Netskope Help

Configure Netskope SMTP Proxy with Gmail

When you configure Netskope SMTP Proxy with Gmail, all outgoing emails from Gmail are sent to Netskope SMTP Proxy for policy evaluation.

The configuration involves the following steps,

Configure the Gmail server and the upstream MTA in the Netskope tenant
  1. In the Netskope tenant UI, navigate to Settings > Security Cloud Platform > Mail Relay and click SMTP.

  2. In the SMTP page, click Google Gmail and then click Edit in the Google Gmail section.

  3. In the Edit Google Gmail Settings dialog box, copy the Netskope domain name under Previous Hop to a notepad. You will require this domain name when configuring Netskope SMTP Proxy in Google Admin console.

  4. In the Netskope section, specify the Gmail domains under Domain.

    Warning

    Configure each of your MAIL FROM domains. A failure to do this will end up in the email being rejected.

    For information on finding the domain in the Google Admin console, see Finding the Gmail domain in the Google Admin console.

    smtp-_proxy-gmail-settings_.png
  5. In the Next Hop section, specify the IP/FQDN as smtp-relay.gmail.com and Port as 587. Click Save.

Finding the Gmail domain in the Google Admin console
  1. Log into the Google Admin console and click the main menu google_admin_main_menu.png to view the left pane.

  2. Select Directory and click on Organizational units. The domain names are displayed under Manage organizational units. For example, if the organization unit name is Emailskope then specify the domain name as emailskope.com.

Configure Netskope SMTP Proxy in Google admin center
  1. Log into the Google Admin console and click Apps > Google Workspace > Gmail.

  2. On the Settings for Gmail page, click Hosts to define the host that Gmail will use to connect to the Netskope SMTP Proxy.

  3. Under Hosts click Add Route.

  4. In the Add mail route dialog box, specify the host name and paste the Netskope domain name you copied from the Netskope tenant.

    gmail_add_host.png
  5. Click Test TLS connection to verify that the connection to the host was successful. Click Save.

Configure content compliance to send traffic from Gmail to Netskope
  1. On the Settings for Gmail page, click Advanced settings.

  2. On the General Settings page, go to the Compliance section.

  3. Mouseover Content compliance and click Add Another to add a new entry.

  4. In the Add setting dialog box, set the following:

    1. Under step 1, Email messages to affect, select Outbound.

    2. Under step 2, Add expressions that describe the content you want to search for in each message,

      1. Click Add to add a new expression and select Advanced content match.

      2. Under Location, select Full header and under Match type, select Not contains text.

      3. Enter the following content, x-netskope-inspected. Click Save.

    3. Under step 3, If the above expressions match, do the following, select Change route and select the Netskope host from the drop-down list.

      gmail_add_compliance_settings_1.png
    4. In the Encryption (onward delivery only) section of step 3, select Require secure transport (TLS).

    5. Click Show options and under step B. Account types to affect, select Users, Groups and, Unrecognized / Catch-all.

      gmail_add_compliance_setting_2.png
    6. Click Add Setting.