Data Loss Prevention Cloud Service for Email

Expand all | Collapse all

550 5.7.1 Domain not authorized in forwarding mode

  • 1.  550 5.7.1 Domain not authorized in forwarding mode

    Posted 07-29-2020 09:23 AM
    How can be resolved the error "550 5.7.1 Domain not authorized" for the emails sent from MS365 to Cloud Detection Service for Email?
    We need to use Forwarding mode in order to use the PBE add-on of the Email Security .cloud service.
    The emails are accepted and everything is fine directly to Email Security .cloud 



    Thank you!

    ------------------------------
    Information Security Consultant
    Romania
    ------------------------------


  • 2.  RE: 550 5.7.1 Domain not authorized in forwarding mode

    Broadcom Employee
    Posted 07-30-2020 12:50 PM
    Hiya.

    Please confirm your Cloud Service was originally setup to use ESS (Email Security.cloud). And then I would check this KB:
    Emails rejected by DLP Cloud Service when sending messages from new domains

    Domains need to be added to the ESS portal, and then they will be updated on the Cloud Service side afterward.

    Cheers,
    Stephen

    ------------------------------
    Global Support Lead, DLP
    Broadcom, Symantec Enterprise Division
    ------------------------------



  • 3.  RE: 550 5.7.1 Domain not authorized in forwarding mode

    Posted 07-30-2020 03:57 PM
    Hi Stephen

    Thank you for your response.

    At the time I configured the Cloud Detection Service, the Email Security .cloud Domains section was not completly configured. There was a problem also, resolved by the support team. The domain was stucked in „propagating" state. In the configuration steps I specified the correct ClientNet ID of the Email Security .cloud service. 

    Now, the domain is activated in Email Security .cloud and receive emails from the configured domain when addressed from O365 directly.
    Our intention is to trigger the PBE policy by a content-aware DLP policy configured in the on-premise DLP. So I need the Cloud Detection Service before Email Security .cloud in the email flow.
    I have to underline that the Cloud Detection Service for Email was ordered separate from the Email Security .cloud service order, as a Standalone service.

    Your specified article mentioned an "original provisioning form". I do not find the domain to be whitelisted in the provisioning form. How do I contact the support team who is able to whitelist the required domain (of the company who bought the product) in this cloud service? I tried to contact a support team but no chance/response for more weeks.
    As I mentioned, we need to use the forwarding mode and I don't have the interface to make it on my own.

    Thank you,
    Sorin









  • 4.  RE: 550 5.7.1 Domain not authorized in forwarding mode

    Broadcom Employee
    Posted 07-30-2020 08:53 PM
    Thanks Sorin.

    Does your ClientNet portal have the following displayed for your setup?
    The DLP Cloud Service


    If not, then you should definitely open a support case. With DLP Cloud Service. We will ask the Order Fulfillment Team to get that fixed.

    If it is there already, we may still need a case - troubleshooting setup and other details. We would need to verify config outside of this more public forum!

    Thanks,
    Stephen

    ------------------------------
    Global Support Lead, DLP
    Broadcom, Symantec Enterprise Division
    ------------------------------



  • 5.  RE: 550 5.7.1 Domain not authorized in forwarding mode

    Posted 07-30-2020 11:52 PM
    Helo Stephen

    My ClientNet portal doesn't have that option.
    I choosed the O365 option from the 2 available options, because our emails are hosted on MS servers.

    The errors are reported from the Cloud Detection Service for Email FQDN server so I understand the issue is reported to Cloud Detection Service for Email service.
    The Email Security .cloud support team tell me they can't help me with this problem.

    Where should I get this errors fixed? I have opened support cases at Cloud Detection Service for Email support but no feedback.

    Thank you,
    Sorin









  • 6.  RE: 550 5.7.1 Domain not authorized in forwarding mode

    Broadcom Employee
    Posted 07-31-2020 03:35 PM
    Thanks Sorin.

    Without the DLP Cloud Service add on listed in Client Net - your ESS account is not integrated with the DLP Cloud Service. Thus, no messages through DLP are possible.

    Sidebar: by "MS" you seem to mean on-premise Microsoft exchange?
    We need to verify your setup.

    Please open a case with DLP Cloud Service for Email, and when you do, please message me privately with that case number - I will see to it that one of my colleagues or I can help!


    ------------------------------
    Global Support Lead, DLP
    Broadcom, Symantec Enterprise Division
    ------------------------------