Connecting "other" email services

Modified on Sat, 7 Sep at 4:45 PM


About connecting "other" email services

You can integrate Perception Point X-Ray with various email services. This enables Perception Point X-Ray to protect all incoming mail from the integrated email services. 

This page discusses how to connect Perception Point X-Ray to an email service that is not Google Workspace nor Microsoft 365. We will refer to these as "other" email services. These "other" email services include services such as Microsoft Exchange, cPanel, and Zoho Mail.

Integrations with all "other" email services require an MX record change.

  • With the "Other" integration method, Perception Point X-Ray will protect the entire domain - there is no option to specify which groups or mailboxes to protect.
  • With the "Other" integration method, remediation is not available.

Additional requirements

  • The server must support 3rd-party MX records.
  • The server must have an allow list IP mechanism.


A bit more about integrating "other" email services

Onboarding process

  • Customer onboarding entails adding the domain name and verifying a TXT record in the system.
  • During the onboarding process, you'll need to add the next hop (MX record) so that Perception Point X-Ray knows where to deliver the email after scanning.

Email flow overview

  • All inbound emails are directed straight to the Perception Point X-Ray scanner upon arrival.

Scanning and response

  • Clean: Clean emails verified by Perception Point X-Ray are sent back to the configured server (Next SMTP).
  • Spam:Emails identified as spam by Perception Point X-Ray are also sent back to the configured server (Next SMTP).
    • For servers utilizing header-based rules to redirect spam to the junk folder, you can append the "X-PERCEPTION-POINT-SPAM: FAIL" header.
    • In Exchange 2013/2019, this can be accomplished through transport rules.
  • Malicious: Emails identified as malicious are halted and are never forwarded to the next server.

Note: With the "Other" integration method, remediation is not available. This means that if an email was initially assigned a clean verdict, which was later changed to malicious, the email will not be removed from the user's Inbox.



The onboarding procedure

Perform the following procedures to integrate Perception Point X-Ray with "other" email services:

A diagram of steps to verify domain

Description automatically generated

Flow chart diagram 

A diagram of email and mail

Description automatically generated with medium confidence


 Step 1 - Onboarding "other" email services

You can integrate Perception Point X-Ray with various email services. This enables Perception Point X-Ray to protect all incoming mail from the integrated services. 

This page discusses how to connect Perception Point X-Ray to an email service that is not Google Workspace nor Microsoft 365. We will refer to these as "other" email services.

This is the 1st step of the procedure to integrate Perception Point X-Ray with other email services:

A step 2 verify domain

Description automatically generated

 

Note: 

If you have a firewall, make sure that the Perception Point IPs [shown below] are allow-listed in your firewall. The set of IPs varies depending on the environment in which your organization is located. [Open the drop-down below for details on your environment.]

What is the environment of your organization 

  1. In Perception Point X-Ray, go to Account > Preferences.
  2. The Environment of your organization will appear under General > Info: US, EU, or AU.

 

For US environments

For EU environments

For AU environments

 

  • 54.227.64.76
  • 3.81.182.154
  • 3.93.155.149
  • 3.95.118.12
  • 3.95.142.181
  • 52.12.169.124 [required only if muti-region is enabled]
  • 99.81.216.78
  • 34.249.190.60
  • 108.128.137.108
  • 99.80.189.20
  • 52.12.169.124 [required only if muti-region is enabled]
  • 13.236.255.231
  • 54.66.125.250
  • 52.12.169.124 [required only if muti-region is enabled]

 

 

To on-board other email services:

  1. On the right of the Perception Point X-Ray banner, click the Add Services [] icon.
  2. Click Add New Domain - if this option appears. 

A screenshot of a computer

Description automatically generated

  1. Select the Organization - if necessary.
  2. Specify the Escalation Contacts
  3. In Email Service, select  Other.
  4. In Connection Method, select  MX.
  5. Click Next.

Note: If the Next button is not enabled, make sure that you have entered an Escalation Contact above.



  1. In the Host box, enter the name of the new domain - for example, acme.com 
  2. Click FIND SMTP to the right of the domain name. This should populate the SMTP Servers field. 

This is the address to which mail will be sent after it has been scanned and marked as being clean.

 

The required SMTP server is a server in your domain - as it appears in the MX record.

Checking your SMTP server manually 

You can perform the lookup procedure below to check that the SMTP server that appears is correct:

A screenshot of a computer

Description automatically generated

  1. In Domain Name, enter your domain name - and then click MX Lookup.

Your required SMTP server will appear under Hostname.

A screenshot of a computer

Description automatically generated

 

  1. [Optional] Click Add Domain - if more than 1 domain is required - and enter the required details.
  2. Licenses: By default, Perception Point X-Ray will protect all email users in the domains that you specified above. To protect only a limited number of users, contact Perception Point Support [support@perception-point.io].
  3. Click Next.

The "Add TXT Records" dialog box opens. This dialog box includes the TXT record names and TXT record values, that you'll need in order to add and verify the TXT records for your domain - in Step 2.

A close up of a logo

Description automatically generated

If multi-region is enabled, there will be details for TXT records in both the primary and secondary regions.

 


 Step 2 - Verifying your domains [Other]

You can integrate Perception Point with various email services. This enables Perception Point to protect all incoming mail from the integrated services. 

This page discusses how to connect Perception Point to an email service that is not Google Workspace, Microsoft 365, or Microsoft Exchange. We will refer to these as "other" email services.

This is the 2nd step of the procedure to integrate Perception Point with other email services:



About verifying your domain

You need one or more verified domains for each email service that you integrate with Perception Point. After you add a domain [as part of the email service connection process], you need to verify the domain. Verifying a domain includes:

  • Adding a TXT record to your domain provider
  • Verifying the TXT record


Adding a TXT record

 

Note: 

  • For each TXT record that you add, you will need the TXT record name and the TXT record value.
  • If multi-region functionality is enabled, you will need to add TXT records for both the primary region and the secondary region.
  • After adding a TXT record to your domain provider, don't remove the TXT record as long as you are connected to Perception Point X-Ray - as the TXT record allows Perception Point X-Ray to constantly authenticate with the DNS supplier.

 

To add a TXT record:

  1. Open Perception Point X-Ray.
  2. In the left navigation menu, select Account > Email Domains.
  3. Locate and then open the required domain.
  4. Click Copy [] to copy the "TXT record name" to the clipboard.
  5. Go to your domain provider and add the TXT record name, using the value that you copied to the clipboard.
  6. Click Copy [] to copy the "TXT record value" to the clipboard.
  7. Go to your domain provider and add the TXT record value, using the value that you copied to the clipboard.

 

Note

Other AWS products may use this method of domain verification. This is OK, as it is acceptable to have more than one _amazonses.domain record, as long as the record values are different.

 

Verifying the new TXT record

 

Note

When you add a TXT record to your domain provider, it may take up to 72 hours for your domain provider to apply and replicate the change. Inform Perception Point Support [support@perception-point.io] if the domain is not verified after a few hours.

 

To verify a new TXT record:

  1. Open Perception Point X-Ray.
  2. In the left navigation menu, select Account > Email Domains.
  3. Locate and then open the required domain.
  4. Locate "TXT record verification". It should have the "Pending" status.
  5. Click Verify on the right of "TXT record verification".

The status should change from Pending to Verified.

A screenshot of a computer

Description automatically generated

 

Note: If multi-region functionality is enabled, you'll need to verify TXT records for both the primary region and the secondary region.

 


Troubleshooting domain verification

When you add a TXT record to your domain provider, it may take up to 72 hours for the domain provider to apply and replicate the change. 


 Step 3 - Configuring "other" email systems

You can integrate Perception Point with various email services. This enables Perception Point to protect all incoming mail from the integrated services. 

This page discusses how to connect Perception Point to an email service that is not Google Workspace, Microsoft 365, or Microsoft Exchange. We will refer to these as "other" email services.

This is the 3rd step of the procedure to integrate Perception Point with other email services:

A step 2 verify domain

Description automatically generated

To enable your Perception Point integration with other email services, some configurations must be made in your email service. Perform these configurations as described below.

 

Note: The procedures below will differ depending on the specific email service that you are using.

 

1. Add the Perception Point IP addresses to the safe list 

  1. Depending on your organization's AWS environment, add the following IP addresses to the list of allowed IP addresses in your environment: [See the drop-down below for details on on how to determine your environment]

What is the environment of your organization 

  1. In Perception Point X-Ray, go to Account > Preferences.
  2. The Environment of your organization will appear under General > Info: US, EU, or AU.

 

For US environments

For EU environments

For AU environments

  • 54.227.64.76
  • 3.81.182.154
  • 3.93.155.149
  • 3.95.118.12
  • 3.95.142.181
  • 52.12.169.124 [required only if muti-region is enabled]
  • 99.81.216.78
  • 34.249.190.60
  • 108.128.137.108
  • 99.80.189.20
  • 52.12.169.124 [required only if muti-region is enabled]
  • 13.236.255.231
  • 54.66.125.250
  • 52.12.169.124 [required only if muti-region is enabled]

 

2. Create a spam rule for spam emails [optional] 

Perform this step only if your email service supports rules with headers. 

This procedure enhances the ability of suspected spam to be sent to the user’s junk/spam folder.

The example shown below is for Microsoft Exchange. The procedure will differ depending on the email service that you are using.

  1. In Exchange Admin, select Mail flow > Rules > "Create a new rule…"
  2. Scroll to the bottom, and click "More options…"
    1. Name: Perception Point Spam Rule
  3. Select "Apply this rule if…" > "A message header…" > "Matches these exact patterns"
  4. Select "Enter text" and then specify the header name: X-PERCEPTION-POINT-SPAM
  5. Select "Enter text patterns" and then specify the following words or phrases: FAIL - and then click "+"
  6. Select "Do the following…" > "Modify the Message Properties"
  7. Set the  Spam Confidence Level to "6"


3. Configure your MX record 

Note:

  • Before changing or adding the MX record as described below, check if the domain that you are adding supports TLS. If not, contact Perception Point Support [support@perception-point.io] before continuing. [It may be necessary for Perception Point Support to disable the TLS check.]

Note that Perception Point X-Ray supports TLS 1.2

  • When changing or adding the MX record, make sure that the MX record has the highest priority [0].
  • When updating the MX record to point to the Perception Point smart host, attackers might attempt to send malicious emails or spam directly to your server. To prevent this, we recommend removing the outdated DNS records, as they are publicly accessible. Additionally, configure your server to accept incoming traffic only from Perception Point IPs, ensuring that all email is filtered through the smart host and protected from external threats.
  1. On your network provider, change the MX record as follows: [Open the drop-down below for details on your environment.]

What is the environment of your organization 

  1. In Perception Point X-Ray, go to Account > Preferences.
  2. The Environment of your organization will appear under General > Info: US, EU, or AU.

 

 

Multi-region enabled

Multi-region not enabled

For US environments:

us.mx-pp.com

inbound-smtp.us-east-1.amazonaws.com

For EU environments:

eu.mx-pp.com

inbound-smtp.eu-west-1.amazonaws.com

For AU environments:

australia.mx-pp.com

inbound-smtp.eu-west-1.amazonaws.com

 

 

Email from your email service is now protected by Perception Point.


References:

https://docs.perception-point.io/WP/Content/PP/Other-Connecting.htm

Acronis: https://docs.perception-point.io/acronis/Content/PP/Other-Connecting.htm

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article