-
Notifications
You must be signed in to change notification settings - Fork 3
Office 365
Some recommendations for Office 365 can be inferred from the Microsoft Exchange article, such as the need to take extra steps for Address Verification. Otherwise, this article provides some additional helpful information.
MailCleaner provides a much more configurable way of handling spam filtering, compared to even the advanced security features in Office 365. It also provides extra administrative access and data sovereignty when run within your own infrastructure. In addition to this, some extra key benefits include:
MailCleaner has a newsletters detection feature allowing users to choose each newsletter they want to receive. This important function does not currently exist on the Microsoft Office 365 product. It is therefore not possible for users to manage their newsletter subscriptions without the MailCleaner tool.
Email reports are delivered to users with quarantined e-mails. They can choose the frequency of the reports individually. This also helps not to load email boxes and incoming traffic unnecessarily.
The Microsoft Office 365 service does not allow users and administrators to accurately manage spam filter settings. No adjustment of the filters is possible in a simple and effective way as in the MailCleaner product.
MailCleaner offers its reseller customers a premium support. Our support can also be useful for troubleshooting or filtering errors. As a potential reseller yourself, you would have much greater access to discover problems and take additional actions to resolve user issues that don't exist within the relatively limited Office 365 environment. We also take into account the needs of our customers in the future development of our product.
In case your client wants external archiving, for legal reasons or backup needs, MailCleaner allows you to automatically link to an archiving system.
All traces of incoming messages via the MailCleaner tool are saved. This allows administrators to easily retrieve a message in the case of a user request, for example. This also helps to provide reliable statistics on email traffic externally and independently.
If your clients have legal requirements for monitoring communications, they can do so through MailCleaner and its trace analysis and logging functions.
From Configuration->Domains
If you have not already created the domain, select New domain, add the domain name and submit.
Once the domain exists, you can configure the following settings through the domain configuration wizard.
From the Delivery stage of the wizard, the destination server should be configured to the MX record provided by Microsoft. This should look something like:
domain-tld.mail.protection.outlook.com
Configuring proper address verification is highly recommended. If you fail to do this, messages will be accepted for all recipients during the initial transaction with the sender, this has two main consequences for addresses that don't actually exist. For messages that get flagged, additional quarantines will be generated, meaning additional licensed users and quarantine reports being generated for non-existent addresses. For messages that do not get flagged, MailCleaner will attempt to deliver it and it will be rejected at the end of the transaction. This will generate a bounce message and risks your machine getting listed for backscatter.
Configuring address verification requires extra steps with Office 365 (as it does with other versions of Exchange). as well known as the recipient verification, you have to configure both MailCleaner and Office 365.
From the Address verification step of the domain configuration wizard, simply select 'smtp' as the Callout connector method.
In Office 365, you have to enable the Exchange Online Protection. You have to use Global Admin or an Exchange Company Administrator account.
The Directory Based Edge Blocking (DBEB) feature from Office 365 enables users to reject messages for nonexistent recipients.
For enabling DBEB, follow these steps:
-
Ensure the domain is set to Internal Relay, by going to EAC (Exchange Admin Center)> Mail Flow > Accepted Domains > Select your domain and click Edit > check if the domain type is set to Internal relay, if not change it to Internal relay and click Save.
-
Add your valid users to office 365 via Directory synchronization, remote Windows Powershell or directly from the Exchange Admin Center (EAC).
-
Now set your domain to Authoritative. Follow the same path as above, Mail Flow > Accepted Domains > select your domain and set it to Authoritative. After you click Save, please confirm that you wish to enable Directory Based Edge Blocking.
After enabling "Authoritative" mode, please test that this works from the MailCleaner domain configuration wizard by clicking "Test configuration". If you domain was already set to "Authoritative" you may need to disable and re-enable it again to have the change take effect. Note that the MailCleaner test will test for the 'postmaster' address as a valid address. According to the SMTP specification, this address MUST exist. If you don't have that address configured, you can ignore that it is rejected. For this step it is most important that the randomly generated address is rejected.
Here is the Microsoft documentation related to this section
On-demand authentication for MailCleaner using Office 365 integration also requires configuration in both MailCleaner and Office 365. For now, only SMTP AUTH integration is supported. Enabling OAuth intergations is a work in progress.
From the Authentication stage of the wizard, configure the settings as follows:
- Authentication type: smtp
- Authentication server: smtp.office365.com:587
- Username modifier: add the domain using @ character
- Address lookup: build address by adding the domain to the username
From your Exchange admin center console, select Settings then Mail flow. In the pop-out panel ensure that Turn off SMTP AUTH protocol for your organization is DISABLED and that Turn on use of legacy TLS clients is enabled.
You can then test the configuration using a set of known credentials in the MailCleaner wizard.
If you would not like to enable SMTP AUTH, you can instead rely on MailCleaner's passwordless authentication. This feature is provided as a link at the top of all Quarantine reports. When this link is clicked in any recent reports, they will be automatically logged and can view/modify their quarantine. You can enable the summary reports for the Preferences stage of the MailCleaner domain configuration wizard.
Now, when you configured everything, you have to change your MX records in order to point to your MailCleaner's servers. Do not forget to adapt your SPF entry in your DNS to include the Microsoft O365 entries according to their documentation, but also to add the IPs of your MailCleaner servers too.
Info: a warning on the Office 365 dashboard will inform you that your MX are not pointed to Microsoft. You can ignore it.
If you are going to be relaying outgoing mail via MailCleaner, you should follow the additional suggestions to ensure the best chances that your mail is delivered
- Installation
- Overview of Admin Interface
- General Administration and Maintenance Issues
- Clustering
- Upgrading
- FAQ
Expand ▶ Pages above to view the Table of Contents for the article you are already reading, or to browse additional topics. You can also search for keywords in the Wiki.