Configuring Office 365 for Spambrella

This article explains how to configure Microsoft Office 365 to use Spambrella as your email gateway.

What Is Microsoft Office 365?

Office 365 is a cloud-based solution from Microsoft which offers email, messaging, security, archiving and other capabilities delivered from Microsoft’s worldwide network of cloud data centers.

For more information please see: https://products.office.com/en-us/business/office

Before You Start…

Before continuing with the provisioning and configuration of the Spambrella service, it is recommended that you have the information listed below.

INFORMATION NEEDED FOR CONFIGURING SPAMBRELLA

  • MX record(s) for domain(s) you are configuring

INFORMATION NEEDED FOR CONFIGURING OFFICE 365

Setup Inbound Mail Flow

Spambrella is deployed between the customer’s Office 365 environment and the Internet. Inbound mail is routed to Spambrella by changing the customer’s MX records. After email is processed by Spambrella it is routed to Office 365.

CONFIGURE SPAMBRELLA

Locate your MX record for the domain in Office 365…

  • Sign-In to the Office 365 Admin center.
  • Click on Settings > Domains.
  • Click on the domain you wish to manage.
  1. Under Exchange Online, locate the MX row in the table from the Points to address or value column (i.e.,mybusiness.com.mail.protection.outlook.com)
These values will be necessary when you add your domains to Spambrella

Adding domain(s) to Spambrella…

  • Sign-in to the Spambrella user interface.
  • Click the Domains tab.
  • Click on New Domain.
  • Enter the domain name you wish to configure.
  • Ensure “Relay” is selected for domain purpose.
  • Enter the delivery and failover destinations values.
  • Choose the method you wish to use for domain verification.
  • Click Verify Now if you wish to verify your domain at this stage or Verify Later.
Each Domain must to be verified before it can be enabled.
  • Repeat if you are adding more than 1 domain.
The delivery and failover destinations refers to the “points to” values captured in the previous section.
These values will be necessary when you add your domains to Spambrella.

Adding domain(s) to Spambrella…

  • Sign-in to the Spambrella user interface.
  • Click the Domains tab.
  • Click on New Domain.
  • Enter the domain name you wish to configure.
  • Ensure “Relay” is selected for domain purpose.
  • Enter the delivery and failover destinations values.
  • Choose the method you wish to use for domain verification.
  • Click Verify Now if you wish to verify your domain at this stage or Verify Later.
Each Domain must to be verified before it can be enabled.
  • Repeat if you are adding more than 1 domain.
The delivery and failover destinations refers to the “points to” values captured in the previous section.


CONFIGURE OFFICE 365…

Bypass Spam Filtering in Office 365…

  • Sign-In to the Office 365 Admin portal.
  • Click on Admin > Exchange

This will launch Exchange Admin Center…

  • Click Protection > Connection filter
  • Click the pencil icon to edit the default connection filter.
  • Click connection filtering.
  • Click + icon and add an IP address to the exception list.
Select the IP addresses that correspond to the stack you are hosted on. You can determine this by looking at the URL in your browser. For example, if your URL is https://spambrella.cloud-protect.net than you are on stack “EU1”. Therefore look for that stack in the list of IP values. If you are unsure, please email support for clarification.
  • Repeat step for each IP address.
One of the IP CIDR ranges.
  • Tick checkbox Enable safe list
  • Click Save.

Add a mail flow rule to allow email to be sent from Spambrella…

  • While accessing the Exchange Admin Center, click mail flow then rules.
  • Click + icon to access the pull down menu.
  • Select Restrict messages by sender or recipient
  • In the new rule window, complete the required fields:
    • Enter a value for Name (e.g.“Enter Only accept mail from Spambrella”)
    • For “Apply this rule if…” select “The Sender is located…” and “Outside the organization”.
    • For “Do the following…” select “Redirect the message to” and choose your Admin’s Email Address.
    • Uncheck Audit this rule with severity level.
    • For “Choose a mode for this rule” select “Enforce”.
    • Click More options.
    • Click add exception.
    • Select “the sender IP address is in any of these ranges or exactly matches”.
    • Add each IP address to the IP address list.
  • Click OK.
  • Clive Save.
  • Uncheck the checkbox to disable the rule. You will re-enable the rule once you are ready to cutover mailflow.

Disable default Office 365 spam settings

  • While accessing the Exchange Admin Center, click protection followed by spam filter.
  • Click the pencil icon to edit the default spam filter.
  • Click advanced options.
  • Ensure all options are set to “Off“.
  • Click Save.

Setup Outbound Mail Flow

Spambrella is deployed between the customer’s Office 365 environment and the Internet. Outbound mail is routed to Spambrella by configuring an outbound mail gateway. This will route all outbound mail to Spambrella.

CONFIGURE Spambrella

Enable Outbound Relaying

  • Sign-in to the Spambrella user interface.
  • Click the Features tab.
  • Check Enable Outbound Relaying.
  • Click Save.

Add Service IP addresses to your Sender servers

  1. While logged into the Spambrella user interface, click the Domains tab.
  2. Click Managed Hosted Services.
  3. Choose Office 365.
  4. Click Save.

CONFIGURE OFFICE 365

Create Outbound Connector

  • Sign-In to the O365 365 Admin portal.
  • Click on Admin > Exchange.

This will launch Exchange Admin Center…

  • Click Mail Flow > Connectors.
  • Click + to access menu.
  • For “From” select “Office 365”.
  • For “To” select “Partner Organization”.
  • Click Next.
  • Enter a value for Name (e.g.“Spambrella”).
  • Enter a value for Description (e.g.“Outbound connector for Spambrella”).
  • Uncheck the turn it on setting. You will turn this outbound connector on once you are ready to cutover mailflow.
  • Click Next.
  • For “When do you want to use this connector?” select “Only when email messages are sent to these domains”.
  • Click +.
  • Enter * to specify all domains.
  • Click OK.
  • Click Next.
  • For “How do you want to route email messages?“ select “Route email through these smart hosts”.
  • Click + and enter your Spambrella smart host value;
    • (USA – outbound-us1.ppe-hosted.com or; Europe – outbound-eu1.ppe-hosted.com)
  • Click Save.
  • Click Next.
  • For “How should Office 365 connect to your partner organization’s email server?” choose your preferred approach.
    • If you choose “Always use Transport Layer Security (TLS) to secure the connection”, please choose  “Any digital certificate, including self-signed certificates“.
  • Click Next.
  • Click Next.
  • Click + icon and enter an email address for validation.
  • Click OK.
  • Click Validate.
  • Click Save.

If you are using Spambrella Email Archive, you will need to create an additional outbound connector.
Please refer to: Configuring Journaling for Office 365 for additional steps.

If you are using another archiving service, you will need to create an additional outbound connector to ensure journal emailed is not sent to Spambrella. If it is sent to Spambrella it will be subject to outbound rate limiting policies. Please contact your archiving service provider for instructions.


Update Sender Policy Framework (SPF)

When sending outbound email through the Spambrella gateway, recipients receive mail sent from Spambrella rather than Office 365 mail servers. If the recipient’s mail service attempts to verify that the message came from your domain, it must confirm that the gateway server is an authorized mail server for your domain.

To enable this, you need to add the Spambrella SPF record to your domain:

  • USA SPF – “v=spf1 a:dispatch-us.ppe-hosted.com ~all”
  • EU SPF – “v=spf1 a:dispatch-eu.ppe-hosted.com ~all”

Cutting Over Mailflow

ENABLE & TEST DOMAIN(S)…

  • Sign-in to the Spambrella user interface.
  • Click the Domains tab.
  • Click the relay control to enable the domain for relay (shown below in orange box)…

Enable Relay Spambrella

Once the domain is turned on, you will need to wait for Spambrella MTAs to be updated.This occurs every half-hour (top and bottom of the hour). You should not proceed to the next step until you’ve waited for this change to be applied.
  1. Click the test domain (clipboard) icon to verify Spambrella can deliver to the specified SMTP destination.

UPDATE YOUR MX RECORDS

You will need to add Spambrella MX records to your DNS record next.

You may want to add the MX records with a low priority ahead of your cutover. Once ready, you can then increase the priority of the Spambrella MX records while decreasing the priority of your existing MX record.


ENABLE OUTBOUND CONNECTOR

  • Sign-In to the O365 365 Admin portal.
  • Click on Admin > Exchange.
  • Click Mail Flow > Connectors.
  • Select the outbound connector and click edit (pencil icon).
  • Check the turn it on checkbox and click next through the remaining screens.
  • Click Validate.
  • Click Save.

ENABLE MAIL FLOW RULE

  • While accessing the Exchange Admin Center, click Mail Flow.
  • Check the checkbox next to the mail flow rule you created previously.

VERIFY INBOUND MAIL FLOW

  • While logged into the Spambrella user interface, click the Logs tab.
  • Select Any from the Status drop-down and click Search.
  • Look for new entries (test emails etc) to be listed in the search results.

VERIFY OUTBOUND MAIL FLOW

  • Send a test message from an Office 365 mailbox to an external SMTP address.
  • While logged into the Spambrella user interface, click the Logs tab.
  • Select Outbound mail from the type drop-down.
  • Select Any from the status drop-down and click Search.
  • Look for the test message that was sent.