Inbound email for Zoho Mail

This topic explains how to set up Zoho Mail to route inbound email through Sophos Gateway.

Requirements

Before you start, make sure you meet the following requirements:

• You have access to Sophos Central.
• You have administrator access to Zoho Mail.
• You have administrator access to your public-facing DNS server and can update DNS records.
• You know your Zoho Mail MX hostname (for example, mx.zoho.com).

Configure inbound routing

To configure Sophos Gateway to handle inbound email from Zoho Mail, do as follows:

1. Sign in to Sophos Central.

2. Click the General Settings icon , scroll down to the Email Domain Setup section, and click Gateway Domain Settings/Status.

   Tip

   Alternatively, go to My Products > Email Security > Settings. Under Email Domain Setup, click Gateway Domain Settings/Status.

   Gateway Domains settings/status opens with a list of your domains.

3. Click Set up email gateway settings.

4. Enter your domain name and click Verify Domain Ownership.

5. Copy the TXT value shown in the Verify Domain Ownership dialog.

   This value is specific to your domain.

6. On your public-facing DNS server, add the TXT record, and save your changes.

7. In Sophos Central, click Verify after the DNS record update has taken effect.

   When the correct TXT value has taken effect, you see a confirmation message.

   If verification fails, check that the TXT value is correct and try again.

8. In Direction, select Inbound Only.

9. In Inbound Destination, select Mail Host.

10. In FQDN, enter mx.zoho.com or your specific regional Zoho MX hostname.

    Tip

    To check your regional Zoho Mail MX hostname, sign in to the Zoho Mail Admin Console and go to Mail Settings > Tools and Configurations > Configurations > MX.

11. Set Port to 25.

12. Click Save.

Copy Sophos MX records and delivery IPs

Copy the required Sophos MX records and delivery IP addresses. You'll need these values when configuring the inbound gateway in Zoho Mail.

To do this, do as follows:

1. In Gateway Domain Settings/Status, click Configure External Dependencies.

2. On the Inbound Settings tab, copy the Sophos MX records for your region and the Sophos delivery IP addresses. Save these values in a text editor.

   The Sophos delivery IP addresses are as follows:

   • 18.220.12.142
   • 18.216.7.10
   • 103.246.251.128/26

3. Click Close.

Configure inbound gateway for Zoho Mail

Configure Zoho Mail to accept inbound email from Sophos Gateway.

To do this, do as follows:

1. Sign in to the Zoho Mail Admin Console.
2. Go to Mail Settings > Email Routing > Inbound Gateway.
3. Add the Sophos delivery IP addresses you copied earlier.

4. Leave Reject non-inbound gateway emails unchecked until your MX record changes have taken effect.

   Warning

   If you select Reject non-inbound gateway emails, your server accepts mail only from the specified Sophos IP addresses. Turn this on only after you've confirmed that mail flow is working, so you don't reject legitimate messages. See Verify inbound mail flow.

5. Save the configuration.

Update your public DNS

Update your domain's MX records at your public-facing DNS server to point to the Sophos MX records that you copied earlier.

After updating your MX records, allow time for the changes to take effect.

Verify inbound mail flow

Verify that inbound mail flows through Sophos Gateway.

To do this, do as follows:

1. Send a test email from an address outside your Zoho domain.
2. In Sophos Central, go to Email Security > Reports.
3. Confirm that the message appears in Message History.

4. Go to My Products > Email Security > Dashboard and you should see the following activities:

   • The Inbound Statistics widget shows data.
   • The Inbound Activity Summary widget shows traffic.

When you confirm that inbound mail flow is working, you can turn on Reject non-inbound gateway emails in the Zoho Mail Admin Console. To do this, go to Mail Settings > Email Routing > Inbound Gateway.

You've now configured inbound mail routing from Zoho Mail through Sophos Gateway.