Office 365 inbound mail configuration:

When using the EveryCloud email filtering service with Office 365, you will need to ensure that you only accept protocol connections from EveryCloud's service ranges or spammers will still be able to send email directly to your Office 365 mail environment, bypassing your MX records. Here's how to lock down Office 365 Exchange Online.

 

You cannot define an inbound receive connector (connection filter) that will allow only connections from EveryCloud’s IP ranges, as EveryCloud has a /20 range within its delivery ranges and Office 365 receive connectors have a limitation, in that they will only allow connections from /24 ranges to /32 ranges. You must therefore create a Transport rule instead. 


Rule 1 Overview:

**Please wait at least 48 hours after changing your MX-records before enabling this rule.**

  1. Deny all email
  2. Create an exception to allow from EveryCloud Technologies IP ranges
  3. Create an exception to allow mail sent from your Office 365 mailboxes (Inside the organization)
  4. Create an exception for Calendaring Message types


Method:


Login to Office 365 with admin permissions, click the app launcher icon in the upper-left and then click Admin.  Choose ... Show All and select Exchange under Admin centers.

  1. Click on ‘Mail Flow’  
  2. Click on ‘Rules’  
  3. Click on ‘+’ to create a new rule
  4. Give your Rule a Name for example. “EveryCloud Filter rule”
  5. Click on 'More options  


  6. Apply this rule if... = [Apply to all messages]
  7. Do the following...  = 'Block the message... and 'reject the message and include an explanation' (then define an explanation, For example  'Email bypassed MX records'
  8. Except If… Add exception> The sender… select  'is external/internal' select 'inside the organization'
    1. This will cover all internal communications.
  9. Add exception>  The Message properties...  select 'include the message type' select 'Calendaring' 
    1. This will cover all Calendar activities(acceptance/ tentative etc) from mobile and external sources.
  10. Add exception>  The sender… select 'IP address is in any of these ranges or exactly matches' (then input the IP ranges corresponding to your chosen datacentre from here)
    1. This will allow mail from Our IP addresses.


Confirm “Choose a mode for this rule:” is set to “Enforce”

Click 'Save'

 

The completed rule should look like this: 

Note:  the IP addresses listed here may be different depending on your geographic location.






Rule 2 Overview:


  1. If mail is from any of our IP address only.
  2. Bypass inbuilt spam filtering.


Method:


Login to Office 365 with admin permissions, click the app launcher icon in the upper-left and then click Admin.  Choose ... Show All and select Exchange under Admin centers.

  1. Click on ‘Mail Flow’
  2. Click on ‘Rules’
  3. Click on ‘+’ to create a new rule
  4. Give your Rule a Name for example. “Bypass Office365 Filtering”
  5. Click on ‘More options’
  6. Apply this rule if... = 'IP address is in any of these ranges or exactly matches' (then input the IP ranges corresponding to your chosen datacentre from here)
  7. Do the following... = 'Modify the message properties...' then 'set the spam confidence level (SCL)' and set it to ' Bypass spam filtering'.


Confirm “Choose a mode for this rule:” is set to “Enforce”

Click 'Save'


The completed rule should look like this: 

Note:  the IP addresses listed here may be different depending on your geographic location.


 

Office 365 Is now configured for inbound mail from EveryCloud.



Control Panel Configuration


Method:


Login to the Control panel

  1. Click on ‘Email’ tab
  2. Complete the “Destination IP/ Hostname and input the unique office 365 generated MX records under your customers IP/Host-name within the ‘Setup-> Domains -> “Domain name”’ screen, for example “your-domain-tld.mail.protection.outlook.com”.
  3. Activate outbound relay by inputting a Dummy IP of 1.1.1.1 and save. IP 1.1.1.1  is simply a place holder which activates the ability to send outbound through your account from Office 365.


We maintain a full list of office 365 sending address in our backend database: Office 365's active sending ranges are available to view here.




The Control Panel Is now configured for Office 365.


Office 365 Outbound mail configuration:

We recommend that you also configure Office 365to route all outbound emails through EveryCloud servers. This is done with a simple Connector. 


Connector Overview:


  1. Create a connection to the Partner Organisation
  2. Validate
  3. Test


Method:


Login to Office 365 with admin permissions, click the app launcher icon in the upper-left and then click Admin.  Choose ... Show All and select Exchange under Admin centers.

  1. Click on ‘Mail Flow’
  2. Click on ‘connectors’
  3. Click on ‘+’ to create a new rule
  4. Enter in From: “Office 365”
  5. Enter in To: “Partner Organization”
  6. Click Next

  7. Give your Connector a Name for example. “EveryCloud outbound”
  8. Give your Connector a Description for example. “Route all outbound traffic to EveryCloud”
  9. Tick “Turn it on”
  10. Click 'Next'


  11. Choose 'Only when email messages are sent to these domains'. Enter a wildcard which is denoted as * [asterisk].
  12. Click "Next" 
  13. Choose the option: 'Route email through these smart-hosts'
  14. Click on ‘+’ option
  15. Enter the smarthost corresponding to your chosen datacentre from here.
  16. Click “Save”


  17. Click "Next”



  18. Click "Next"
    This option is not mandatory, but if you would like to ensure that all messages sent outbound through EveryCloud Technologies smarthost are sent via TLS please leave this window as the default option as shown below.

    You will then be presented with a summary of the scenario

      
  19. Click "Next”
    You will be presented with a validate connector window
     
     
     

  20. Click on ‘+’ 
  21. Enter an external email address in the next dialogue box.
  22. Click "OK”

  23. Click "Validate"



Office 365 will validate the connector and attempt to send a test message though the EveryCloud Technologies smarthost.

Confirm a successful validation result and click "Save”.  (If there are any errors please review your settings and contact support if you require assistance.)



Office 365 Is now configured for outbound mail from EveryCloud.