Configuring email settings in Forcepoint ONE Data Security portal

To enable Forcepoint DLP for Cloud Email, follow these instructions to configure email settings in Forcepoint ONE Data Security portal.

Steps

  1. Navigate to the Forcepoint ONE Data Security portal and log in with your credentials.
  2. Go to > Email. The MTA configuration page appears.
  3. In Customer email connection section, select Office 365 as a vendor.
  4. In Email domains section, enter the email host domains that rule to be applied.
  5. If you are using Microsoft Office 365 as your smarthost, tick the Return to Microsoft checkbox. The Return email certificate section will be enabled.
    Note: If you are smarthosting to other email servers, it is recommended that you do not enable this option. When configuring your email system to relay messages through a smarthost to another MTA, uploading public certificates and private keys is not mandatory if you are using IP addresses to route emails.
    1. Upload Public Certificate (optional).
      • The certificate must be in base-64 PEM format.
      • The certificate will be used by your product to securely relay email traffic to the configured smarthost.
      • The certificate is needed only when the smarthost MTA is in Microsoft Office 365.
      • The subject name in the certificate should match the customer’s smarthost primary domain and can have some identifier specific for this solution.

        For example, if the customer's name is “abc”, the subject name in the certificate shall be dlpforemail.abc.com.

      • The domain in the certificate should be added in the accepted domains in Microsoft Office 365 Admin center.

        In this example above, dlpforemail.abc.com should be added in the accepted domain. To add your domain to Microsoft Office 365, refer to Microsoft Learn page.

    2. Upload Private Key (optional).
      • The private key must be in base-64 PEM format.
      • The private key will be used by your product to securely relay email traffic to the configured smarthost.
      • The private key is needed only when the smarthost MTA is in Microsoft Office 365.
      • The private key should match the certificate. In case of mismatch, emails will not be delivered to the smarthost configured.
  6. In Smarthost to another MTA section, add the IP Address or DNS and port number to where it needs to return the email back.


  7. Click Save to apply your changes.

    The Forcepoint DLP for Cloud Email (Microsoft Office 365) is configured successfully.