[Setup Step 4]: (Optional): Activating outbound email protection / DLP Print

[Setup Step 4]: (Optional): Activating Proofpoint for an organization’s outbound email

This article assumes that the organization in question has an active account in Proofpoint, is using our inbound email service, and has its user email addresses registered in our Interface.

Important Note:  If you activate Proofpoint Outbound relaying this means that Proofpoint will scan for spam and viruses on outbound emails and block as appropriate.

In order to activate outbound relaying, your reseller / tech contact will need to be notified of the source IP address (es) from where the organization’s connections will be originating from.  (This must be the server’s public internet IP address and not it’s private LAN address.

Dynamic IP addresses are not supported at this time. The change takes effect top of the hour and only once you have been notified that outbound has been activated should you proceed to modify the mail server in question to relay all outbound email through Proofpoint. This relay setting is sometimes also known as the “smart host” setting.

The relay/smart host destination where all mail should go is the following 2 options:

    - outbound-eu1.ppe-hosted.com. (For EU users)
    - outbound-us1.ppe-hosted.com. (For US users)

You can test connectivity to Proofpoint by typing and executing the following from a command prompt on the email server of the organization:

    - telnet outbound-eu1.ppe-hosted.com 25
    - telnet outbound-us1.ppe-hosted.com 25

You should see a message saying “Welcome to Proofpoint ESMTP Server”, amongst other things. (enter “quit” to close the connection.) If you do not see this message, examine the outbound settings on the firewall between the server and the internet.

Please note: When configuring an Outbound Connector for our smarthosts, authentication is not required. We authenticate the connection by other means (ie, the registered sending server IP on the platform, registered users on the platform, etc).

NB: Please ensure you read the instructions on Firewall Lockdown and include all IP ranges.

Notes:

    - Using Proofpoint for outbound email on top of inbound improves the accuracy of the Proofpoint classification engine in some respects, but especially with bounce emails.
    - Remember to remove the outbound configuration from the Proofpoint Interface if no longer being used (otherwise legitimate bounce messages might get quarantined. (which the end-user can just release, if so desired)).

Instructions for outbound setup

You can have your company’s mail server use the Proofpoint SMTP server for outbound mail. This will use the same scanning as the inbound mail. In addition, using the Proofpoint SMTP service will allow you to see the messages in the logs as well.

The pre-requisite for performing an outbound relay is that the domains need to exist in the Proofpoint service prior to Outbound relaying. This is part of the two-tiered authentication we have for SMTP relay.