Share via

Office 365 Mailflow with an onpremise secure email server

Mads Schack Kahl 1 Reputation point
2021-02-06T14:24:41.82+00:00

Hello

Im haveing some trouble creating a mailflow where mail incoming and outgoing have to go through our onpremise secure email server (To decrypt or encrypt the mail) before delivering it to our Office 365 mailboxes.

So we need mail to mx to Office 365. Office 365 than handles the EOP (spamfilter etc.), sents it to our on premise server . Our on premise server then sents it back to Office 365 and it gets delivered in our mailboxes.

The outgoing flow would be Office 365 sents the mail to our onpremise server, and our onpremise server than sents it to internet/mx.

I have created a flow with 3 connectors and 2 transport rules. But this flow i flawed because of OOF messages and mailbox forwarding rules.

Does anybody know a good way to achieve this mailflow?

Incoming: MX -> Office 365 (spamfilter) -> OnPremise Server -> Office 365 (Mailbox delivery)
Outgoing: Office 365 (Mailbox sent) -> OnPremise Server -> MX/Internet

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,182 questions
Exchange | Exchange Server | Management
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JayceYang 1,571 Reputation points Moderator
    2021-02-08T02:59:58.417+00:00

    Is the onpremise secure email server Exchange server? If yes, we could configure hybrid deployment and enable centralized mail transport. You could refer to Scenario 2: MX record points to Microsoft 365 or Office 365 and mail is filtered on-premises
    https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-mail-flow-for-multiple-locations#scenario-2-mx-record-points-to-microsoft-365-or-office-365-and-mail-is-filtered-on-premises

    If not, we could create connector to achieve outgoing mailflow: Outgoing: Office 365 (Mailbox sent) -> OnPremise Server -> MX/Internet.
    But cannot achieve incoming mail flow completely Incoming: MX -> Office 365 (spamfilter) -> OnPremise Server -> Office 365 (Mailbox delivery)

    How did you configure the connectors and rules? And what issue did you get now?

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Mads Schack Kahl 1 Reputation point
    2021-02-10T18:14:26.367+00:00

    Hello @JayceYang

    No the onpremise secure email server is not Exchange server so the hybrid option is not possible.

    I have created 3 connectors.

    Incoming To Postfix (Office 365 to Partner)
    Rule based with delivery to our external IP.
    Rule: Received from 'Outside the organization' send the mail to connector "Incoming To Postfix"
    Description: This rule catches all mail send from outside the organziation and sends it to our OnPremise server. (Incoming to Office 365)

    Outgoing to MTA (Office 365 to Partner)
    Rule based with delivery to our external IP.
    Rule: Received from 'Inside the organization' send the mail to connector "Outgoing to MTA"
    Description: This rule catches all mail send from the Office 365 organziation and sends it to our OnPremise server. (Outgoing to Internet)

    Incoming To Office 365 (Partner to Office 365)
    Description: Receives mails from our external IP.

    This pretty much handles the flow, but I feel like its complicated.. and there are two issues.

    1. If you enable a forwarding on a mailbox the mail is send directly to the internet and if i remember correcly it was received direcly in Office 365 ignoring the rules aswell.
    2. OOF messages is also not hitting our rules and are direclty send out on the internet.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.