Configuring inbound mail routing rules

Click Add New Rule on the Connections tab to add an inbound routing rule that applies to specified users, groups, domains, or content types. This enables you to route mail to different mail hosts for certain groups of users in your network, useful if, for example, your organization has multiple mail servers for different locations or subsidiaries.

If a message is sent to a user who is in more than one group covered by your inbound routing rules, the first rule in the list that matches the user will be applied. A message sent to multiple users who have different routing rules will be split into multiple copies and routed as configured for each individual user.

If you set up a content type rule, the rule is applied to messages that are encrypted with PGP. You can apply that rule to all PGP-encrypted messages, or choose to apply it to messages for specific users, groups, or domains.

Before it can be enabled for mail routing, a rule must be checked to ensure the following:

  • Forcepoint Email Security Cloud can connect to the specified inbound mail hosts.
  • The mail hosts accept messages for all domains explicitly specified in the rule. This is required for the rule to be valid.
  • The mail hosts accept messages for the domains contained in all email addresses explicitly specified in the rule. This is required for the rule to be valid.
  • The mail hosts accept messages for at least one domain within the policy.
Note: If a group includes a domain that the mail hosts do not accept messages for, some mail may not be delivered. We recommend that you check your groups for domains not accepted by your mail hosts, and that you recheck your inbound mail routing rules if you change or resynchronize your groups in the portal.

The mail host checking takes place as you configure the inbound rule.

Steps

  1. Enter a Rule Name. This is required.
  2. In the Apply To field, enter one or more recipients for the rule to apply to. These can be individual email addresses, groups configured in Forcepoint Email Security Cloud, or domain names. You can enter multiple recipients, separated by commas.

    This field is required unless you are creating a rule that routes by content type and select PGP Encrypted only as described below.

    To edit an existing recipient, click the item. Press Enter to save your changes as a new entry in the Apply To list. To discard your changes, press Esc.

    To remove an item from the Apply To list, click the Delete icon next to the item.

  3. To apply the rule only to confidential messages encrypted with PGP, mark PGP Encrypted only.
    If you select this option, the Apply To field is no longer mandatory.
  4. Optionally, select a Security value: Unenforced, Encrypt, Encrypt+CN, Verify, or Verify+CN. See Encryption tab for further information.
  5. If you are enforcing security, select an Encryption Strength: 128 or 256.
  6. Click Add Mail Host to add a receiving mail server to the rule.
    You can add up to 10 mail hosts to a rule. If Forcepoint Email Security Cloud cannot deliver inbound email to the first mail host in the list, it tries the other servers in order until the message is delivered. To change the order of the mail hosts, click an order number and drag it up or down the list.
  7. Enter a Host Name (for example mail.mycompany.com) for the server. If the host name cannot be resolved on the Internet, enter an IP Address for the server as well. Click the button to confirm.

    Forcepoint Email Security Cloud checks the mail host and sets the Status to Passed or Failed.

    If the route check failed, click Failed to open a popup window that displays details of the failure. Filter the results of the check to view domains that are required or optional for the rule, and those that passed or failed.

    In this window, you can recheck all the domains in the rule, or just the domains that failed. You can also choose to Ignore Failed domains, which changes the mail host’s Status to Passed. Be aware that if you ignore failed domains, some messages may be undelivered.

    You can edit the server settings by clicking the pencil button.

  8. To enable the rule for use, mark Enabled.
    Note:

    At least one mail host in the list must pass the check for the rule to be saved as enabled. If the check fails, you can still save the rule, but you must first clear the Enabled check box.

    If you make changes to the rule, for example changing the recipients it applies to or editing the Security settings, each mail host must be rechecked. Click the Check all mail hosts button to run the check again.

  9. Once you have finished configuring your rule, click Save.