A Trend Micro Integration Guide I November 2017

» This guide provides the steps necessary to configure Google Gmail to work

with Trend Micro™ Hosted Email Security.

Integrating Trend Micro

Hosted Email Security

with Google Gmail

TABLE OF CONTENTS

Introduction 3

How Hosted Email Security Works 4

5

8

Redirecting Your MX Record to Hosted Email Security

Configuring Hosted Email Security to Forward Inbound Email to Google Apps

Configuring Google Apps to Accept Inbound Email from Hosted Email Security

Testing the Message Route

9

12

12 Scanning Outbound Email from Google Apps

Page 2 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Gmail

INTRODUCTION

This guide provides the steps necessary to configure Google Gmail to work with Trend

Micro™ Hosted Email Security (HES).

Summary

Trend Micro Hosted Email Security is a no-maintenance solution that delivers continuously

updated protection to stop spam, malware, spear-phishing, and advanced targeted attacks

before they reach your network. It protects Microsoft Exchange, Microsoft Office 365, Google

Apps Gmail, and other hosted and on-premises email solutions.

Unlike traditional self-hosted email solutions where a simple cable could be moved in order to

add a layer of protection, cloud-based solutions require a different approach. This guide

highlights step-by-step instructions on integration of Trend Micro HES with Google

Gmail. It assumes a functioning Gmail deployment.

Why You Need Hosted Email Security

Email is mission critical, but the volume of spam and email-based malware is growing. At the

same time, other critical projects and tasks consume time in the administration of a network.

However, email security maintenance should not be neglected. Doing so will lead to a decline

in your email protection and spam-blocking effectiveness.

Hosted Email Security is a no-maintenance-required solution that delivers continuously-

updated protection to stop spam and email-based malware before they reach your network.

Page 3 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail

HOW HOSTED EMAIL SECURITY WORKS

Architecture

The figure below shows the flow of messaging traffic from the Internet, through the HES

servers, and then to the Google Apps Mail servers.

Figure 1. Hosted Email Security Architecture

The processes HES performs are explained further in this list:

1. The originating mail server performs a DNS lookup to determine the location of the

example.com domain. The Mail Exchange (MX) record for example.com holds the

IP address of HES instead of the original IP address for example.com, since HES

must intercept your company’s email before delivery

2.

3.

The originating mail server routes the mail to HES

HES servers accept the message and perform message filtering and policy

matching on your behalf

4. Assuming a message is slated for delivery according to its security policy or validity

status, the HES servers route the message to the Google Apps Mail servers

Page 4 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail

REDIRECTING YOUR MX RECORD TO HOSTED EMAIL SECURITY

In order for Hosted Email Security to scan emails bound for your domain, you must update your MX records to deliver email to the Trend Micro servers.

If you manage your own DNS, you can manually redirect your MX record. If your DNS is managed by a third-party or ISP, either they can do this for you or they may have a simple web

interface allowing you to make the change yourself.

After making the modifications to the MX record, Hosted Email Security becomes the point of entry of mails for your domain. After the DNS record modifications take effect (up to 48 hours),

all inbound email traffic is routed to Hosted Email Security.

Below are the MX records for Hosted Email Security:

Note: The Welcome Email you received during the registration process will specify which MX record to use.

To redirect your MX Record:

1.

2.

Check your Hosted Email Security Welcome Email, which contains the specific MX

Record information

Update your MX Record through one of the following ways:

-

-

Through a Support Technician: If you are unsure how to configure the MX records for

your domain, contact your Internet Service Provider's (ISP) helpdesk or your Domain

Name Service (DNS) technician for assistance. If your DNS is managed by a third-party

or ISP, either they can do this for you or they may have a simple web interface allowing

you to make the change yourself. It can take up to 48 hours for any changes to

propagate throughout the system

Manual Configuration: If you manage your own DNS, you can manually edit your MX

record (this applies to self-managed, smaller accounts). This document will list the

known steps to update the MX Records for a few of the commonly used providers as

reference

Go Daddy

1. Log into your account at godaddy.com

2. Open the Domains tab and select My Domain Names. You'll be directed to the Manage

Domains page

3. Click the domain that you would like to use

Page 5 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail

For subscribers in Europe, the Middle East, and Africa (EMEA), please use in.hes.trendmicro.eu

For subscribers in other regions, please use in.hes.trendmicro.com

4.

5.

6.

7.

Click the Total DNS Control and MX Records in the box entitled Total DNS Control

Clear all existing MX Records by clicking Delete

Click OK in the confirmation dialogue box

Once you've deleted all existing records, click Add New MX Record. The MX (Mail

Exchangers) Record Wizard will appear

8. For each MX Record, enter the following information: Supply the MX record information following the information from the Hosted Email

Security welcome email

a. Priority Value: type the priority value

b. Enter a Host Name: leave the default setting to @

c. Select TTL Value: set the default Time to Live (TTL) value to 1 Week

(This will appear as 604800 seconds within the DNS system. This means that it will require one week for your MX records to propagate. For future updates to your records,

we suggest you enter a shorter time span for the TTL, such as 1 day or 1 hour.)

Enter Goes To Address: type the Hosted Email Security address, including the trailing dots at the end of each record.

Click Continue

9. Click Add to confirm each entry. The DNS Manager main page will reappear when

you've finished

Network Solutions

1. Log into your account at networksolutions.com

2. Click Edit DNS under DNS Settings. The Edit DNS page will appear. If you have not

previously edited DNS entries for your domain name, you may need to select Custom

DNS Setting

3. Under the DNS Manager - Advanced Tools panel, click Continue. The DNS Manager

- Advanced Tools page will appear

4.

5.

6.

Under the Mail Servers panel, click Add/Edit. The Mail Servers table will appear

Remove any existing MX records by checking the box next to Delete

Within the Mail Servers table, supply the MX record information following the

information from the Hosted Email Security welcome email

Page 6 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail

Enom

1. Log into your account at www.enom.com

2. From the Domains drop-down menu, select My Domains. You will see a list of domains

associated with your account

3.

4.

Click the domain name that you would like to use

From the Domain Control Panel, select Email Settings from the Manage Domain

drop-down list on the right side of the screen. This opens the Edit Email Settings page

5.

6.

7.

In the Service Selection drop-down list near the top of the page, select User (MX)

Click the new row button to add rows

For each MX Record, supply the MX record information following the information from the Hosted Email Security welcome email

8. Click the Save button in the lower-right corner of the screen

DreamHost

1.

2.

3.

4.

Log into your account at www.dreamhost.com

Click Mail on the left side and select MX from the drop-down menu

Click Edit next to the domain you will be using

Under Custom MX Records, delete the existing MX record, and supply the MX record

information following the information from the Hosted Email Security welcome email

5. Click Update your custom MX records now

Yahoo! Small Business

1. Log into your account at smallbusiness.yahoo.com

2. Click Domain Control Panel below the domain you'd like to use with the message

security service

3.

4.

5.

6.

Click Manage Advanced DNS Settings

Click Change MX Records

Clear all existing MX records

Supply the MX record information following the information from the Hosted Email

Security welcome email

7. Click Submit

Page 7 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail

CONFIGURING HOSTED EMAIL SECURITY TO FORWARD INBOUND EMAIL

TO GOOGLE APPS

After Hosted Email Security is set up, you must activate the domains to be used, and set up

Hosted Email Security to forward emails to the Google Apps Gmail servers.

1.

2.

3.

4.

Log into the Hosted Email Security console

Click on Domains > Add

Enter the domain name and seats assigned for the domain to be routed

In the Inbound Servers field, enter the FQDN of the Google Mail servers provided to you by Google. In the Google Apps Admin console, this is listed under Apps > G Suite >

Gmail > Advanced Settings > General Settings > MX Records

5. Click Save

Page 8 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail

There are several MX records for load balancing. Click the + icon to add additional MX records

CONFIGURING GOOGLE APPS TO ACCEPT INBOUND EMAIL FROM

HOSTED EMAIL SECURITY

Google Apps Mail Servers will only accept connections from authorized mail servers. Follow the

steps below to configure Google Apps to accept incoming email connections from Trend Micro’s

Hosted Email Security servers.

Page 9 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail

2. Go to Apps > Google Apps > Gmail > Advanced settings

1. Log into the Google Apps Admin Console

Page 10 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail

3. Scroll down to the Inbound gateway settings:

Page 11 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail

4. Add setting to inbound gateway:

Note:

a). The IP Addresses for Hosted Email Security are listed in KB Article:

http://esupport.trendmicro.com/solution/en-US/1055066.aspx

b). Check the box “Reject all mail not from gateway IPs”. This will ensure that all incoming email

is scanned by Hosted Email Security before it is forwarded to Google Apps.

TESTING THE MESSAGE ROUTE

After configuring the inbound email route, verify that it is set up properly by doing the following:

1. Test the message route by sending messages from another email service provider (for example, Yahoo or Gmail) to a recipient in your domain. If you receive the message from the

other email service provider, the DNS MX record is configured correctly

2. Search for the message in the Mail Tracking logs of Hosted Email Security

a. Login to the Hosted Email Security console

b. Click on Logs > Mail Tracking

c. In the Direction dropdown list, select Incoming

d. Enter the message details used in the test email

e. If the message passed through, the details will be displayed in the Mail Tracking

logs. It will also indicate where the message was delivered

SCANNING OUTBOUND EMAIL FROM GOOGLE APPS

Configure your Hosted Email Security Settings

1. Configure the corresponding inbound settings in Trend Micro HES to route emails sent

to your domain to Google Apps Gmail.

a. Log into the HES main page

b. From the above column click on the following:

i. Domains

ii. Special domain name

c. Check the checkbox for Enable outbound protection

d. Select checkbox for Google G Suite

Page 12 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail

e. Click save

Configure Google Apps Settings

1. Log into you Google Apps administrator center account

a. Go to Apps > G Suite > Gmail > Advanced settings > General Setting > Outbound

gateway

b. In Outbound gateway field, add the Fully Qualified Domain Name (FQDN) for

the purpose of relay messages to this Hosted Email Security MTA. This FQDN is

located in the welcome email (sent to the administrator after you have completed

Hosted Email Security activation process).

(http://docs.trendmicro.com/en-us/hes/gsg/activation_finalizing.html)

c. Click save

About Trend Micro

Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital

information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated

threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Trend Micro’s flexible solutions, available in multiple form factors, are

supported 24/7 by threat intelligence experts around the globe. A transnational company, with headquarters in Tokyo,

Trend Micro’s trusted security solutions are sold through its business partners worldwide. Please visit

www.trendmicro.com.

Legal Notice: Trend Micro licenses this service in accordance with terms and conditions set forth in the License Agreement provided at the time of service registration. If you wish to review the License Agreement prior to purchase,

visit: www.trendmicro.com/license.

©2017 by Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, and Smart Protection

Network are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names

may be trademarks or registered trademarks of their owners. Information contained in this document is subject to change

without notice.

Page 13 of 13 | Trend Micro Integration Guide Integrating Hosted Email Security with Google Apps Gmail