e-securemail for Microsoft 365 (connector version)

We will guide you through the steps to take when switching to our e-securemail solution integrated with Microsoft 365 for a domain.

First of all, you must add the SPF record in your DNS server

This procedure is unique and only applies if you have several domains under management on your Office platform.

Configuration of the destination mail server (administration console) :

Log in to the domain management interface at https://www.security-mail.net/

Enter your username and password.

Navigate to (Configuration => Domain Settings => Delivery/SMTP) and update the destination mail server (your server on Microsoft 365).



If the destination mail server field is already up to date, go directly to

Scheme

The following diagram illustrates the e-securemail for Microsoft 365 filtering process and the transmission of e-mails.




Settings on your office space

Follow the 6 steps below to activate e-securemail for Office 365

Procedure legend :




1. Go to www.office.com, click on login

Once logged in, go to Admin, then selecting ...View All, choose Exchange, then Mail Flow

2. ESM CONNECTOR

In the connectors tab: Create (+) a connector From: Office365 To: Partner organisation, then Next.
Give it a name: ESM, then click on Next, then check 'Only when a transport rule is configured to redirect messages to this connector', then click on Next, then select 'Route mail through these active hosts' and add (+) office365.security-mail.net, click on Save, then on Next, then check 'Always use TLS protocol', then the option 'Issued by a trusted Certification Authority (CA)', then Next, then confirm with Next.

You must now validate the connector by adding (+) an address connector365@security-mail.net, validate with OK, then Validate. A message will be displayed indicating that a test mail has been sent, followed by the status "Completed". You must then Close and Save.

3. RETURN FROM ESM" RULE

Select the rules tab, Create a rule (+), in the new rule window, click on ...More options, then name the rule ReturnFromESM, Apply this rule if 'A message header...includes one of these words': header = " ESMforO365 " contains " ESM ". Click on + then validate with OK,

Add a condition: 'The sender...IP address is located in one of these ranges...', enter the range 85.31.212.0/24 click on + then validate with OK, (do the same for the ranges (46.30.205.248/30)

Then proceed as follows...'Edit message properties ...set the spam probability threshold (SCL)', and choose the value 'Bypass spam filtering' and confirm with OK.

See screenshot below.




Then choose a mode for this rule "Apply" and check the box "Do not process any more rules" and click on save to finish.




4.
Send to connector IN" RULE

Select the rules tab, Create a rule (+), in the new rule window, click on ...More options, then name the rule Send to connector IN, Apply this rule if 'The recipient is => " The domain is "



Specify the domain: (the domain(s) to be added are the domain(s) benefiting from ESMforO365)




Proceed as follows 'Edit message properties...define a message header' Set the message header = 'ESMforO365' to 'ESM', then press Save. Add the action "Redirect the message to ..." => "The following connector" and choose the action => "The following connector" and choose ESM




Click on OK.



Then add an exception to the calendar or a message header includes and or a message header corresponds to : (all calendar, automatic notification, absence message type messages will be relayed between Microsoft servers)

Select Unless... The message properties...include the message type Select message type = "Calendar", click OK.



Add an exception... A message header includes ...= includes one of these words




Define in the header = "Auto-Submitted", and set the value = "auto-replied" by (+), then validate with Save.




Finally, Add an exception... A message header includes ...= matches these text templates




Define in the Header = "X-MS-Exchange-Generated-Message-Source", then assign in Correspondence the value = "Mailbox Rules Agent" by (+), then validate by Save.




You should have a setting like the one in the picture below:




Finally choose a mode for this rule "Apply" and check the box "Do not process any more rules" and click on save to finish.




5. RULE "Send to connector OUT".

Select the rules tab, Create a rule (+), in the new rule window, click on ...More options, then name the rule Send to connector OUT, Apply this rule if 'The sending domain is'.




Specify the domain: (the domain(s) to be added are the domain(s) benefiting from ESMforO365)



Proceed as follows 'Edit message properties...define a message header' Set the message header = 'ESMforO365' to 'ESM', then press Save. Add the action "Redirect the message to ..." => "The following connector" and choose the action => "The following connector" and choose ESM




Click on OK.



Then add an exception to the calendar or a message header includes and or a message header corresponds to : (all calendar, automatic notification, absence message type messages will be relayed between Microsoft servers)

Select Unless... The message properties...include the message type Select message type = "Calendar", click OK.


Add an exception... A message header includes ...= includes one of these words




Define in the header = "Auto-Submitted", and set the value = "auto-replied" by (+), then validate with Save.



Finally, Add an exception... A message header includes ...= matches these text templates



Define in the Header = "X-MS-Exchange-Generated-Message-Source", then assign in Correspondence the value = "Mailbox Rules Agent" by (+), then validate by Save.




You should have a setting like the one in the picture below:




Then choose a mode for this rule "Apply" and check the box "Do not process any more rules" and click on save to finish.




6. MIME ENCODING

In the remote domains tab, change the following properties in Default :




Use RTF format: check Never

  • MIME character sets: select UTF-8
  • Non MIME character sets: select UTF-8

e-securemail IP whitelisting procedure

Checking permissions per IP address in Microsoft 365: e-securemail IP whitelisting procedure

MX registrations and service activation

You are almost there:

In order for us to intercept and deliver your email streams, you must remove our MX and put the Microsoft 365 MX in place.

And two last steps are required to finalize the activation of the e-securemail filtering solution:

  1. Connect (using your login and password) to the administration console via the address https://www.security-mail.net/, retrieve your ID so that the solution can access the messages to be scanned (an explanatory video is available on this space)
  2. Give us permission to make changes by accepting the terms and conditions.

Tags