Testing your connection

Before you begin

When you add a domain, Forcepoint Email Security Cloud checks for a valid inbound connection for this domain and displays the result on the Add Domain screen, accessed through the Domain tab. If it cannot find or validate a connection, an error message appears. The inbound connection checking does not guarantee the correct delivery of email messages. It is strongly recommended that you run your own testing on the inbound connection that you have specified.

We also recommend that you test your outbound connection before configuring your policies and beginning mail flow.

To test your outbound connection with the Forcepoint Email Security Cloud service, you can open a telnet session to the service IPs on port 25 using the DNS names you’ve been assigned, then simulate sending a message:

Steps

  1. On the machine you identified as your Internet mail gateway, open a command prompt. To do so,
    1. Select Start > Run
    2. Type “cmd”.
    3. Press Enter.
  2. Enter the following:
    telnet custXXXX-1.out.mailcontrol.com 25
    replacing custXXXX-1.out.mailcontrol.com with the first customer-specific DNS record on the Service IP Addresses page in the cloud portal. You should receive a response like this:
    220 cluster-[x].mailcontrol.com ESMTP MailControl
  3. Enter:
    helo [your server name]
    For example:
    HELO mail.customerdomain.com
    Response:
    250 cluster-g.mailcontrol.com Hello mail.customerdomain.com [192.168.1.1], pleased to meet you
  4. Enter:
    mail from: postmaster@yourdomain.com
    For example:
    mail from: postmaster@customerdomain.com
    Response:
    250 2.1.0 <postmaster@customerdomain.com>... Sender ok
  5. Enter:
    rcpt to: Your Web mail address
    Response:
    250 2.1.5 <yourname@yourcompany.com>... Recipient ok
  6. Enter:
    data
    Response:
    354 Enter message, end with “.” on a line by itself
  7. Enter a sample message, ending with a period on a line by itself. For example:
    Subject: connectivity test
    This is a test.
    Response:
    250 Message accepted for delivery.
  8. Quit the session by entering:
    quit
  9. Repeat for the second DNS name you’ve been assigned. Enter: 
    telnet custXXXX-2.out.mailcontrol.com 25
helo [your server name]
mail from: postmaster@yourdomain.com
rcpt to: Your Web email address
data
quit
  10. Test the summary record next, the one with “-s”. 
    telnet custXXXX-s.out.mailcontrol.com 25
helo [your server name]
mail from: postmaster@yourdomain.com
rcpt to: Your Web email address
data
quit

Next steps

Any of these records can be used to route your email.

If you receive a “relaying denied” error, 1 of 2 things could be happening:

  • Your firewall could be presenting its own IP address to the service IPs rather than the mail server’s IP address. In this case, you should add the firewall IP address as an outbound connection in your account. To do this, go to the Connections tab of the cloud portal and add the firewall’s IP address in the connections that you created. This is the most likely cause for this error.
  • It could also be that you are using a fully-qualified domain name (FQDN) rather than an IP address for your outbound route. If this is the case, go to the Connections tab of the portal and change all outbound and inbound routes to IP addresses.

When you successfully connect to the service, you are ready to change the configuration of your Internet mail gateway.

Once you have changed your Internet mail gateway configuration, you can test the delivery of outbound email via Forcepoint Email Security Cloud by sending to an echo address. For example: echo@uk.psi.net

If your email does not get through, check its progress using Message Center in the cloud portal, or contact the Forcepoint Support helpdesk.