Configure Skyhigh CASB SMTP Proxy for CSPs
Skyhigh CASB’s SMTP Proxy allows you to connect the Cloud Service Providers (CSP) email interface to your corporate email servers. This allows the encryption engine to process any data that flows in or out of the CSP via email.
To configure the SMTP Proxy for CSPs:
- Go to Settings > Service Management.
- Under Services, select your service and instance.
- Go to Setup > Proxy and click Get Started.
- Under Configure Proxy, click Configure and complete the proxy configuration for the CSP. Once you complete the proxy configuration, Configure SMTP is enabled.
- To configure the SMTP proxy, click Configure.
- Specify the following properties in Configure SMTP dialog:
- SMTP Proxy. Select the Enabled radio button.
- Under Select the closest Skyhigh CASB Proxies, configure the following options:
- Primary Proxy Region. Select the primary proxy region from the menu.
- Secondary Proxy Region. Select the secondary proxy region from the menu. If the primary proxy region fails to host the CSP instance, then the secondary proxy region is activated.
NOTE: If the closest proxy region showed is not closest to the CSP instance region where it is hosted or not listed in the recommended Primary and Secondary Proxy Region menus, contact Skyhigh Security Support. Also, if you need to change the proxy region after saving the configuration, you will need to contact Skyhigh Security Support.
- Under Enter SMTP Details, configure the following options:
- Server Domain. Select the Skyhigh CASB Alias radio button.
- MX Record. MX record is used to route email messages relayed by CSP to Skyhigh CASB’s SMTP proxy. For example, CRM.
- Enable SSL. To enable or disable the SSL connection for proxy, select Yes or No.
- Port. Port for the SMTP proxy. Set it to 25.
- Postmaster ID. This is the email ID from which senders receive undelivered notifications. For example, postmaster, admin, and more.
- Allowlisted Domains. This is used to relay the domains for proxy.
- Email Alias Setup. You can add email aliases along with the primary email address for email rewriting. For example, an email sent to an email alias address can be rewritten to the Primary email address.
- Outgoing Email Servers. These servers are used to send mails to CSPs or allowlisted domains.
- Enable Outgoing server SSL. If you select Yes, SMTP proxy connects with the outgoing SMTP servers using SSL. The JKS File dialog is enabled.
- If you want to provide a custom JKS file or Root CA file, then configure the following:
- Upload JKS. Upload the certificate used for SSL connection with CSPs. The JKS file is required only if the outgoing SMTP servers require two-way SSL.
- JKS File Password. Enter the JKS File Password. To validate your certificate, click Verify.
- Root CA File. Upload the Root CA File. Root CA file is required only if the outgoing SMTP servers’ certificate is not signed by a trusted CA.
- If you want to provide a custom JKS file or Root CA file, then configure the following:
- Number of Retry(s). If the outgoing email server cannot be reached, the SMTP proxy will retry to connect.
- Email Archive. Select the Enabled radio button to store the emails in the proxy.
- On failed Encryption/Decryption. If encryption or decryption of an email body, subject, or attachments fails, then Skyhigh CASB will forward the email as-is to the receiver if Send Email is chosen as the option. Otherwise, Skyhigh CASB will drop the email.
-
To save the SMTP configuration, click Save.