Enable and Configure the Drop-Off Portal
The Workspaces Drop-Off portal allows employees and partners to send files to internal users, with no attachment limits. The transfer of the email and attachments is encrypted and secure. The Drop-Off portal is configured at the Site level on the Web tab.
A Workspaces license is consumed for each Drop-off portal message no matter how many recipients the message has.
A Workspaces license is not consumed on replies.
A Workspaces license is not consumed on Send Portal messages.
You can avoid Workspaces licenses being consumed by the Drop-off portal by disabling the Drop-off portal. It is not enabled by default.
When someone uses the drop-off portal, that "someone" becomes a "Workspaces owner." This is because behind the scenes, a temporary, anonymous account is created to host the Workspace, thus consuming a license (assigned to that account). A folder, named with the Subject line of the email, appears under the anonymous folder in the VFS. Once the Workspace expires, the anonymous account is also removed, and the license is released to the pool.
-
For additional security, you can configure Google's reCAPTCHA on the Site, as described below.
-
You will need to add Google's domain to the Content-Security-Policy (CSP) header for reCAPTCHA to work. Refer to https://kb.globalscape.com/KnowledgebaseArticle11435.aspx for details.
-
Instruct Workspaces users that they must complete the CAPTCHA before they attempt to attach files to the portal. Otherwise, the files won't attach.
-
In the administration interface, connect to EFT and click the Server tab.
-
On the Server tab, click the Site you want to configure.
-
On the Web tab, next to Drop-Offportal, click Configure. The File drop-off dialog box appears.
-
Select the Enable anonymous drop-off check box. This requires the HTTPS port to be configured and available.
-
Specify a portal reserved path if you want something different from the default (/dropoff). The hostname:port are configured in the File Send dialog box.
-
(Optional) To use captcha, select the EnableCAPTCHA check box.
-
Specify whether to use Standard CAPTCHA or Google reCAPTCHA. reCATCHA verification requires outbound firewall rules to allow egress traffic over HTTPS.
-
If you click Google reCAPTCHA, refer to the reCAPTCHA procedure below, then specify the following keys:
-
In the Site Key box, paste the Google Site Key.
-
In the Secret Key box, paste the Google Secret Key.
-
In the Expire pick-up links after boxes, specify the number of Days, Weeks, Months, or Years before a pick-up link expires. Be aware that using the Drop-Off portal consumes a Workspaces license, which is not released until the link expires. The default expiration is 1 month.
-
(Optional) Specify the Maximum message size. If the Maximum message size check box is not selected, the maximum message size is 3 GB. Knowledgebase article #11389 describes an advanced property that you can use to set the maximum anonymous uploads size in GB. If the MaxAnonymousAllUploadsSizeInGB advance property is set to a value that is LESS than Maximum message size in the File drop-off dialog box, an error occurs stating that the file is too large.
-
Specify the Secure the message body setting: Always secure, Never secure, or User Choice. User Choice is the default.
-
(Optional) Specify whether to allow users to enter a To email address.
-
If you are allowing users to enter a To email address, specify which domains are allowed (e.g., *.mycompany.com, *.mypartner.com). If you leave the box blank, you have an "open-relay" server, which is not recommended. Suggested domains include your organizational domain(s) and other necessary domains.
-
In the Address Book, add one or more addresses and aliases that will appear in the To field.
-
The Alias that you define in the address book will appear in the To box in the Drop-Off portal. Having the alias avoids leaving the complete email address exposed. This is useful in cases such as if you are mailing a PDF form to multiple clients who might not want you to share their email address with everyone.
-
Click OK, then click apply on the Web tab.
If the Drop-Off portal is enabled, and Google reCAPTCHA is enabled, a prompt appears. You will need to add Google's domain(s) to the Content-Security-Policy (CSP) header for reCAPTCHA to work. Refer to https://kb.globalscape.com/KnowledgebaseArticle11435.aspx in the Globalscape Knowledgebase for instructions.
To configure reCAPTCHA for the Drop-Off portal
-
If you want to enable CAPTCHA, before you enable and configure the Drop-Off portal, go to https://www.google.com/recaptcha/admin and log in to your Google account.
-
Click reCAPTCHA v2. The Domains box appears.
-
In the Domains box, type one or domains (Sites) that are to use reCAPTCHA.
-
Select the Terms of Service check box.
-
Click Register. The keys appear.
-
Save the Site key and Secret key. You will need these to configure the Drop-Off portal in EFT if you are enabling CAPTCHA.