Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Moving a client from stack to stack on proofpoint

            Created by Yves Lacombe, Modified on Thu, 12 Jan 2023 at 04:30 PM by Yves Lacombe

            Who is this for:


            MSP partners that have clients on multiple stacks that would prefer having everyting grouped up in a single stack.


            Caveats:


            We can move most things from stack to another, except for the quarantine contents and mail archives.  So this process should only be used with clients that don't have an archive.  And it does require our intervention.


            Future:


            Proofpoint does plan on going stackless at some point in the future.



            Process of moving a client from stack to stack, in a nutshell



            Destination stack = US4
            Source stack = US1

            Lets say the domain is called widget.com.


            1. We extract the user WL/BL from US1 into a .json file 

            2. We setup widget.com on nospam.vircom.com as a temporary spam filter in preperation for the swap [nospam.vircom.com is a mail filtering cluster we use with vircom clients who don't necessarily want to go with proofpoint, we use it as temporary filter since there's normally downtime during a procedure like this.  This is a temporary mail flow maintenance method]

            3. On the client's O365 tenant or exchange (firewall), make sure it can accept mail from nospam.vircom.com's IPs (telnet test should reveal this)

            4. We make sure that nospam.vircom.com is in client's SPF records, and also o365 itself and exchange IP (if on prem)

            5. We need to temporarily configure office365/exchange to send mail out directly to the internet instead of proofpoint.

            6. We get the client to switch their mail traffic from mx1-us1.ppe-hosted+mx2-us1.ppe-hosted.com to use nospam.vircom.com instead, temporarily

            7. We wait till mail flow is established (say, 24 hours)

            8. We set the original tenant on US1 as a management domain instead of relayed domain (widget.com)

            9. We create the company on US4 as a relayed domain and get it verified (TXT record added to verify the domain)

            10. We setup the azure sync on US4 (office365) or AD Sync (exchange) and populate widget.com on  US4.

            11. We import the user WL/BL from the .json file taken originally on US1 into US4

            12. telnet test to mx1-us1.ppe-hosted.com on port 25 to see if proofpoint ready to relay mail inbound again (via US4 this time)

            13. Once confirmed, we change the mx record back for the client from nospam.vircom.com mx1/mx2-us1.ppe-hosted.com.

            14. We configure office365/exchange to point back to proofpoint for outbound mail traffic.

            15. At this point, client is live on new stack.  You can still manually release content from the old stack

            16. After a few days, disable client on US1.

            That's pretty much it.

            So we use nospam.vircom.com as a temporary solution to prevent mail flow interruption in between.




            Preview
            0 of 0