ESM for Microsoft 365 MX version with outbound message filtering

    PREREQUISITE :

    Before redirecting your outgoing flow to e-securemail, please configure the SPF of your domain at the registrar. This configuration is essential in order to be in conformity with the sending of your messages via the e-securemail servers.

    You will need to add to your SPF field: include:includespf.security-mail.net -all

    An SPF field always starts with v=spf1 and ends with an ?all / ~all / -all indicator.

    IMPORTANT: Not setting up your SPF may impact your mailings and your correspondents may not receive them.

    DESTINATION MAIL SERVER :

    In order to deliver messages to the mailbox filtered/relayed by e-securemail, you need to specify an IP address or a logical name (e.g. "mail.mondomaine.com"). The default port is 25, but you can specify a custom port by adding it after your address (e.g. mail.mondomaine.com:587).

    If you want to retain your mail stream with us, enter hold:

    1. Log in to the domain management interface at https://www.security-mail.net/

    2. Enter your username and password.

    3. Navigate to (Configuration => Domain Settings => Delivery/SMTP) and update the destination mail server (of your server on Microsoft 365).




    If the destination mail server field is already up to date, go directly to

    MX :

    The protocol that governs the addressing of email on the Internet uses information in your DNS: these are the MX records. They are ordered by importance, the record with the lowest value is usually your mail server, the higher values are the mail relays of your ISP. Relays are used to temporarily receive your messages, if your server does not respond.

    We will use this property and give the Email Filtering Service the lowest priority for receiving messages. After processing your messages, the Email Filtering Service will send them back to your mail server. Normally, this is simply done by the person who manages your DNS (which will usually be your Internet Service Provider, ISP).

    Enter the type ( MX), destination and priority.

    Priority Mail server

    10 france.security-mail.net.

    20 europe.security-mail.net.

    With some registrars it is necessary to add a DOT after the .net to close the registration.




    ESM CONNECTOR Output filtering

    ///

    Important:

    Please note that the intra-domain flow (from the same organisation) from @domain1 to @domain1 remains relayed on the Microsoft cloud (Microsoft policy), thus relayed between Microsoft 365 servers.

    If you want to pass the internal flow through our gateways, you can use the connector version. This requires modifying the MX to Microsoft and adding additional rules.

    If you want to pass the internal flow through our gateways, you can use the connector version.

    ///

    Go to www.office.com, click on login

    Once logged in, go to Admin, then selecting ...View All, choose Exchange, then Mail Flow

    In the connectors tab: Create (+) a connector From: Office365 To: Partner organisation, then Next.

    Give it a name: ESM output filtering



    Then click on Next, enter * (click on the + to add) then tick 'Only when mail is sent to these domains' then click on Next.



    Routing :

    Then select 'Route mail through these active hosts' and add (+) smtp.security-mail.net, click on the + to Save.




    Security restrictions:

    Click Next, then check 'Always use TLS', then the 'Issued by a trusted Certificate Authority (CA)' option, then Next and confirm with Next.



    Validation letter :

    You must now validate the connector by adding (+) an address support@secuserve.com or an address from your domain, validate with OK. A message is displayed, indicating that a test mail has been sent.




    NOTE: If you get an error message during validation, bypass this step by clicking on start without validation (image 2)




    Start without validation (image 2):




    Information :

    We recommend using the DKIM protocol for better message delivery. You can read the following article (how to set up DKIM?)

    e-securemail IP whitelisting procedure

    Check permissions by IP address in Microsoft 365 :

    In order to bypass SPF checks, we strongly recommend that you enter our IP range on the tenant Office. This improved filtering will allow to bypass the e-securemail IP as the legitimate sending server of the sender and avoid the errors visible in the headers (SPF error, because it takes as sending server, for example, the domain example.com, an IP of e-securemail that does not match their SPF). This results in a wrong categorisation of the email in the user's inbox.

    1. Go to the M365 security portal - https://security.microsoft.com/
    2. Open Email & Collaboration in the left sidebar and go to Policies & Rules > Threat Policies > Anti-Spam Policies
    3. Click Connection Filter Policy, then click Change Connection Filter Policy in the drop-down menu
    4. Add the following IP addresses to the Always allow messages from the following IP addresses or address range field

    For IP ranges, please contact our support team on 01 41 27 17 20 or by email support@secuserve.com




    Practical link: https://docs.microsoft.com/en-en/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors

    DKIM

    Authorizations & AD Synchronization :

    To complete the subscription to our e-securemail solution for Microsoft 365.

    You need to be logged in as an Azure administrator to allow e-securemail to synchronize your directory.

    Log in and follow the instructions on your console: https://www.security-mail.net/office365.php

    Tags
    esm for 365 Activation filtrage Microsoft 365 Déploiement manuel Déployer e-securemail pour Microsoft 365
    Published