Skip to main content

Netskope Help

Configure Netskope SMTP Proxy with a Custom MSA

When you configure Netskope SMTP Proxy with a custom mail submission agent (MSA), all outgoing emails from the custom MSA are sent to Netskope SMTP Proxy for policy evaluation. You can create up to 3 custom MSAs.

To configure a custom MSA for Netskope SMTP Proxy:

  1. In the Netskope UI, go to Settings > Security Cloud Platform > SMTP.

  2. Click + and +Create a custom MSA.

  3. In the Edit New Custom MSA window:

    • Create MSA Name: Enter a name for the custom MSA. Policies, alerting, and incidents refer to this name when an event occurs.

    • Set Key and Value for Each Domain: (Optional) Select to set a unique tenant verification and key-value pair for each domain.

    • Set Next Hop for Each Domain: (Optional) Select to enter a unique next hop for each domain.

    • Domain: Enter and verify the domain you want to use for email processing. You can enter a domain, subdomain, or a wildcard domain (e.g., abc.com, cde.abc.com, and *.abc.com). Click +Add to add multiple domains.

    • Tenant Verification (Optional): Enter a key and value as a verification method for the email traffic if the emails have a mail server (MSA) specific key-value pair.

    • Next Hop: Enter the IP address/FQDN and port of the upstream MTA where you want the emails to be routed.

    • Source IP Allowlist (Optional): Enter the mail server egress IP addresses you want to allow and bypass Netskope. You can enter /24 CIDR subnets or smaller as well as individual IP addresses. Click +Add to add up to 12 IP subnets or IP addresses.

    The Edit New Custom MSA window in SMTP.
  4. Click Save.

After creating a custom MSA, you can create Real-time Protection policies to secure your outbound emails with DLP.