SMTP Discovery Management
Situation | You want to configure and understand SMTP Discovery, or are unable to use LDAP and need to configure SMTP Discovery instead. |
---|---|
Solution |
Configure SMTP Discovery as noted below. See the table of setting descriptions to understand what each option does. This article contains information about:
|
At Proofpoint Essentials we continue to recommend LDAP (Active Directory) or Azure as the preferred option for adding new user accounts. It is the most accurate and requires minimal on-going management (set and forget) as it automatically updates itself per the selected sync cycle.
SMTP Discovery will be disabled if LDAP or Azures sync cycle is set to anything but never.
Where LDAP is not possible, please configure the following options for SMTP Discovery. Choosing the SMTP Discovery method to add customer accounts will require a certain amount of on-going management attention and administration to ensure accounts are up to date and license balances are accurate.
About SMTP Discovery
The SMTP discovery feature allows Proofpoint Essentials to auto-discover new users during the message filtering process. When a message is received by Proofpoint, a recipient verification request is sent to the delivery destination (i.e., messaging server) associated with the registered domain. If Proofpoint receives a successful response the message is sent and the user is identified as a discovered user. If Proofpoint receives a rejection (user does not exist) then we reject the message.
Another way to provision users to the service is with SMTP Discovery. When enabled, SMTP Discovery allows email to be relayed to non-licensed users. Users become licensed-users when one of the following occurs:
- Manually added within a span of 3 weeks.
- A specified number of valid messages are received for that unique address.
- One valid message has been sent outbound from your email server via the Proofpoint Essentials platform.
An administrator can change the SMTP Discovery settings.
SMTP Discovery settings
To make this process more manageable for you, we have added the ability for partners to set the following specifications:
- Choose what Proofpoint Essentials should do with newly discovered addresses.
- Decide how we should manage these new addresses for you.
- Stipulate what notifications we should send.
Please configure these new options for your entire user-base or on a per-customer basis and make the changes as soon as possible. The new settings will not take effect until the options are fully configured, otherwise the current SMTP settings will remain active or the defaults will become activated.
The SMTP Discovery process executes 4 times a day, so you may see some delay in discovered addresses appearing in the interface.
Enable SMTP Discovery
In the left side menu, navigate to Administration > Account Management > Features > Enable SMTP Discovery.
Make sure to press Save after checking.
CONFIGURE SMTP DISCOVERY SETTINGS
Under Account Management, click SMTP Discovery.
Configuration Settings
Option | Description | Recommended Setting |
---|---|---|
Default New User Role |
End user: An end user can receive the quarantine digest (if enabled) and can login to the Proofpoint Essentials user interface. Silent-user: A silent user can receive the quarantine digest (if enabled) but has no login rights to the Proofpoint Essentials user interface. |
No recommendation |
Inbound Detection Threshold |
The number of clean emails that need to be delivered to the email address in a 30-day period in order to be identified as a discovered user. Quarantined emails do not count. |
3 - default |
How many times would you like to be notified about an address before it expires? |
The number of notifications (in weeks) that need to be sent before the discovered user expires. |
3 (weeks) - default |
Expired Addresses Default to New User |
If SMTP discovery is not managed by the administrator, this setting will automatically convert a discovered user to an active user. |
We recommend this setting remain disabled. If enabled it may lead to new account creation and impact customer billing. |
Auto-add Detected Alias Addresses |
Will attempt to identify alias addresses and automatically associate them to the primary user account. For example, firstname.lastname@domain2.com may be detected as being an alias for firstname.lastname@domain1.com. |
We recommend this setting be enabled. Please be advised that only simple aliases can be detected. |
Auto-add New Users Detected via Outbound |
Will create a new user account for any outbound emails that originate from the customer's IP address where the sender is not registered. |
We recommend this setting remain disabled. If enabled it may lead to new account creation and impact customer billing. |
Report on New Users |
Will send a weekly report that includes all users who were created in the previous week. |
We recommend this setting be enabled especially if you have the auto-add functions on. |
Report On New Aliases |
Will send a weekly report that includes all aliases that were created in the previous week. |
We recommend this setting be enabled. |
Include Admin Contact in the Report |
SMTP discovery reports are sent to the account's Tech Contact. Checking this option will include the accounts Admin Contact. |
We recommend this setting be enabled if your Tech Contact and Admin Contact are different. |
After adjusting the settings as desired, click Save at the bottom of the page.
SMTP Discovery will be disabled if LDAP or Azure sync is enabled; Sync Frequency set to anything but Never.
3rd Party Apps Sending through Proofpoint may create many users in SMTP Discovery. If you are using 3rd party apps to send out through Proofpoint, we recommend making sure that Auto-add is turned off.
Manage SMTP Discovery
After this is all configured, the Tech Contact and possibly Admin Contact will receive the SMTP Discovery report email.
SMTP Discovery Report emails are sent every Thursday morning.
Whoever administrates the user base needs to follow the below steps in order to properly convert the email addresses from the discovered list to the appropriate list they want.
MANAGE DISCOVERED ACCOUNTS
From here you will be able to email addresses viewed as newly discovered that have met the inbound threshold limit.
If this process is not followed...
What happens if the notifications are ignored?
Depending on your set-up, any discovered email address that is not converted to the User or Functional Account state will be marked as an Invalid Account after your notification limit. This will result in rejected mail giving an NDR of marked as invalid. If this feature is utilized, it will require periodic inspection to make sure valid email accounts are not accidentally rolled into an invalid account status.
To correct an invalid account, simply add the user manually as an End/Silent User or Functional Account within the domain.
To View A List Of Discovered Accounts:
- Go to User Management > SMTP Discovery
- From the drop down menu, make sure you select: Discovered List
To Create A New User Account From A Discovered User:
- Check the checkbox next to the discovered users you wish to manage.
- Click Select and choose Create User Account.
- Update the Firstname and Surname values for each account selected.
- Click Apply.
To Create A New Functional Account From A Discovered User:
- Check the checkbox next to the discovered users you wish to manage.
- Click Select and choose Create Functional Account.
- Click Apply.
To Mark A Discovered User As Invalid:
- Check the checkbox next to the discovered users you wish to manage.
- Click Select and choose Mark as Invalid Account.
- Click Apply.
To Create An Alias From A Discovered User:
- Check the checkbox next to the discovered user you wish to manage.
- Begin typing in the Or Add as Alias text field the primary email address or name of the user you wish to associate the alias to.
- Click Select and choose Create User Account.
- Click Apply.
To View A List Of Marked Invalid Accounts:
- Ensure you are in the SMTP Discovery
- From the drop down menu, select: Marked Invalid List
How to remove a user marked as invalid
- View the Marked Invalid List
- Check the box next to the address(es) to remove.
- From the drop down, select: Remove From Invalid List
- Click Apply
An email removed from the invalid list does not automatically appear in the discovered list.
You will need to manually create the address per our standard process. See this KB: How To Add & Manage Users
Notifications
- For a full listing of Notifications, please see this Notifications KB.
By design, the Technical Contact set in the Account Profile will receive the SMTP Discovery report. The additional setting can also include the Administrator Contact. The contact needs to take into consideration the items in the report in some manner.
/index01.php?mod_id=10&mod_option=s_user&e_id=2014402