Scribd
Upload
55 views5 pages

HES Domain Add

After adding a domain, configurations must be completed to fully provision the domain. This includes verifying the domain by adding a TXT record, configuring firewalls to accept emails from Trend Micro servers, and pointing the domain's MX records to the Trend Micro servers. SPF records also need to be configured to identify permitted mail servers and prevent spoofing. Once all required configurations are finished, the domain status will change to "Completed".

Uploaded by

Ximénez Marco
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
55 views5 pages

HES Domain Add

After adding a domain, configurations must be completed to fully provision the domain. This includes verifying the domain by adding a TXT record, configuring firewalls to accept emails from Trend Micro servers, and pointing the domain's MX records to the Trend Micro servers. SPF records also need to be configured to identify permitted mail servers and prevent spoofing. Once all required configurations are finished, the domain status will change to "Completed".

Uploaded by

Ximénez Marco
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Configuring a Domain

After adding a domain, perform required configurations to finish provisioning the domain. On
the Domains screen, any domain missing required configurations is in the "Configuration
required" status, and a red exclamation mark will be shown next to the field that requires your
operation or reports any problem. You can hover over the exclamation mark to view the
detailed error message.
After you finish all required operations, the status of the domain will change
from "Configuration required" into "Completed."

1. In the General section, verify your domain.

a. Add the TXT record provided on the console to your domain's DNS configuration
to prove that you own the domain.

b. Click Verify.

The message "Domain verified" appears if the domain verification is successful.


2. If your domain dose not pass verification, the built-in policy rule "Global Anti-Virus Rule
(Enforced on Unverified Domains)" will be forcibly applied to incoming messages sent to
the domain.
3. If you have difficulty adding the TXT record, you can add an MX record for your domain
instead:
4. Add an MX record for the Trend Micro Email Security server with the highest preference
value.
o North America, Latin America and Asia Pacific:
<your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
<your_domain> MX preference = 32767, mail exchanger
= <company_identifier>.in.tmes.trendmicro.com

o Europe, the Middle East and Africa:


<your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
<your_domain> MX preference = 32767, mail exchanger
= <company_identifier>.in.tmes.trendmicro.eu

o Australia and New Zealand:


<your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
<your_domain> MX preference = 32767, mail exchanger
= <company_identifier>.in.tmes-anz.trendmicro.com

o Japan:
<your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
<your_domain> MX preference = 32767, mail exchanger
= <company_identifier>.in.tmems-jp.trendmicro.com

o Singapore:
<your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
<your_domain> MX preference = 32767, mail exchanger
= <company_identifier>.in.tmes-sg.trendmicro.com

5. Note:
6. In the preceding MX record, the second preference value 32767 is only used as an
example. When setting the second preference value, make sure it is larger than the first
preference value, which means this route has lower priority than the first one.
7. To learn more about MX records, see About MX Records and Trend Micro Email Security.
8. Tip:
9. DNS propagation can take up to 48 hours. The status of the domain you are adding does
not change until DNS propagation is complete. During this period, do not turn off any on-
premises security. While waiting for DNS propagation, you can use the administrator
console to customize the domain settings for features such as Policy, Recipient
Filter, Sender Filter, Policy Objects, BEC, and IP Reputation.
10. If the domain stays as unverified for more than 48 hours, confirm that the TXT record or
MX record for the domain is correct.
o For Linux, run one of the following commands:
dig txt <domain_name>
dig mx <domain_name>
o For Windows, run one of the following commands:
nslookup -q=txt <domain_name>
nslookup -q=mx <domain_name>

11. In the Inbound Servers section, complete the following configurations:

. Configure your firewall to accept email messages from the following Trend Micro
Email Security IP addresses or CIDR blocks:

▪ North America, Latin America and Asia Pacific:


18.208.22.64/26
18.208.22.128/25
18.188.9.192/26
18.188.239.128/26
▪ Europe, the Middle East and Africa:
18.185.115.0/25
18.185.115.128/26
34.253.238.128/26
34.253.238.192/26

▪ Australia and New Zealand:


13.238.202.0/25
13.238.202.128/26

▪ Japan:
18.176.203.128/26
18.176.203.192/26
18.177.156.0/26
18.177.156.64/26

▪ Singapore:
13.213.174.128/25
13.213.220.0/26
a. Note:
b. If you are using a third-party IP reputation service, add the preceding Trend Micro
Email Security IP addresses or CIDR blocks to the approved list of the IP
reputation service, or disable the third-party service and enable Trend Micro Email
Security to perform IP reputation-based filtering for you.

c. Click Test Connection.

d. Point the MX record of your domain to the Trend Micro Email Security server with
the lowest preference value.

▪ North America, Latin America and Asia Pacific:


<your_domain> MX preference = 20, mail exchanger =
<your_domain_mta>
<your_domain> MX preference = 10, mail exchanger
= <company_identifier>.in.tmes.trendmicro.com

▪ Europe, the Middle East and Africa:


<your_domain> MX preference = 20, mail exchanger =
<your_domain_mta>
<your_domain> MX preference = 10, mail exchanger
= <company_identifier>.in.tmes.trendmicro.eu
▪ Australia and New Zealand:
<your_domain> MX preference = 20, mail exchanger =
<your_domain_mta>
<your_domain> MX preference = 10, mail exchanger
= <company_identifier>.in.tmes-anz.trendmicro.com
▪ Japan:
<your_domain> MX preference = 20, mail exchanger =
<your_domain_mta>
<your_domain> MX preference = 10, mail exchanger
= <company_identifier>.in.tmems-jp.trendmicro.com
▪ Singapore:
<your_domain> MX preference = 20, mail exchanger =
<your_domain_mta>
<your_domain> MX preference = 10, mail exchanger
= <company_identifier>.in.tmes-sg.trendmicro.com

e. To learn more about MX records, see About MX Records and Trend Micro Email
Security.

f. Click Verify to verify the inbound servers you added.

The message "Inbound servers verified" appears if the inbound server verification
is successful.

g. Type an email address next to Send test message to to verify that messages
are being delivered from Trend Micro Email Security.

12. In the Outbound Servers section, complete the following configurations:

. If your domain has SPF records, make sure the following record is also included:

spf.tmes.trendmicro.com

For details on adding SPF records, see Adding SPF Records.

a. Click Verify.

b. Route your outbound mail server to the following Trend Micro Email Security MTA
for your region:

▪ North America, Latin America and Asia Pacific:


<company_identifier>.relay.tmes.trendmicro.com

▪ Europe, the Middle East and Africa:


<company_identifier>.relay.tmes.trendmicro.eu

▪ Australia and New Zealand:


<company_identifier>.relay.tmes-anz.trendmicro.com

▪ Japan:
<company_identifier>.relay.tmems-jp.trendmicro.com

▪ Singapore:
<company_identifier>.relay.tmes-sg.trendmicro.com
Adding SPF Records
Sender Policy Framework (SPF) is an open standard to prevent sender address forgery. An SPF
record is a type of Domain Name Service (DNS) record that identifies which mail servers are
permitted to send email messages on behalf of your domain. The purpose of an SPF record is to
prevent spammers from sending messages with forged addresses at your domain.

1. Access your DNS hosting provider's website.

2. Edit the existing SPF record or create a new TXT record for SPF.

If you have an SPF record for your domain, add required values to the current record
for Trend Micro. For example, change the following TXT record:
v=spf1 ip4:x.x.x.x include:spf.example.com ~all
Into:
v=spf1 ip4:x.x.x.x include:spf.tmes.trendmicro.com include:spf.example.com
~all
Important:
A domain cannot have more than one TXT record for SPF. If your domain has more than
one SPF record, a message delivery or spam classification issue may occur.

You might also like