byt3
asked on
On Premis server rejecting emails because emails relayed through Office 365
When Office 365 relays email to my On Premise server, the On Premise server rejects some email as spam, because the Office 365 server is not in the SPF record of the external organization that sent the record.
Background Info:
The organization I work for is about to move to Office 365 from our Exchange 2010 On Premise service. I am also moving mailboxes from one Exchange 2010 server to another as the previous server is currently running on is Server 2008R2 and on old hardware we want to retire. Because of this I have 2 Exchange 2010 servers with mailboxes split between the two as I move. All email originating from outside the organization's network comes through an Exchange 2010 Edge server.
All mail to and from external addresses goes through Office 365.
I need to know how to set up the connectors on my On Premise servers so that my On Premise server will only accept email from Office 365, so that I can turn of the spam filter that is rejecting valid emails.
Thanks.
Background Info:
The organization I work for is about to move to Office 365 from our Exchange 2010 On Premise service. I am also moving mailboxes from one Exchange 2010 server to another as the previous server is currently running on is Server 2008R2 and on old hardware we want to retire. Because of this I have 2 Exchange 2010 servers with mailboxes split between the two as I move. All email originating from outside the organization's network comes through an Exchange 2010 Edge server.
All mail to and from external addresses goes through Office 365.
I need to know how to set up the connectors on my On Premise servers so that my On Premise server will only accept email from Office 365, so that I can turn of the spam filter that is rejecting valid emails.
Thanks.
Last Comment
you can just whitelist the sending domain so that your server dont reject it.
also here is a link go help you setup the connectors.
https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail
https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail
When Office 365 relays email to my On Premise server, the On Premise server rejects some email as spam, because the Office 365 server is not in the SPF record of the external organization that sent the record.
This is not clear, where the spf record comes in picture or u r saying that external org don't have spf?
All you need is
Your mx need to point to O365, then only O365can take care of rest
Since your mailboxes remains onpremise, you should change O365 domain to "internal relay" from authoritative
Also setup one simple smtp connector from o365 to Onpremise network
Then when O365 receive email, 1st it will check if it have mailbox, if not forward it to On-Premise exchange through smtp connector
Also in order to Onpremise exchange to accept emails from O365, you must add O365 EOP ips to On-Premise default server receive connector
Now for outgoing mail flow, use on premise exchange to send email to external world
Optionally,
You could have email users (mail enabled users) with O365 synced through directory sync tool if you also want to move mailboxes to O365 through hybrid setup
Setup hybrid and it will take care of everything
Point your mx to O365
Finally you need to modify ur existing spf record to include o365 spf host
This is not clear, where the spf record comes in picture or u r saying that external org don't have spf?
All you need is
Your mx need to point to O365, then only O365can take care of rest
Since your mailboxes remains onpremise, you should change O365 domain to "internal relay" from authoritative
Also setup one simple smtp connector from o365 to Onpremise network
Then when O365 receive email, 1st it will check if it have mailbox, if not forward it to On-Premise exchange through smtp connector
Also in order to Onpremise exchange to accept emails from O365, you must add O365 EOP ips to On-Premise default server receive connector
Now for outgoing mail flow, use on premise exchange to send email to external world
Optionally,
You could have email users (mail enabled users) with O365 synced through directory sync tool if you also want to move mailboxes to O365 through hybrid setup
Setup hybrid and it will take care of everything
Point your mx to O365
Finally you need to modify ur existing spf record to include o365 spf host
ASKER
My MX records point to office 365 and office 365 relays the messages to my on premise server.
Let's say contoso.com emails my organization of example.com. First the message from contoso goes to Office 365, then office 365 relays the message to my on premise server. My on premise server checks contoso.com's SPF record and doesn't find the IP or server name of Office 365 (the server that my on premise exchange received the email from), so my on premise server rejects it as spam.
I hope that clears it up.
Thanks for the suggestions and links. I will check them out on Monday.
Let's say contoso.com emails my organization of example.com. First the message from contoso goes to Office 365, then office 365 relays the message to my on premise server. My on premise server checks contoso.com's SPF record and doesn't find the IP or server name of Office 365 (the server that my on premise exchange received the email from), so my on premise server rejects it as spam.
I hope that clears it up.
Thanks for the suggestions and links. I will check them out on Monday.
Thanks for explanation
But spf is not issue, ur onpremise exchange server will look for O365 spf and not contoso.com spf, as long as you have set O365 domain (example.com) as internal relay and have included O365 SPF wirh example.com existing SPF record, SPF cannot be an issue
Also As i stated earlier,
In order to Onpremise exchange to accept emails from O365, you must add O365 EOP ips to On-Premise default server receive connector
U can google for for ip list
did you done these two things?
But spf is not issue, ur onpremise exchange server will look for O365 spf and not contoso.com spf, as long as you have set O365 domain (example.com) as internal relay and have included O365 SPF wirh example.com existing SPF record, SPF cannot be an issue
Also As i stated earlier,
In order to Onpremise exchange to accept emails from O365, you must add O365 EOP ips to On-Premise default server receive connector
U can google for for ip list
did you done these two things?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I have not added the EOP addresses to the recieve connector. I will Google for the list and add them.
You must need to create new receive connector onpremise for this instead of modifying default receive connector
ASKER
I Googled the Office 365 IP list (here)
I added these IP ranges to the IPAllowList, but I haven't heard back about emails continuing to bounce yet.
I added these IP ranges to the IPAllowList, but I haven't heard back about emails continuing to bounce yet.
Here it is
https://docs.microsoft.com/en-us/office365/securitycompliance/eop/exchange-online-protection-ip-addresses
You should get it in above url as well
https://docs.microsoft.com/en-us/office365/securitycompliance/eop/exchange-online-protection-ip-addresses
You should get it in above url as well
ASKER
I didn't actually use the property to restrict by IP ranges and instead I added the IPs to the IPAllowList in the Content Filtering, which did the trick.
Though I will probably eventually add them to the restricted IP ranges.
Thank you for the help.
Though I will probably eventually add them to the restricted IP ranges.
Thank you for the help.
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER