FAQ
User FAQ
Q1: What kind of solution is SHIELD Mail?
SHIELD Mail is a solution that manages document security attached to corporate emails. It provides various security features such as conversion between DRM documents and Microsoft AIP documents, decryption, and document access control.
Q2: What are the main features of SHIELD Mail?
The main features of SHIELD Mail are as follows:
- Attachment File Format Conversion (DRM ↔ AIP)
- Multi-Domain Support
- Conditional Policy-Based Security Management
- Decryption of attached files
- Real-time Monitoring through Dashboards
Q3: Can I download SHIELD Mail logs?
Yes, it is possible.
- In the left menu**[Log]**Select a menu.
- Set the period to view at the top (1 week, 6 months, 1 year, custom period).
- top right corner of the screengear iconClick to displayLog Column ItemsYou can select. (For example: event name, processing result, attachment name, etc.)
- In the search box,Search based on sender/receiver onlyYou can do it. (Other conditions can be checked through column settings)
- After setting the conditions**[Download] buttonWhen you click, the logs that match the selected criteria willCSV File Format**is exported.
CSV files can be opened and analyzed in spreadsheet programs like Excel, and they can be useful for security audits or root cause analysis.
example :
- If you want to check the "list of emails received on August 1, 2025," specify the query period to that date and download it as a CSV.
- in Excel thereafterFiltering based on the Received Date columnor,Set event name and processing result as conditionsYou can check only the necessary logs.
Domain Settings and Mail Relay
Q4: What does 'relay' mean in SHIELD Mail?
In SHIELD Mail, 'relay' refers to the process of sending emails externally through SHIELD Mail from the customer's mail server. Security policies for attachments are applied during this process.
Q5: What are the prerequisites for setting up a relay?
The following conditions are required for relay settings:
- Use of Registered Customer's Domain
- Pre-registering the mail server that delivers mail to SHIELD Mail
- Specify the IP or server name (helo/ehlo) of the mail server.
Q6: Can I use wildcard format when registering a mail server?
Yes, the mail server registration supports wildcard format. For example, when registering a Microsoft 365 server, you can specify it in the format of *.outbound.protection.outlook.com.
Q7: Where do I register domain information?
Domain information is registered in the domainInfo setting of the S365 Built-in profile. It is configured in the following JSON format.
[
{
"domain": "domain.com",
"from": [
"*.outbound.protection.outlook.com"
],
"to": [],
"alias": [],
"desc": "도메인에 대한 메일 라우팅 설정"
}
]
Q8: What should be entered in the "from" field of the mail sending server to be converted?
Enter the information of the sending mail server that forwards mail to SHIELD Mail in the "from" field. You can specify an IP address or server name (wildcard format supported).
Q9: What is the purpose of the "to" field in the mail sending server after conversion?
The "to" field specifies the receiving mail server to which SHIELD Mail can deliver processed mail. A 1:1 mapping between the domain and the receiving mail server is required.
Q10: Can multiple domains be set up?
SHIELD Mail supports multi-domain. Independent mail routing and policy settings are possible for each domain.
Setting Security Policies
Q11: Can security policies be applied to specific recipients only?
In the 'Conditions' setting of the conditional policy, you can specify certain domains or email addresses to selectively apply the policy.
Q12: Can different policies be applied based on the type of attachment?
In conditional policies, you can set different enforcement policies based on the type of attachment (general documents, DRM encrypted documents, AIP documents, etc.).
Q13: Can I automatically encrypt attachments in outgoing emails?
You can automatically encrypt attachments of emails that meet specific conditions (e.g., external domain recipients) using the 'Send after document conversion' option in the execution policy with DRM or AIP.
Problem Solving
Q14: After setting up the relay, emails are not being sent. What should I do?
Please check the following:
- Check if the domain information registered in domainInfo is accurate.
- Check if the server information specified in the field matches the actual mail server.
- Check the error messages in the SHIELD Mail logs.
- Check if the connection to SHIELD Mail is allowed in the firewall or network settings.
Q15: The policy is not being applied as configured. What should I do?
Please check the following:
- Check the priority setting of the policy. (When multiple policies conflict, the policy with the higher priority is applied.)
- Checking if the condition settings are correct.
- Review the processing status and logs on the dashboard.
- Contact the administrator if necessary.
Q16: Are there any precautions to take when setting up a wildcard domain?
When setting up a wildcard domain, please pay attention to the following:
- A wildcard (*) replaces only one level. (For example, *.example.com matches sub.example.com but does not match sub.sub.example.com)
- Setting overly broad wildcards can pose security risks, so limit them to the necessary scope.
- After setting up the wildcard, verify through testing whether it operates as intended.
Q17: Mail delivery fails because it is registered with Spamhaus. What should I do?
in the following order**Check → Exception Registration → Identity Consistency → Authentication (SPF/DKIM/DMARC)**Check __PH_0__.
1) Check Spamhaus registration status and request removal
- Registration Confirmation:https://check.spamhaus.org/
- Release Guide (Reference):https://nem0.tistory.com/86
2) Registering Spam Exceptions (Allow) on the Receiving Mail Server
- Microsoft 365: https://sender.office.com
3) Check EHLO/HELO related settings of SHIELD Mail
-
EHLO/HELOManaging Mail Server Information Through __PH_0__
- The sending mail server name is validated by checking if the IP obtained through DNS matches the IP of the connection.
-
Registering Mail Server Information for SHIELD Mail
- SHIELD Mail config map settings
- key name: SENDER_HOSTNAME
SENDER_HOSTNAME=shieldmail-sender.security365.com
- key name: SENDER_HOSTNAME
- SHIELD Mail config.yaml configuration
- sender.hostname
sender:
hostname: shieldmail-sender.security365.com
- sender.hostname
- SHIELD Mail config map settings
-
Check DNS Settings
- Register the SHIELD Mail server IP used when the domain registered in SENDER_HOSTNAME goes out to the DNS.
> nslookup shieldmail-sender.security365.com
서버: xxx.xxx.xxx.xxx
Address: yyy.yyy.yyy.yyy
권한 없는 응답:
이름: shieldmail-sender.security365.com
Address: 52.141.61.195 -
Verification through the SMTP protocol (Displayed only in debug mode)
- Check EHLO information through SHIELD Mail SMTP service logs.
connected to mx=MX-SERVER:25
220 OSA0EPF000000CA.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Tue, 26 Aug 2025
EHLO shieldmail-sender.security365.com
...
4) Registering the customer's SPF (Sender Policy Framework) with the SHIELD Mail server
-
What is SPF?
- **SPF(Sender Policy Framework)**is a technology that authenticates only the allowed mail servers (IP or host) from the sending domain to prevent spam/phishing emails.
- The receiving server checks the SPF policy registered in the sender's DNS records to determine whether the email was sent from an allowed server.
-
Registration Procedure
-
Accessing the DNS Management Console
- The domain currently in use by the client.DNS Management PageAccess (for example, domain registrars, cloud DNS, etc.).
-
Check SPF Record
- already
TXTCheck if an SPF record of the type is registered. v=spf1If there is a record starting withadditionalmust do.- If not, you need to register a new one.
- already
-
-
Add / Modify SPF Record
-
Description of Key Elements:
v=spf1: SPF version displayinclude:: Allowed mail sending server domainip4:orip6:: Used when registering the server IP directly~all: Other emails sent from the server are processed as "SoftFail" (rejectable)
-
Writing Example:
-
Using Google Workspace and an in-house mail server simultaneously:
v=spf1 include:_spf.google.com include:mail.softcamp.co.kr ~all -
When allowing only specific IPs:
v=spf1 ip4:203.0.113.10 ip4:203.0.113.11 ~all
-
-
-
Application Confirmation
-
After the DNS propagation time (usually a few minutes to a few hours), check whether SPF is applied using the following tools.
- MXToolbox SPF Check
nslookup -type=txt yourdomain.comCommand
-
-
Cautions
- **Only one SPF record can be registered per domain.**It is possible.
- A certification error occurs when duplicate registration is attempted, so be sure toIntegrate everything into a single recordmust do.
- The maximum length of an SPF record string is 255 characters, so if it becomes too long, it can be difficult to manage.
-all(instead of hard fail)~allIt is recommended to use (soft fail). If set too strictly, normal emails may also be blocked.
- **Only one SPF record can be registered per domain.**It is possible.
Q18: An "NDR" occurred when sending the email. What is NDR?
NDR (Non-Delivery Report) refers to an error message that is sent back to the sender when an email that was sent cannot be delivered to the recipient.
NDR is typically generated in the following cases:
- Recipient address error- When the email address does not exist
- Mail Server Issues- When the target server is down or access is restricted
- Spam/Security Policy Blocked- If rejected due to SPF, DKIM, DMARC policy violations, or the security policy of the receiving server
- Mailbox Capacity Exceeded- When the recipient's mailbox is full
Response Methods
- Check the error code of the NDR message to identify the cause.
- If there is an address error, please check the recipient's email address again.
- If it is a policy block, check the SPF/DKIM/DMARC settings and the security policies of the receiving server.
- If there is a server failure, please resend or contact the administrator.