Office 365 inbound mail configuration:

When using the EveryCloud email filtering service with Office 365, you will need to ensure that you only accept protocol connections from EveryCloud's service ranges or spammers will still be able to send email directly to your Office 365 mail environment, bypassing your MX records. Here's how to lock down Office 365 Exchange Online.

 

You cannot define an inbound receive connector (connection filter) that will allow only connections from EveryCloud’s IP ranges, as EveryCloud has a /20 range within its delivery ranges and Office 365 receive connectors have a limitation, in that they will only allow connections from /24 ranges to /32 ranges. You must therefore create a Transport rule instead. 


Rule 1 Overview:


  1. Deny all email
  2. Create an exception to allow from EveryCloud Technologies IP ranges
  3. Create an exception to allow mail sent from your Office 365 mailboxes (Inside the organization)
  4. Create an exception for Calendaring Message types


Method:


  1. Click on ‘Mail Flow’  
  2. Click on ‘Rules’  
  3. Click on ‘+’ to create a new rule
  4. Give your Rule a Name for example. “EveryCloud Filter rule”
  5. Click on 'More options  


  6. Apply this rule if ' = [Apply to all messages]
  7. Do the following'  = 'Reject the message with explanation… (then define an explanation, For example   ' Email bypassed MX records'
  8. Except If…The sender is located… select  “inside the organisation”
    1. This will cover all internal communications.
  9. Or        The Message Type is…  select  “Calendaring”
    1. This will cover all Calendar activities(acceptance/ tentative etc) from mobile and external sources.
  10. Or        Sender’s IP address is in the range…  input the IP address corresponding to your chosen datacentre from here
    1. This will allow mail from Our IP addresses.

Confirm “Choose a mode for this rule:” is set to “Enforce”

Click 'Save'

 

The completed rule should look like this:




Rule 2 Overview:


  1. If mail is from any of our IP address only.
  2. Bypass inbuilt spam filtering.


Method:


  1. Click on ‘Mail Flow’
  2. Click on ‘Rules’
  3. Click on ‘+’ to create a new rule
  4.   Give your Rule a Name for example. “Bypass Office365Filtering”
  5. Apply this rule if ' = Sender’s IP address is in the range… input the IP address corresponding to your chosen datacentre from here
  6.   Do the following'  Modify the message properties.. then Set the spam confidence level (SCL)  and set it to  ' Bypass spam filtering'.


Confirm “Choose a mode for this rule:” is set to “Enforce”

Click 'Save'


The completed rule should look like this: 

Note:  the IP addresses listed here may be different depending on your geographic location.

 

Office 365 Is now configured for inbound mail from EveryCloud.


Control Panel Configuration


Method:


Login to the Control panel

  1. Click on ‘Email’ tab
  2. Complete the “Destination IP/ Hostname and input the unique office 365 generated MX records under your customers IP/Host-name within the ‘Setup-> Domains -> “Domain name”’ screen, for example “your-domain-tld.mail.protection.outlook.com”.
  3. Activate outbound relay by inputting a Dummy IP of 1.1.1.1 and save. IP 1.1.1.1  is simply a place holder which activates the ability to send outbound through your account from Office 365.


We maintain a full list of office 365 sending address in our backend database: Office 365's active sending ranges are available to view here.




The Control Panel Is now configured for Office 365.


Office 365 Outbound mail configuration:

We recommend that you also configure Office 365to route all outbound emails through EveryCloud servers. This is done with a simple Connector. 


Connector Overview:


  1. Create a connection to the Partner Organisation
  2. Validate
  3. Test


Method:


  1. Click on ‘Mail Flow’
  2. Click on ‘connectors’
  3. Click on ‘+’ to create a new rule
  4. From: should be “Office 365”
  5. To: should be “Partner Organisation”
  6.   Click Next


  7. Give your Connector a Name for example. “EveryCloud outbound”
  8. Give your Connector a Description for example. “Route all outbound traffic to EveryCloud”
  9.   Tick “Turn it on”


  10. Choose 'Only when email messages are sent to these domains'. Enter a wildcard which is denoted as * [asterisk] and also make sure to put *.com
    (Due to a current Microsoft bug on validation [March 2018], you may enter a 2nd entry of the domain name that you will use for validating this rule. As a wildcard is already in place, this additional domain will not cause any issues if there are no other connectors listing this domain.)
  11. Click Next.  
  12. Choose the option: 'Route email through these smart-hosts'
  13. Click on ‘+’ option
  14. nter the smarthost corresponding to your chosen datacentre from here.
  15. Click “Save”



  16. Click "Next”
    Then next option is not mandatory, but if you would like to ensure that all messages 

    sent outbound through EveryCloud Technologies smarthost are sent via TLS please leave this 

    window as the default option as below.


  17. Click“ Next 
    You will then be presented with a summary of the scenario

      
  18. Click "Next”
    You will be presented with a validate connector window
     
     
     

  19. Click on ‘+’ 
  20. Enter an external email address in the next dialogue box.
  21. Click "OK”

  22. Click "Validate



Office 365 will validate the connector and attempt to send a test message though the EveryCloud Technologies smarthost.

Confirm a successful validation result and click "Save”.  (If there are any errors please review your settings and contact support if you require assistance.)



Office 365 Is now configured for outbound mail from EveryCloud.