Configuring the Inbound Gateway

Configuring the Inbound Gateway requires changes to an organization's own DNS and email infrastructure, as well as enabling the Gateway inside your Coro workspace. This section describes the steps required.

Changes required in your DNS and email service

To set up the Coro Inbound Gateway to protect your incoming emails, you must perform some configuration steps in your email and DNS services before you can configure your Coro workspace. You need to:

• Obtain all prerequisites .
• Set up your original email provider to recognize Coro as the gateway for inbound email .
• Update your email domain DNS settings , mapping your highest priority mail exchanger (MX) record to Coro's Inbound Gateway server IP address.

Prerequisites

Before you begin, make sure you have the following information:

• IP address(es) of Coro’s Inbound Gateway email proxy service. Contact Coro Support for details.
• MX record details for Coro’s Inbound Gateway email proxy service. Contact Coro Support for details.
• The identity of your email service provider
• Your email domain

Setting Coro as an inbound gateway with the original email provider

Coro can be configured with the following email providers:

• Gmail
• Microsoft 365
• Other third party MTA

Gmail

1. Sign into Google Workspace Admin with your administrator credentials.
2. In the Admin console, go to Menu > Apps > Google Workspace > Gmail > Spam, Phishing and Malware .
3. In the left pane, select your top-level organization.
4. Locate the Inbound gateway setting and select Edit . The Inbound gateway dialog appears.
5. Specify the IP address(es) of the Coro Inbound Gateway and select Save .

Microsoft 365

1. Sign into your Microsoft Exchange Admin console with your administrator credentials.
2. Go to Mail flow > Connectors .
3. Select + Add a connector . The new connector dialog appears.
4. Add a name describing the incoming mail connection. For example, “SMTP server connection”.
5. Set the Mail flow scenario as:
   • From : Your organization’s email server
   • To : Office 365 (Microsoft 365)
6. Set the sent email identity as having originated from the Coro Inbound Gateway IP address. Then, select the radio button to add this address into the IP address field. Select Save to save your changes.
7. Make sure the connector status is set to On .

Next, make sure to add Coro's Inbound Gateway IP address(es) to your organization's Microsoft 365 anti-spam threat policy:

1. Sign into your Microsoft Security Admin console with your administrator credentials.
2. Go to Email & collaboration > Policies & rules .
3. Select Threat policies .
4. From the Policies section, select Anti-spam .
5. Select Connection filter policy .
6. In the policy settings pane, select Edit connection filter policy .
7. In Always allow messages from the following IP addresses or address range , add Coro's Inbound Gateway IP address(es).
8. Select Save .

Other third party MTA

Coro can support other third party message transfer agents (MTAs) that are capable of receiving emails from an inbound email proxy gateway, skipping SPF/DMARC and similar checks. Coro recommends contacting the support team for your MTA to clarify what settings should be applied. For further assistance, contact Coro Support.

Updating email domain DNS settings

To enable Coro to analyze incoming emails, add Coro’s Inbound Gateway server address as a highest-priority MX record in your DNS settings.

This section provides general configuration advice for most scenarios, and specific guides for:

• Microsoft 365
• Google Domains Service

General configuration and failover protection

To enhance service stability and provide a level of failover, Coro recommends retaining your organization's original MX records in your DNS but configured as lower priority than the Coro Inbound Gateway MX record. By keeping your original DNS records, any interruptions to the availability of the Coro service mean that emails are sent instead to servers defined in lower-priority MX records (the default behavior of SMTP).

MX record priority is determined by the lowest number applied. In other words, an MX record priority value of 10 is treated as higher priority than a value of 20.

Keep a note of your original MX records as these are required for configuration in the Coro console later.

Microsoft 365 MX records

To configure MX records in Microsoft 365:

1. Sign into the Exchange Admin console with administrator credentials.
2. Go to Home > Settings > Domains > [YOUR EMAIL DOMAIN] .
3. Select the DNS records tab.
4. In the Microsoft Exchange section, locate the MX record entry:

   

5. Select the record to view the MX record dialog.
6. Make a note of the current MX record. For example, “mycompany-mail.protection.outlook.com”. Retain this for later configuration.
7. Add a new entry for the Coro Inbound Gateway MX record:

   note

   Exchange Admin might give validation warnings or errors regarding the new MX record not matching expected values. You can safely ignore this.

8. Select Done to close the dialog.

Google Domains Service

To configure MX records in Google Domains Service (for organizations who registered their domains using Google DNS):

1. Sign into Google Domains Service ( https://domains.google.com/ ) with your administrator credentials.
2. Select your domain, then select Manage :

   

3. Select DNS .
4. Make a note of the current MX records for later configuration.
5. (Recommended) Back up the current DNS settings as a precaution by selecting Export DNS records .
6. Set Type as “MX” and add a Data entry corresponding to the Coro Inbound Gateway MX record address.
7. Make sure to add the Coro Inbound Gateway address with the lowest priority number (giving it highest priority in the list). Other servers in the list should be the original Google servers:

   

8. Select Save .
9. If Google asks for confirmation for overriding the existing configuration, select Yes .
10. Verify and re-add missing records such as SPF if you find this was overridden by these changes. To do this, select Create new record > SPF , add the required data, then select Save :

    

Changes required within your Coro workspace

After you have configured your DNS and email services, enable the Inbound Gateway in your Coro workspace. This process takes place inside the Coro console.

Before you begin this procedure, make sure you have the following information:

• Your email domain name
• The list of MX records associated with the domain

To enable the Coro Inbound Gateway:

1. Sign into your Coro workspace.
2. On the Actionboard , select Control Panel at the top of the Email Security dashboard panel:

   

   Alternatively, select Email Security from the main Control Panel:

   

3. Coro displays the Email Security configuration page:

   

4. Select the Inbound Gateway tab:

   

5. Select ADD DOMAIN :

   

   The Add domain to inbound proxy dialog is displayed.

6. Enter the following settings:
   • Enter domain name : Specify the domain for your email service.
   • Relay SMTP Proxy : Enter the list of MX domains to which emails are forwarded by the Coro Proxy. For each entry, use the drop-down list to select port 25 (or the port number relevant to your settings).

   

   Select ADD to save your settings and close the dialog.

7. On the main Inbound Gateway tab, verify the proxy connection by selecting Test from the 3-dot menu adjacent to your new domain entry:

   

8. In the Test Proxy dialog, specify a valid email address at your domain in the Mail to field, then select Send Test Email :

   

   A confirmation message is displayed:

   

9. Locate and open the received test email, then select the enclosed link to confirm delivery. If the email was not received, check your spam folder. Also, double-check the Relay SMTP Proxy settings or contact Coro Support for further assistance.

   If the test is successful, the domain's Test Status field is updated to reflect this.

   Configuration of the Inbound Gateway is now complete.