = "{0}{1}".format(UCWIConfig.base_url, api)
file_path = "test.eml"

metadata = {
    "sender": "skgqa-senduser@skyguard.com.cn",
    "recipients": [
        "cloud-receiveruser@skyguard.com.cn",
        "external-receiveruser@163.com",
    ],
    "queryID": str(uuid.uuid4()),
    "uploadtype": "file",
    "callback_url": UCWIConfig.callback_url + "/email"
}

headers = get_headers()
data = {"metadata": json.dumps(metadata)}
fd = open(file_path)
files = {
    "request": fd
}
response = requests.post(url, headers=headers, data=data, files=files, verify=False)
fd.close()

if response.status_code != 200:
    print("Bad request, response code:", response.status_code)
    print(response.text)
else:
    result = response.json()
    print(result["message"])

Python Request Example - Files Stored on S3 (Asynchronous Mode)

The following example shows how to use Python code to call the interface to perform content security review of files stored on S3 in asynchronous mode.

Note: In the following Python code example, the imported header files ucwi_config and ucwi_auth need to be created beforehand. For detailed reference examples, see Header File Examples.
# -*- coding: utf-8 -*-
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from ucwi_config import UCWIConfig
from ucwi_auth import get_headers
import requests
import json
import os
import uuid

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)


api = "/skg/v1/dlp/channel/email/smtp/async"
url = "{0}{1}".format(UCWIConfig.base_url, api)
file_path = "test.eml"

metadata = {
    "sender": "skgqa-senduser@skyguard.com.cn",
    "recipients": [
        "cloud-receiveruser@skyguard.com.cn",
        "external-receiveruser@163.com",
    ],
    "queryID": str(uuid.uuid4()),
    "uploadtype": "s3",
    "callback_url": UCWIConfig.callback_url + "/email",
    "objectInfo": {
        "accessKey": "7WDU84VEZPA4OM1I7TEH",
        "secretKey": "70Jsmd1HfovY6aHjEwhNdWeZvIZPjdZH5cjSlOZb",
        "endpointUrl": "http://172.22.110.14:8080 ",
        "s3Bucket": "test-new-bucket",
        "s3Key": "ucwi-test.txt",
    }
}

headers = get_headers()
data = {"metadata": json.dumps(metadata)}
fd = open(file_path)
files = {
    "request": fd
}
response = requests.post(url, headers=headers, data=data, files=files, verify=False)
fd.close()

if response.status_code != 200:
    print("Bad request, response code:", response.status_code)
    print(response.text)
else:
    result = response.json()
    print(result["message"])

cURL Request Example - Files Stored on S3 (Asynchronous Mode)

The following examples are for the S3 upload type:
  • With callback: 
    curl -H "Content-Type: multipart/form-data" -F 'metadata={"uploadtype": "s3", "callback_url": "http://172.22.113.12:9999/post/email ","sender":"hwsh-senduser2@huawei.com",
"recipients":["hwsh-receiveruser2@huaweicom","external-receiveruser2@126.com"],"queryID":"9affdc62-4b2e-11e7-81f7-9ef3ee527981"}' 
-F "request=http://172.22.78.91:8070/test-email/home/test/email/Fwdaaaa.eml " https://172.22.78.107:5443/skg/v1/dlp/channel/email/smtp/async
  • Without callback: 
    curl -H "Content-Type: multipart/form-data" -F 'metadata={"uploadtype": "s3", "sender":"hwsh-senduser2@huawei.com","recipients":["hwsh-receiveruser2@huaweicom","external-receiveruser2@126.com"],
"queryID":"9affdc62-4b2e-11e7-81f7-9ef3ee527981"}' -F "request=http://172.22.78.91:8070/test-email/home/test/email/Fwdaaaa.eml " https://172.22.78.107:5443/skg/v1/dlp/channel/email/smtp/async
The following examples are for the localhost upload type:
  • With callback: 
    curl -H "Content-Type: multipart/form-data" -F 'metadata={"uploadtype": "localhost", "callback_url": "http://172.22.113.12:9999/post/email ","sender":"hwsh-senduser2@huawei.com",
"recipients":["hwsh-receiveruser2@huaweicom","external-receiveruser2@126.com"],"queryID":"9affdc62-4b2e-11e7-81f7-9ef3ee527981"}' 
-F "request=@/home/test/email/Fwdaaaa.eml" https://172.22.78.107:5443/skg/v1/dlp/channel/email/smtp/async
  • Without callback: 
    curl -H "Content-Type: multipart/form-data" -F 'metadata={"uploadtype": "localhost", "sender":"hwsh-senduser2@huawei.com","recipients":["hwsh-receiveruser2@huaweicom","external-receiveruser2@126.com"],
"queryID":"9affdc62-4b2e-11e7-81f7-9ef3ee527981"}' -F "request=@/home/test/email/Fwdaaaa.eml" https://172.22.78.107:5443/skg/v1/dlp/channel/email/smtp/async

Return Parameters

Including the following:

Name Description
result Indicates whether the request was successful. 0 for success, 1 for failure.
actionCode When the request is successful, the user can choose to perform a default action on the content that meets the request conditions. Default actions include 1 - Allow data transfer and 2 - Block data transfer.
errorCode The error code returned when the request fails.
message The error message returned when the request fails.

Example for return code

The Content inspection request returns the following parameters in the results:
Full Name Description
result Whether the request is successful, 0 means success, and 1 means failure.
actionCode When the request is successful, the user can choose a remediation action on the detected content. The default operations include 1-allow data transmission and 2-block data transmission.
errorCode Error code returned when the request failed
message Error Message returned when the request failed

The response to the Content inspection request is as follows.

  • Request successfully
    {
"result" : 0,
"actionCode" : 1/2
}
actionCode: 1 - allow, 2 - block
    Note: If the policy is matched and the violation content is found, the system returns the policy matching information. Refer to The return value for policy match.
  • Request failed
    {
"result" : 1,
"errorCode" : 500,
"message" : "Invalid parameter"
}

EML File Example

The EML example is as follows:

Date: Fri,20 Jan 2017 03:28:09 UTC
From: asmith@skg.com
To: eyee@skg.com
Subject: Normal_Mail
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="Spirent_Avalanche_SMTP"
This is a mime encoded message
--Spirent_Avalanche_SMTP
Content-Type: text/plain
Dear David and Steve,
Good morning.
This is the body of this E-Mail.Aaaaa, aaaaaaa, aaa, aaa, aa, aaaaaaaaaa,
aaaaaaaaaaaaaaaaaaa.
Please contact us at any time.
Best Regards.
Someone
--Spirent_Avalanche_SMTP--

Error code

If calling the API has an error, the following error codes are returned:
Error Code Description
400 Invalid parameter
404 Unknown Error
500 Invalid parameter