Description
This article is a step by step guide to set up your Microsoft 365 to only accept MPmail services.
The outbound connector is required if you want all your outbound emails to appear in the live tracking of MPmail. It is also compulsory if you are using MParchive as outgoing emails can only be archived if they are routed through the filter.
The inbound rule limits emails from being accepted unless they are coming from an IP address of MPmail. This prevents unwanted emails being accepted if the sender has attempted to bypass the MX records.
Requirements
- Office 365 customer setup on MPmail
- Office 365 admin account
- MPmail with 1.1.1.1 in the Outbound Relay, must have been done at least 60 minutes prior
- MPmail Outbound Smarthost address
The Process
Step 1: Set up an outbound connector
- Go to ‘Mail flow’
- ‘connectors’
- ‘add a connector
- From: Office 365
- To: Partner organization
- Add a Connector Name
- Use of connector = ‘Only when email messages are sent to these domain
- Add an asterisk * -- You need to click the ‘+’ or it will not accept it.
- Routing = 'Route email through these smarthosts'
- Add ; domainName.outbound.anz.mpmailmx.com,
where domainname is the customer email domain.
- Add ; domainName.outbound.anz.mpmailmx.com,
- Security restrictions = not mandatory, but if you would like to ensure that all messages sent outbound through the smarthost are sent via TLS please leave this window as the default option as below
- Validation – enter an email address that you have access to. This is only for verification that the rule is correctly configured.
- Once validation is complete, click ‘create’
Step 2: Set up an inbound connector
To do this step, you need to be logged into Microsoft 365 admin centre using the tenancy admin credentials. Go into the exchange admin centre
- Go to ‘Mail flow’
- ‘Rules’
- Click on ‘+’ to create a new rule
- A new window will appear
- Ensure that the mode is ‘Enforce’
- Select ‘More options’
- Name the rule
- *Apply this rule if:
- “[Apply to all messages]
- *Do the following:
- “Block the message…”
- “Reject the message and include an explanation”
- A text box will appear saying “Specify rejection reason”
- Enter; “Email bypassed MX records”
- Add the exceptions
1. If senders IP addresses are in between/match the following ranges.
- 94.100.128.0/20
- 185.140.204.0/22
- 173.45.18.0/24
- 83.246.65.0/24
- 81.20.94.0/24
- 52.62.114.130
- 52.62.125.178
- 35.174.145.124 (Avanan US)
- 15.222.110.90 (Avanan CA)
- 52.212.19.177 (Avanan IN)
- 13.211.69.231 (Avanan AU)
Note : The Avanan IP's are only required if you are running this service, and only one is required depending on the data centre where the Avanan account was provisioned. MPmail Avanan - Creating a customer
2. Add an additional exception that allows mail from your internal mailboxes outbound in the same transport rule
- The sender is located 'External/Internal'
- Select Inside the organisation. This will cover all sending mailboxes within your Office 365 account
3. The message properties = include the message type = ‘Calendaring’
- Save
- Go to your customer account in Converge (https://converge.mp) and input the Microsoft 365 generated MX records to the customers IP/Hostname within the MPmail area
- Activate outbound relay by inputting a Dummy IP and save. IP 1.1.1.1 which is a virtual container, which encompasses all of Office 365 IP ranges
Step 3
We also recommend that the M365 spam filtering is disabled to prevent emails being quarantined in multiple services.
How to disable M365 spam filtering