Views:
After adding a domain, perform required configurations to finish provisioning the domain. On the Domains screen, any domain missing required configurations is in the Configuration required status, and a red exclamation mark will be shown next to the field that requires your operation or reports any problem. You can hover over the exclamation mark to view the detailed error message.
After you finish all required operations, the status of the domain will change from Configuration required into Completed.

Procedure

  1. In the General section, verify your domain.
    1. Add the TXT record provided on the console to your domain's DNS configuration to prove that you own the domain.
    2. Click Verify.
      The message Domain verified appears if the domain verification is successful.
    If your domain does not pass verification, the built-in policy rule "Global Anti-Virus Rule (Enforced on Unverified Domains)" will be forcibly applied to incoming messages sent to the domain.
    If you have difficulty adding the TXT record, you can add an MX record for your domain instead:
    Add an MX record for the Cloud Email Gateway Protection server with the highest preference value.
    • North America, Latin America and Asia Pacific:
      <your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
      <your_domain> MX preference = 32767, mail exchanger = <company_identifier>.in.tmes.trendmicro.com
    • Europe and Africa:
      <your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
      <your_domain> MX preference = 32767, mail exchanger = <company_identifier>.in.tmes.trendmicro.eu
    • Australia and New Zealand:
      <your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
      <your_domain> MX preference = 32767, mail exchanger = <company_identifier>.in.tmes-anz.trendmicro.com
    • Japan:
      <your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
      <your_domain> MX preference = 32767, mail exchanger = <company_identifier>.in.tmems-jp.trendmicro.com
    • Singapore:
      <your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
      <your_domain> MX preference = 32767, mail exchanger = <company_identifier>.in.tmes-sg.trendmicro.com
    • India:
      <your_domain> MX preference = 20, mail exchanger =<your_domain_mta>
      <your_domain> MX preference = 32767, mail exchanger =<company_identifier>.in.tmes-in.trendmicro.com
    • Middle East (UAE):
      <your_domain> MX preference = 20, mail exchanger =<your_domain_mta>
      <your_domain> MX preference = 32767, mail exchanger =<company_identifier>.in.tmes-uae.trendmicro.com
    Note
    Note
    In the preceding MX record, the second preference value 32767 is only used as an example. When setting the second preference value, make sure it is larger than the first preference value, which means this route has lower priority than the first one.
    To learn more about MX records, see About mx records and Cloud Email Gateway Protection.
    Tip
    Tip
    DNS propagation can take up to 48 hours. The status of the domain you are adding does not change until DNS propagation is complete. During this period, do not turn off any on-premises security. While waiting for DNS propagation, you can use the administrator console to customize the domain settings for features such as Policy, Recipient Filter, Sender Filter, Policy Objects, BEC, and IP Reputation.
    If the domain stays as unverified for more than 48 hours, confirm that the TXT record or MX record for the domain is correct.
    • For Linux, run one of the following commands:
      dig txt <domain_name>
      dig mx <domain_name>
    • For Windows, run one of the following commands:
      nslookup -q=txt <domain_name>
      nslookup -q=mx <domain_name>
  2. In the Inbound Servers section, complete the following configurations:
    1. Configure your firewall to accept email messages from the following Cloud Email Gateway Protection IP addresses or CIDR blocks:
      • North America, Latin America and Asia Pacific:
        18.208.22.64/26
        18.208.22.128/25
        18.188.9.192/26
        18.188.239.128/26
      • Europe and Africa:
        18.185.115.0/25
        18.185.115.128/26
        34.253.238.128/26
        34.253.238.192/26
      • Australia and New Zealand:
        13.238.202.0/25
        13.238.202.128/26
      • Japan:
        18.176.203.128/26
        18.176.203.192/26
        18.177.156.0/26
        18.177.156.64/26
        15.168.56.0/25
        15.168.49.64/26
        15.168.56.128/26
      • Singapore:
        13.213.174.128/25
        13.213.220.0/26
      • India:
        3.110.59.128/25
        3.110.71.192/26
      • Middle East (UAE):
        3.29.202.0/25
        3.29.194.192/26
      Note
      Note
      If you are using a third-party IP reputation service, add the preceding Cloud Email Gateway Protection IP addresses or CIDR blocks to the approved list of the IP reputation service, or disable the third-party service and enable Cloud Email Gateway Protection to perform IP reputation-based filtering for you.
    2. Click Test Connection.
    3. Point the MX record of your domain to the Cloud Email Gateway Protection server with the lowest preference value.
      • North America, Latin America and Asia Pacific:
        <your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
        <your_domain> MX preference = 10, mail exchanger = <company_identifier>.in.tmes.trendmicro.com
      • Europe and Africa:
        <your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
        <your_domain> MX preference = 10, mail exchanger = <company_identifier>.in.tmes.trendmicro.eu
      • Australia and New Zealand:
        <your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
        <your_domain> MX preference = 10, mail exchanger = <company_identifier>.in.tmes-anz.trendmicro.com
      • Japan:
        <your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
        <your_domain> MX preference = 10, mail exchanger = <company_identifier>.in.tmems-jp.trendmicro.com
      • Singapore:
        <your_domain> MX preference = 20, mail exchanger = <your_domain_mta>
        <your_domain> MX preference = 10, mail exchanger = <company_identifier>.in.tmes-sg.trendmicro.com
      • India:
        <your_domain> MX preference = 20, mail exchanger =<your_domain_mta>
        <your_domain> MX preference = 10, mail exchanger =<company_identifier>.in.tmes-in.trendmicro.com
      • Middle East (UAE):
        <your_domain> MX preference = 20, mail exchanger =<your_domain_mta>
        <your_domain> MX preference = 10, mail exchanger =<company_identifier>.in.tmes-uae.trendmicro.com
      To learn more about MX records, see About mx records and Cloud Email Gateway Protection.
    4. Click Verify to verify the inbound servers you added.
      The message Inbound servers verified appears if the inbound server verification is successful.
    5. Type an email address next to Send test message to to verify that messages are being delivered from Cloud Email Gateway Protection.
  3. In the Outbound Servers section, complete the following configurations:
    1. If your domain has SPF records, make sure the SPF record under the Outbound Servers section is also included.
      For details about adding SPF records, see Adding SPF records.
    2. Click Verify.
    3. Route your outbound mail server to the following Cloud Email Gateway Protection MTA for your region:
      • North America, Latin America and Asia Pacific:
        <company_identifier>.relay.tmes.trendmicro.com
      • Europe and Africa:
        <company_identifier>.relay.tmes.trendmicro.eu
      • Australia and New Zealand:
        <company_identifier>.relay.tmes-anz.trendmicro.com
      • Japan:
        <company_identifier>.relay.tmems-jp.trendmicro.com
      • Singapore:
        <company_identifier>.relay.tmes-sg.trendmicro.com
      • India:
        <company_identifier>.relay.tmes-in.trendmicro.com
      • Middle East (UAE):
        <company_identifier>.relay.tmes-uae.trendmicro.com
  4. If you currently use Office 365, configure Office 365 connectors to allow email traffic to or from Cloud Email Gateway Protection MTAs.