Scenario:


Now that we can assure that mail flow testing is functional with a telnet test. It is time to allow regular email traffic inbound and outbound through ProofPoint Essentials.


Updating MX records


If the users have been synchronized as it was done in STEP 2, it is now time to have your public MX records modified to allow email flow through ProofPoint Essentials. The steps required may vary based on which hosted provider is currently hosting your DNS entries.


The most popular are that of Godaddy and Network Solutions. for this process please contact your providers on how to modify or update DNS records.


Our MX records for ProofPoint Essentials must be updated to the following records. 


ProofPoint Essentials US:


- mx1-us1.ppe-hosted.com

- mx2-us1.ppe-hosted.com


ProofPoint Essentials EU:


- mx1-eu1.ppe-hosted.com

- mx2-eu1.ppe-hosted.com



This may take a time for 30 minutes to 6 hours depending on your provider.


IMPORTANT: It is also recommend that when the MX priorities have been updated, the old MX records should be removed 24 hour later for a grace period of adding the new ProofPoint Essentials MX records. This is very important as failing to do so may cause a loss of emails.




Configure Outbound Relaying on ProofPoint Essentials:


Important: Before configuring the outbound mail flow through PP -- you need to add an entry to your client's SPF record. Usually most organisations already have one. If your client is on office365, the SPF record looks like this:

"v=spf1 include:spf.protection.outlook.com -all"


The SPF record tells the world who is allowed to send mail on your or your client's behalf.


You need to add this entry to the SPF record:


a:dispatch-us.ppe-hosted.com


So the SPF record becomes like this:

"v=spf1 a:dispatch-us.ppe-hosted.com include:spf.protection.outlook.com -all"


This is covered in the "Getting started with proofpoint" guide.




1- Log into the ProofPoint Essentials website US or EU.


2- Click on Account Management then Features.



3- Check the option Enable Outbound Relaying and click save.



4- Still under the Account Management menu click on Domains.


5- Click the button Manage Hosted Services



6- Toggle the option Office 365 from off to on.



Configure Outbound Relaying on Office 365: 



1- Log into the Office 365 Admin Center.


2- Once logged in click the Admin button.



3- Then click on Admin Centers and then Exchange.



4- In the Exchange Admin Center click on Mail Flow then the tab Connectors.



5- Click the plus sign to create a new send connector.


6- On the page that opens up select from Office 365 to Partner Organization and click Next.



7- Next provide a name for the connector and turn on the rule and click Next.



8- Click the plus icon and add an asterisk in the Add Domain page and click OK. Make sure the option Only when email messages are sent to these domains is selected and click Next.


9- Select the option Route email through these smart hosts and click the plus icon +


10- Enter the smart host address required and click Save. based on US or EU login the address is different.



ProofPoint Essentials Smart Host US:


- outbound-us1.ppe-hosted.com


ProofPoint Essentials Smart Host EU:


- outbound-eu1.ppe-hosted.com


11- Your Smart Host sender address should look as similar below, then click the Next button.



12- Next page is simply the security protocols page which should be left as there default settings and click Next.


13- Click Next once more to complete the connector.


14- On the following page click the plus icon and enter an external email address and click OK. This will validate if the send connector is correctly configured.



15- Then click the Validate Button to test the connector. You should be greeted with a successful message.


16- You can now proceed to STEP 6 - Locking Down O365 Connections.