Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Messages > True source IP detection
True source IP detection
Administrator Help | TRITON AP-EMAIL | Version 8.2.x
True Source IP detection uses message header information and the number of network hops to an email appliance to determine the IP address of the first sender outside the network perimeter. This feature allows Connection Control techniques (such as real-time blacklists and reputation checks) to be applied effectively to sender information, even when the appliance is downstream from a firewall or an internal mail relay.
You define direct relays and network edge locations to determine whether True Source IP detection is performed. A direct relay is the network device that connects directly to the email appliance. All mail from a direct relay device is subject to True Source IP Detection. A network edge is the network device that connects directly to the Internet (e.g., a firewall).
If your subscription includes the Email Hybrid Module, you can use True Source IP detection with email hybrid service analysis. An Email Hybrid Service IP Group is created based on information entered during a successful Email Hybrid Module registration. The IP group appears in the direct relay IP address list on the Settings > Inbound/Outbound > True Source IP page. Although this IP group cannot be edited directly, its content is modified whenever you change an email hybrid service IP address (Settings > Hybrid Service > Hybrid Configuration).
* 
Note 
If Email Hybrid Module registration is not successful, the Email Hybrid Service IP Group is empty.
Mark the Use True Source IP Detection with email hybrid service analysis check box to enable True Source IP detection with hybrid service and display the Email Hybrid Service IP Group in the direct relay IP address list. The Email Hybrid Service IP Group does not appear if the check box is not marked.
Configure your direct relay and all network edge devices in the Settings > Inbound/Outbound > True Source IP page as follows:
1.
Click Add to open the Add Direct Relay IP Address/IP Group page.
2.
Enter the IP address for the direct relay device to the email appliance, or specify the IP group you would like to use for your direct relay.
By default, the direct relay hop number is 1, because it is the closest network device to the email appliance.
* 
Important 
The IP address or group that you enter here must not already be defined in the Trusted IP Addresses group (Settings > Inbound/Outbound > IP Groups) or appear in the connection control Allow Access List (Settings > Inbound/Outbound > Connection Control).
3.
Enter header text you want to match for true source IP detection in the Check header entry field.
If this field is empty, the message Received field is analyzed for the true source IP.
4.
Click Add Network Edge to add the network edge device IP address and hop number to the email appliance.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Messages > True source IP detection
Copyright 2016 Forcepoint LLC. All rights reserved.