Data Loss Prevention

  • Private Community

  • 1.  What are the configuration steps required to integrate Symantec DLP Network Prevent for Email with Proofpoint protection server?

    Posted Jul 05, 2018 09:32 AM

    We have a network environment where all the emails will be monitored by Proof point email protection. Now, we are planning to integrate the Symantec DLP network prevent for Email with Proofpoint in forward mode.

    Forward Mode: Exchange server 2016 --> Network prevent for Email (v15.0) --> Proofpoint Protection Server (v8).

    Issue:

    Network prevent for email is able to receive the mails from Exchange server through port 10025 (it works perfect). But the issue we are facing is that Email prevent is not able to send the mail to proofpoint (we are able to telnet the proofpoint from Email prevent through port 25).  Could anyone please let me know what configuration needs to be done on Email prevent and also in proofpoint. Its very urgent.

    Error:

    05/Jul/18:16:22:30:403+0300 [INFO] (SMTP_CONNECTION.1201) Connection accepted (tid=27 cid=ffd50483-fdfc-4b95-95dc-cb9b155ef515 local=<Email Prevent IP>:10025 remote=<Exchange IP>:20181)
    05/Jul/18:16:22:39:268+0300 [SEVERE] (SMTP_CONNECTION.5203) Forward connection error (tid=2b cid=0fe1e60e-4370-42f9-b26b-8f7d2798835a mta=<proofpoint IP> reason=null)
    05/Jul/18:16:22:39:268+0300 [SEVERE] (SMTP_CONNECTION.5210) All forward hosts unavailable (tid=2b cid=<> reason=No available forward hosts)
    05/Jul/18:16:22:39:268+0300 [INFO] (SMTP_CONNECTION.1205) Service connection closed (tid=2b cid=0fe1e60e-4370-42f9-b26b-8f7d2798835a local=<Email Prevent IP>:10025 remote=<Exchange IP>:20139 messages=0 time=40.04s)

     



  • 2.  RE: What are the configuration steps required to integrate Symantec DLP Network Prevent for Email with Proofpoint protection server?

    Posted Jul 07, 2018 02:07 AM

    Hi,

    Can you verify that the MTAResubmitPort value is actually set to 25 in the Advanced Server Settings of Network Prevent for Email Server ?



  • 3.  RE: What are the configuration steps required to integrate Symantec DLP Network Prevent for Email with Proofpoint protection server?

    Posted Jul 08, 2018 01:53 AM

    Hi Muhammad,

    Yes, I rechecked it. The MTAResubmitPort value has been set to 25 only.



  • 4.  RE: What are the configuration steps required to integrate Symantec DLP Network Prevent for Email with Proofpoint protection server?
    Best Answer

    Trusted Advisor
    Posted Jul 11, 2018 01:45 PM

    Siva,

    I would make sure to set BOTH of these settings to port 25, it is the standard port for email communication and will make life easier in the long run.

    RequestProcessor.ServerSocketPort = 25

    RequestProcessor.MTAResubmitPort = 25

    Also the issue might be a TLS issue.. 

    You may want to disable the TLS connection string:

    RequestProcessor.AllowExtensions - Remove the STARTTLS string at the end of the setting.

    Also make sure that the proofpoint server is ALLOWING connections from the DLP server IP, sometimes it is configured to ONLY accept connections from the Exchnage server for security.

    Once you have made the change, recycle the DLP Server Services.

    Then try to connect to the EMAIL PREVENT SERVER via telnet on Port 25, you should get a hello from the Proofpoint server. 

    Good Luck,

    Ronak

    PLEASE MARKED SOLVED WHEN POSSIBLE



  • 5.  RE: What are the configuration steps required to integrate Symantec DLP Network Prevent for Email with Proofpoint protection server?

    Posted Jul 12, 2018 02:05 AM

    Thank you so much Ronak.

    After removing the STARTTLS the issue has been fixed. And also I have created a static policy route in Proofpoint as well to accept the connection from Email Prevent server.