CLI Examples
This section includes example CLI scripts that you can use to set up and configure a CipherMail Gateway. They are intended as practical starting points for common tasks and can be adapted to match your environment and automation needs.
Basic setup
In this example the following things will be configured:
Add an internal domain
The MTA is configured
Portal base-URL is set
S/MIME system roots are imported
Gobal encrypt mode is set to ALLOW
# Configure MTA
ciphermail-cli mta config main relay-domains set --relay-domains domain.example.com
ciphermail-cli mta config main myhostname set --my-hostname "ciphermail.domain.example.com"
ciphermail-cli mta config main external-relay-hosts set --relay-hosts 192.168.1.2
ciphermail-cli mta config main internal-relay-hosts set --relay-hosts 192.168.1.3
ciphermail-cli mta config main mynetworks set --my-networks "10.7.7.0/24" "192.168.121.0/24"
# MTA message size limit in bytes
ciphermail-cli mta config main message-size-limit set --message-size-limit 25000000
# Forward email to root
ciphermail-cli mta map set content --name virtual-alias-maps --type hash --content "# forward email to root\\\nroot admin@example.com"
# Restart postfix to make settings are immediately used
ciphermail-cli mta control restart
# Add and configure the internal
ciphermail-cli domain add --domain domain.example.com
ciphermail-cli property domain set --domain domain.example.com --name locality --value "INTERNAL"
# Configure base URL for the portal
ciphermail-cli property global set --name portal-base-url --value "https://ciphermail.domain.example.com"
# Import system roots
ciphermail-cli certificate import system-roots
# Set encrypt mode
ciphermail-cli property global set --name encrypt-mode --value ALLOW
# Configure notifications
ciphermail-cli property global set --name notification-email-enabled --value true
ciphermail-cli property global set --name notification-email-from --value "no-reply@example.com"
ciphermail-cli property global set --name notification-email-recipients --value "alerts@example.com"
ciphermail-cli property global set --name system-email-sender --value "no-reply@example.com"
ciphermail-cli property global set --name system-email-from --value "no-reply@example.com"
Setup Let’s Encrypt
In this example the system is configured to use Let’s Encrypt
Use the ACME protocol to automatically obtain and renew a trusted TLS certificate from Let’s Encrypt. This certificate secures both the Web UI (HTTPS) and the SMTP server (STARTTLS/SMTPS), ensuring encrypted connections and preventing browser or mail client trust warnings. ACME handles validation and renewal in the background, so there is no need for manual certificate management once set up.
Before you begin, make sure the system has a public DNS name that points to the server and that port 80 is reachable from the internet. After configuration, the service will renew the certificate automatically before it expires, keeping your Web UI and email transport protected without downtime.
To request a Let’s Encrypt certificate run the following cli commands:
ciphermail-cli acme get-tos
Read and accept the Let’s Encrypt Terms Of Service by opening the provided link.
Request a Let’s Encrypt certificate for the domains sub1.example.com and sub2.example.com
ciphermail-cli acme set-tos-accepted
ciphermail-cli acme account create-keypair
ciphermail-cli acme account find-or-register
ciphermail-cli acme order new --domains sub1.example.com sub2.example.com
Configure S/MIME sign only
In this example the following things will be configured:
Create a test root and test intermediate certificate
Enable S/MIME sign only
Enable auto request signing certificates
# create CA
thumbprint=$(ciphermail-cli ca create \
--root-common-name "Test Root" --root-email root@example.com --root-days-valid 365 \
--intermediate-common-name "Test CA" --intermediate-days-valid 365 | jq -r '.intermediateCertificate.thumbprint')
# make the CA the default CA
ciphermail-cli property global set --name ca-issuer-thumbprint --value "$thumbprint"
# use local certificate issuer
ciphermail-cli property global set --name ca-default-certificate-request-handler --value "Local"
# enable auto request certificate
ciphermail-cli property global set --name smime-auto-request-certificate --value "true"
# enable S/MIME sign only
ciphermail-cli property global set --name smime-skip-sign-only --value "false"
Webmail Only Setup
In this example the gateway will be configured for Webmail Messenger only.
# Configure MTA
ciphermail-cli mta config main relay-domains set --relay-domains example.com
ciphermail-cli mta config main myhostname set --my-hostname "webmail.example.com"
ciphermail-cli mta config main external-relay-hosts set --relay-hosts 192.168.1.2
ciphermail-cli mta config main internal-relay-hosts set --relay-hosts 192.168.1.3
ciphermail-cli mta config main mynetworks set --my-networks "10.7.7.0/24" "192.168.121.0/24"
# MTA message size limit in bytes
ciphermail-cli mta config main message-size-limit set --message-size-limit 25000000
# Forward email to root
ciphermail-cli mta map set content --name virtual-alias-maps --type hash --content "# forward email to root\\\nroot admin@example.com"
# Restart postfix to make settings are immediately used
ciphermail-cli mta control restart
# Add and configure the internal domain
ciphermail-cli domain add --domain example.com
ciphermail-cli property domain set --domain example.com --name locality --value "INTERNAL"
# Configure base URL for the portal
ciphermail-cli property global set --name portal-base-url --value "https://webmail.example.com"
# Set encrypt mode to MANDATORY
ciphermail-cli property global set --name encrypt-mode --value MANDATORY
# Configure notifications
ciphermail-cli property global set --name notification-email-enabled --value true
ciphermail-cli property global set --name notification-email-from --value "no-reply@example.com"
ciphermail-cli property global set --name notification-email-recipients --value "alerts@example.com"
ciphermail-cli property global set --name system-email-sender --value "no-reply@example.com"
ciphermail-cli property global set --name system-email-from --value "no-reply@example.com"
# Configure Email Footer
ciphermail-cli property global set --name email-footer --value "Some footer"
ciphermail-cli property global set --name email-footer-link --value "https://example.com"
ciphermail-cli property global set --name email-footer-link-title --value "Company link"
# Set portal reply sender
ciphermail-cli property global set --name portal-reply-sender --value "no-reply@example.com"
# Set max size of attachment (in bytes)
ciphermail-cli property global set --name portal-reply-attachments-max-size --value 10000000
# Enable Webmail
ciphermail-cli property global set --name webmail-enabled --value true
# Configure allowed recipients
ciphermail-cli property global set --name webmail-allowed-recipients --value "{\"ok\":[\"example.com\"],\"reject\":[]}"
# Allow new mail to be created
ciphermail-cli property global set --name webmail-is-create-new-mail-allowed --value true
# Enable auto expunge (auto cleanup)
ciphermail-cli property global set --name webmail-auto-expunge-enabled --value true
# Set auto expunge to 30 days
ciphermail-cli property global set --name webmail-auto-expunge-interval --value 30
# Enable read receipt
ciphermail-cli property global set --name webmail-request-read-receipt --value true
PDF OTP Setup
This example configures the gateway to use PDF one-time password (OTP) mode with a subject-based encryption trigger.
# Configure MTA
ciphermail-cli mta config main relay-domains set --relay-domains example.com
ciphermail-cli mta config main myhostname set --my-hostname "webmail.example.com"
ciphermail-cli mta config main external-relay-hosts set --relay-hosts 192.168.1.2
ciphermail-cli mta config main internal-relay-hosts set --relay-hosts 192.168.1.3
ciphermail-cli mta config main mynetworks set --my-networks "10.7.7.0/24" "192.168.121.0/24"
# MTA message size limit in bytes
ciphermail-cli mta config main message-size-limit set --message-size-limit 25000000
# Forward email to root
ciphermail-cli mta map set content --name virtual-alias-maps --type hash --content "# forward email to root\\\nroot admin@example.com"
# Restart postfix to make settings are immediately used
ciphermail-cli mta control restart
# Add and configure the internal domain
ciphermail-cli domain add --domain example.com
ciphermail-cli property domain set --domain example.com --name locality --value "INTERNAL"
# Configure base URL for the portal
ciphermail-cli property global set --name portal-base-url --value "https://gateway.example.com"
# Set encrypt mode to NO_ENCRYPTION to make sure no encryption is done by default unless
# the subjetc contains the encryption trigger
ciphermail-cli property global set --name encrypt-mode --value NO_ENCRYPTION
# Configure notifications
ciphermail-cli property global set --name notification-email-enabled --value true
ciphermail-cli property global set --name notification-email-from --value "no-reply@example.com"
ciphermail-cli property global set --name notification-email-recipients --value "alerts@example.com"
ciphermail-cli property global set --name system-email-sender --value "no-reply@example.com"
ciphermail-cli property global set --name system-email-from --value "no-reply@example.com"
# Configure Email Footer
ciphermail-cli property global set --name email-footer --value "Some footer"
ciphermail-cli property global set --name email-footer-link --value "https://example.com"
ciphermail-cli property global set --name email-footer-link-title --value "Company link"
# Set portal reply sender
ciphermail-cli property global set --name portal-reply-sender --value "no-reply@example.com"
# Enable PDF encryption
ciphermail-cli property global set --name pdf-encryption-enabled --value true
# Enable PDF reply
ciphermail-cli property global set --name pdf-reply-enabled --value true
# Only encrypt if mandatory
ciphermail-cli property global set --name pdf-only-encrypt-if-mandatory --value true
# Enable OTP
ciphermail-cli property global set --name pdf-otp-enabled --value true
# Enable portal auto signup
ciphermail-cli property global set --name pdf-portal-auto-signup --value true
# Encrypt if subject contains "#secure" or "#encrypt"
ciphermail-cli property global set --name trigger-encrypt-subject-regex --value "#secure|#encrypt"
# Enable subject encryption trigger
ciphermail-cli property global set --name trigger-encrypt-subject-regex-enabled --value true
DLP examples
Examples of Data Loss Prevention (DLP) patterns:
DLP rule which quarantines the email is more than 10 email addresses are detected:
ciphermail-cli dlp pattern add \
--name "Too many email addresses" \
--action QUARANTINE \
--delay-evaluation false \
--description "Matches if there are more than threshold email addresses" \
--reg-ex "(?=.{1,64}@)[a-z0-9_-]+(\\\.[a-z0-9_-]+)*@[^-][a-z0-9-]+(\\\.[a-z0-9-]+)*(\\\.[a-z]{2,})" \
--threshold 10
IBAN DLP rules and a group containing all IBAN rules:
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Albania" \
--name "IBAN Albania" \
--action "QUARANTINE" \
--reg-ex "\\\bal(?:\\\s?\\\d){10}(?:\\\s?[a-z0-9]){16}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Tunisia" \
--name "IBAN Tunisia" \
--action "QUARANTINE" \
--reg-ex "\\\btn\\\s?5\\\s?9(?:\\\s?\\\d){20}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Montenegro" \
--name "IBAN Montenegro" \
--action "QUARANTINE" \
--reg-ex "\\\bme(?:\\\s?\\\d){20}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Slovak Republic" \
--name "IBAN Slovak Republic" \
--action "QUARANTINE" \
--reg-ex "\\\bsk(?:\\\s?\\\d){22}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Serbia" \
--name "IBAN Serbia" \
--action "QUARANTINE" \
--reg-ex "\\\brs(?:\\\s?\\\d){20}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Cyprus" \
--name "IBAN Cyprus" \
--action "QUARANTINE" \
--reg-ex "\\\bcy(?:\\\s?\\\d){10}(?:\\\s?[a-z0-9]){16}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for United Kingdom" \
--name "IBAN United Kingdom" \
--action "QUARANTINE" \
--reg-ex "\\\bgb(?:\\\s?\\\d){2}(?:\\\s?[a-z]){4}(?:\\\s?\\\d){14}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Mauritania" \
--name "IBAN Mauritania" \
--action "QUARANTINE" \
--reg-ex "\\\bmr\\\s?1\\\s?3(?:\\\s?\\\d){23}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Ireland" \
--name "IBAN Ireland" \
--action "QUARANTINE" \
--reg-ex "\\\bie(?:\\\s?\\\d){2}(?:\\\s?[a-z]){4}(?:\\\s?\\\d){14}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Bulgaria" \
--name "IBAN Bulgaria" \
--action "QUARANTINE" \
--reg-ex "\\\bbg(?:\\\s?\\\d){2}(?:\\\s?[a-z]){4}(?:\\\s?\\\d){6}(?:\\\s?[a-z0-9]){8}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Belgium" \
--name "IBAN Belgium" \
--action "QUARANTINE" \
--reg-ex "\\\bbe(?:\\\s?\\\d){14}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for The Netherlands" \
--name "IBAN The Netherlands" \
--action "QUARANTINE" \
--reg-ex "\\\bnl(?:\\\s?\\\d){2}(?:\\\s?[a-z]){4}(?:\\\s?\\\d){10}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Macedonia" \
--name "IBAN Macedonia" \
--action "QUARANTINE" \
--reg-ex "\\\bmk(?:\\\s?\\\d){5}(?:\\\s?[a-z0-9]){10}(?:\\\s?\\\d){2}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Gibraltar" \
--name "IBAN Gibraltar" \
--action "QUARANTINE" \
--reg-ex "\\\bgi(?:\\\s?\\\d){2}(?:\\\s?[a-z]){4}(?:\\\s?[a-z0-9]){15}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Finland" \
--name "IBAN Finland" \
--action "QUARANTINE" \
--reg-ex "\\\bfi(?:\\\s?\\\d){16}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Bosnia and Herzegovina" \
--name "IBAN Bosnia and Herzegovina" \
--action "QUARANTINE" \
--reg-ex "\\\bba(?:\\\s?\\\d){18}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Latvia" \
--name "IBAN Latvia" \
--action "QUARANTINE" \
--reg-ex "\\\blv(?:\\\s?\\\d){2}(?:\\\s?[a-z]){4}(?:\\\s?[a-z0-9]){13}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Turkey" \
--name "IBAN Turkey" \
--action "QUARANTINE" \
--reg-ex "\\\btr(?:\\\s?\\\d){7}(?:\\\s?[a-z0-9]){17}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Andorra" \
--name "IBAN Andorra" \
--action "QUARANTINE" \
--reg-ex "\\\bad(?:\\\s?\\\d){10}(?:\\\s?[a-z0-9]){12}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Malta" \
--name "IBAN Malta" \
--action "QUARANTINE" \
--reg-ex "\\\bmt(?:\\\s?\\\d){2}(?:\\\s?[a-z]){4}(?:\\\s?\\\d){5}(?:\\\s?[a-z0-9]){18}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Norway" \
--name "IBAN Norway" \
--action "QUARANTINE" \
--reg-ex "\\\bno(?:\\\s?\\\d){13}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for France" \
--name "IBAN France" \
--action "QUARANTINE" \
--reg-ex "\\\bfr(?:\\\s?\\\d){12}(?:\\\s?[a-z0-9]){11}(?:\\\s?\\\d){2}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Poland" \
--name "IBAN Poland" \
--action "QUARANTINE" \
--reg-ex "\\\bpl(?:\\\s?\\\d){26}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Lebanon" \
--name "IBAN Lebanon" \
--action "QUARANTINE" \
--reg-ex "\\\blb(?:\\\s?\\\d){6}(?:\\\s?[a-z0-9]){20}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Austria" \
--name "IBAN Austria" \
--action "QUARANTINE" \
--reg-ex "\\\bat(?:\\\s?\\\d){18}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Georgia" \
--name "IBAN Georgia" \
--action "QUARANTINE" \
--reg-ex "\\\bge(?:\\\s?\\\d){2}(?:\\\s?[a-z]){2}(?:\\\s?\\\d){16}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for San Marino" \
--name "IBAN San Marino" \
--action "QUARANTINE" \
--reg-ex "\\\bsm(?:\\\s?\\\d){2}(?:\\\s?[a-z]){1}(?:\\\s?\\\d){10}(?:\\\s?[a-z0-9]){12}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Slovenia" \
--name "IBAN Slovenia" \
--action "QUARANTINE" \
--reg-ex "\\\bsi(?:\\\s?\\\d){17}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Denmark" \
--name "IBAN Denmark" \
--action "QUARANTINE" \
--reg-ex "\\\b(dk|fo|gl)(?:\\\s?\\\d){16}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Estonia" \
--name "IBAN Estonia" \
--action "QUARANTINE" \
--reg-ex "\\\bee(?:\\\s?\\\d){18}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Monaco" \
--name "IBAN Monaco" \
--action "QUARANTINE" \
--reg-ex "\\\bmc(?:\\\s?\\\d){12}(?:\\\s?[a-z0-9]){11}(?:\\\s?\\\d){2}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Czech Republic" \
--name "IBAN Czech Republic" \
--action "QUARANTINE" \
--reg-ex "\\\bcz(?:\\\s?\\\d){22}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Croatia" \
--name "IBAN Croatia" \
--action "QUARANTINE" \
--reg-ex "\\\bhr(?:\\\s?\\\d){19}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Hungary" \
--name "IBAN Hungary" \
--action "QUARANTINE" \
--reg-ex "\\\bhu(?:\\\s?\\\d){26}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Luxembourg" \
--name "IBAN Luxembourg" \
--action "QUARANTINE" \
--reg-ex "\\\blu(?:\\\s?\\\d){5}(?:\\\s?[a-z0-9]){13}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Iceland" \
--name "IBAN Iceland" \
--action "QUARANTINE" \
--reg-ex "\\\bis(?:\\\s?\\\d){24}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Romania" \
--name "IBAN Romania" \
--action "QUARANTINE" \
--reg-ex "\\\bro(?:\\\s?\\\d){2}(?:\\\s?[a-z]){4}(?:\\\s?[a-z0-9]){16}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Spain" \
--name "IBAN Spain" \
--action "QUARANTINE" \
--reg-ex "\\\bes(?:\\\s?\\\d){22}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for United Arab Emirates" \
--name "IBAN United Arab Emirates" \
--action "QUARANTINE" \
--reg-ex "\\\bae(?:\\\s?\\\d){21}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Greece" \
--name "IBAN Greece" \
--action "QUARANTINE" \
--reg-ex "\\\bgr(?:\\\s?\\\d){9}(?:\\\s?[a-z0-9]){16}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Kuwait" \
--name "IBAN Kuwait" \
--action "QUARANTINE" \
--reg-ex "\\\bkw(?:\\\s?\\\d){2}(?:\\\s?[a-z]){4}(?:\\\s?\\\d){22}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Lithuania" \
--name "IBAN Lithuania" \
--action "QUARANTINE" \
--reg-ex "\\\blt(?:\\\s?\\\d){18}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Israel" \
--name "IBAN Israel" \
--action "QUARANTINE" \
--reg-ex "\\\bil(?:\\\s?\\\d){21}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Mauritius" \
--name "IBAN Mauritius" \
--action "QUARANTINE" \
--reg-ex "\\\bmu(?:\\\s?\\\d){2}(?:\\\s?[a-z]){4}(?:\\\s?\\\d){19}(?:\\\s?[a-z]){3}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Switzerland" \
--name "IBAN Switzerland" \
--action "QUARANTINE" \
--reg-ex "\\\bch(?:\\\s?\\\d){7}(?:\\\s?[a-z0-9]){12}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Saudi Arabia" \
--name "IBAN Saudi Arabia" \
--action "QUARANTINE" \
--reg-ex "\\\bsa(?:\\\s?\\\d){4}(?:\\\s?[a-z0-9]){18}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Italy" \
--name "IBAN Italy" \
--action "QUARANTINE" \
--reg-ex "\\\bit(?:\\\s?\\\d){2}(?:\\\s?[a-z]){1}(?:\\\s?\\\d){10}(?:\\\s?[a-z0-9]){12}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Kazakhstan" \
--name "IBAN Kazakhstan" \
--action "QUARANTINE" \
--reg-ex "\\\bkz(?:\\\s?\\\d){5}(?:\\\s?[a-z0-9]){13}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Portugal" \
--name "IBAN Portugal" \
--action "QUARANTINE" \
--reg-ex "\\\bpt(?:\\\s?\\\d){23}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Dominican Republic" \
--name "IBAN Dominican Republic" \
--action "QUARANTINE" \
--reg-ex "\\\bdo(?:\\\s?\\\d){2}(?:\\\s?[a-z0-9]){4}(?:\\\s?\\\d){20}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Principality of Liechtenstein" \
--name "IBAN Principality of Liechtenstein" \
--action "QUARANTINE" \
--reg-ex "\\\bli(?:\\\s?\\\d){7}(?:\\\s?[a-z0-9]){12}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Germany" \
--name "IBAN Germany" \
--action "QUARANTINE" \
--reg-ex "\\\bde(?:\\\s?\\\d){20}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches International Bank Account Number for Sweden" \
--name "IBAN Sweden" \
--action "QUARANTINE" \
--reg-ex "\\\bse(?:\\\s?\\\d){22}\\\b" \
--threshold 1
ciphermail-cli dlp group add --name IBAN
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Ireland"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Montenegro"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Italy"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Portugal"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Poland"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Albania"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Czech Republic"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN San Marino"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Gibraltar"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Finland"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Bosnia and Herzegovina"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Belgium"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Mauritius"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Turkey"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Greece"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN United Kingdom"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Hungary"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Andorra"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Cyprus"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Iceland"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Kazakhstan"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN France"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Israel"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Tunisia"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Croatia"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Saudi Arabia"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Bulgaria"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Estonia"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Spain"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Germany"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN United Arab Emirates"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Denmark"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Lithuania"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Principality of Liechtenstein"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Georgia"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Luxembourg"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Romania"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Kuwait"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Malta"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Serbia"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN The Netherlands"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Mauritania"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Switzerland"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Sweden"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Lebanon"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Austria"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Norway"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Latvia"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Dominican Republic"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Monaco"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Slovenia"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Slovak Republic"
ciphermail-cli dlp child add --parent-node IBAN --child-node "IBAN Macedonia"
Creditcard DLP rules and a group containing all CC rules:
ciphermail-cli dlp pattern add \
--description "Matches Visa in 1-4-4-4, 1 4 4 4 and 13 format" \
--match-filter "Mask" \
--name "Visa-13 CC" \
--action "QUARANTINE" \
--reg-ex "\\\b4\\\s?-?\\\s?(?:\\\d{4}\\\s?-?\\\s?){3}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches Discover in 4-4-4-4, 4 4 4 4 and 16 format" \
--match-filter "Mask" \
--name "Discover CC" \
--action "QUARANTINE" \
--reg-ex "\\\b6011\\\s?-?\\\s?(?:\\\d{4}\\\s?-?\\\s?){3}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches Visa in 4-4-4-4, 4 4 4 4 and 16 format" \
--match-filter "Mask" \
--name "Visa CC" \
--action "QUARANTINE" \
--reg-ex "\\\b4\\\d{3}\\\s?-?\\\s?(?:\\\d{4}\\\s?-?\\\s?){3}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches Dinersclub in 4-6-4, 4 6 4 and 14 format" \
--match-filter "Mask" \
--name "Dinersclub CC" \
--action "QUARANTINE" \
--reg-ex "\\\b3(?:0[0-5]|6\\\d|8\\\d)\\\d\\\s?-?\\\s?\\\d{6}\\\s?-?\\\s?\\\d{4}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches JCB-15 in 3-4-4-4, 3 4 4 4 and 15 format" \
--match-filter "Mask" \
--name "JCB-15 CC" \
--action "QUARANTINE" \
--reg-ex "\\\b(?:213\\\s?-?\\\s?1|180\\\s?-?\\\s?0)\\\d{3}\\\s?-?\\\s?(?:\\\d{4}\\\s?-?\\\s?){2}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches American Express in 4-6-5, 4 6 5 and 15 format" \
--match-filter "Mask" \
--name "Amex CC" \
--action "QUARANTINE" \
--reg-ex "\\\b3[47]\\\d{2}\\\s?-?\\\s?\\\d{6}\\\s?-?\\\s?\\\d{5}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches Mastercard in 4-4-4-4, 4 4 4 4 and 16 format" \
--match-filter "Mask" \
--name "Mastercard CC" \
--action "QUARANTINE" \
--reg-ex "\\\b5[1-5]\\\d{2}\\\s?-?\\\s?(?:\\\d{4}\\\s?-?\\\s?){3}\\\b" \
--threshold 1
ciphermail-cli dlp pattern add \
--description "Matches JCB in 4-4-4-4, 4 4 4 4 and 16 format" \
--match-filter "Mask" \
--name "JCB CC" \
--action "QUARANTINE" \
--reg-ex "\\\b35\\\d{2}\\\s?-?\\\s?(?:\\\d{4}\\\s?-?\\\s?){3}\\\b" \
--threshold 1
ciphermail-cli dlp group add --name "CC"
ciphermail-cli dlp child add --parent-node "CC" --child-node "Visa CC"
ciphermail-cli dlp child add --parent-node "CC" --child-node "Visa-13 CC"
ciphermail-cli dlp child add --parent-node "CC" --child-node "Mastercard CC"
ciphermail-cli dlp child add --parent-node "CC" --child-node "Dinersclub CC"
ciphermail-cli dlp child add --parent-node "CC" --child-node "JCB CC"
ciphermail-cli dlp child add --parent-node "CC" --child-node "Discover CC"
ciphermail-cli dlp child add --parent-node "CC" --child-node "JCB-15 CC"
ciphermail-cli dlp child add --parent-node "CC" --child-node "Amex CC"