Mail servers

When Forcepoint DLP is configured to send incident notifications to administrators, the notifications can include links that permit the administrators to perform workflow operations on the incident. For example, they can click a link to change the incident’s severity to High, or to escalate it to a manager.

  • When an administrator clicks a link inside an email message, a compose message window appears.
  • The administrator clicks Send on this message to notify Forcepoint DLP that a workflow operation has been requested.

Use the Settings > General > Mail Servers page in the Data Security module of the Forcepoint Security Manager to set up the mail server that receives email requests for workflow updates—the incoming mail server—as well as the mail server sends the

notifications—the outgoing mail server. (The same outgoing server is used for alerts and scheduled tasks.)

To define the incoming and outgoing mail servers:

  1. Under Incoming Mail Server, select Mail server type from the drop-down. This is the email server address that collects and stores incoming email from administrator notifications. These are the email messages that are sent to the system when administrators try to update workflow operations from inside a notification email.
    If you select Other mail server, do the following:
    1. Select the protocol to use for email retrieval: POP3 or IMAP. Most mail servers support both.
    2. Specify whether or not to Use secure connection (SSL) to connect to the incoming mail server. This protects the content of the email from users outside of your network.
  2. Enter a dedicated System email address to which workflow email requests are sent. For example: DLPsystem@mycompany.com.
    • Set up an email account on your mail server for this purpose. Use a dedicated account, because the system deletes its contents regularly. Any email in this folder is lost.
    • If you are using Exchange Online, a valid email address must be used.
    • This email address automatically appears in the To: field of the email message when administrators click a workflow operation link.

      The exception is when the operation is Assign. Then the system email address appears in the CC field, because the To: field is the address of the assignee.

  3. Enter the following information depending on the mail server type you selected.
    • If you selected Exchange Online, enter the Tenant ID, Client ID, and Client secret.

      For more information about getting your Tenant ID, Client ID, and Client secret, see the Configuring Azure Active Directory to use OAuth2 authentication Knowledge Base article.

    • If you selected Other server type:
      1. Enter the IP address or hostname and Port for the mail server that can open the specified email address.
      2. Enter the User name and Password for a network account (not a Security Manager account) with access to both the incoming mail server and system email address. The system needs to connect to this server to retrieve the workflow updates.
  4. Click Test Connection to test the incoming mail server settings. The system tries to connect to the server and returns a success or failure message. This can take several minutes.
  5. Under Outgoing Mail Server, select a Mail server type from the drop-down.

    This is the email server address that waits and listens for outgoing notifications and alerts.

    If you change the outgoing mail server here, the mail server for scheduled tasks, notifications, alerts and discovery task email reports are affected. Make sure that you use or update a new valid sender email address in these components, otherwise, information will not be sent via email for these components.

    • If you selected Exchange Online, do one of the following:
      • Select Same as Incoming Mail Server.
      • Enter applicable Tenant ID, Client ID, and Client secret, if different than the incoming mail server. For more information about getting your Tenant ID, Client ID, and Client secret, see the Configuring Azure Active Directory to use OAuth2 authentication Knowledge Base article.
    • If you selected Other mail server:
      • Enter the IP address or hostname and Port for your outgoing mail server.
  6. Click Test Connection to test the outgoing mail server settings. When prompted, enter an email address where the system can send a test message. If you receive the message, then it was able to connect to the outgoing mail server successfully. This can take several minutes.
    • If using Exchange Online, the sender email address must be valid or the connection test will fail.
  7. Click OK to save your changes.