Configure Outgoing Filtering with Exchange Online (Microsoft 365)

Before beginning, edit your SPF record to include the Mail Assure servers.

You must complete all steps below for correct operation of the outbound filtering.

Step 1: Create Outgoing User/Authentication Method in Mail Assure

  1. Log in to the Mail Assure control panel as an admin
  2. Select General > Domains Overview then click on the relevant domain to open the Domain Level Control Panel
  3. Select Outgoing > Manage Users
  4. Select the Authenticating Domain tab and ensure that the domain you are using with Exchange Online is shown
  5. Enter a secure password and click Add and configure
  6. The secure password is only required to complete the configuration process. Once set, it is no longer needed.

  7. Configure the Authentication method as required, ensuring that Re-authentication permitted is enabled
  8. Click Save

For full details on Authentication methods, see Outgoing Users/Authentication Methods

Alternatively, use Microsoft 365 Sync. This adds the outgoing users to Mail Assure as part of the synchronization process.

Step 2: Create the connector in Exchange Online

Microsoft has specific instructions on setting up a third party cloud spam filtering system. For detailed instructions on configuring a Microsoft 365 environment, see the Microsoft documentation for this here. A summary of one possible configuration is below.

  1. Log in to the Microsoft 365 Admin Center
  2. In the navigation menu, select Show all

  3. Click Exchange to open the Exchange Admin Center

  4. Open Mail flow > Connectors

  5. Click + Add a connector
    1. Set the connection from: Office 365
    2. Set the connection to: partner organization
  6. Click Next
  7. Give the connector a name (for example: Mail Assure Outbound filter) and click Next
  8. On the Use of Connector window, select Only when I have a transport rule set up that redirects messages to this connector and click Next
  9. Select Route email through these smarthosts and enter:
    1. smtpout.mtaroutes.com
  10. Click +, then click Next
  11. On the Security Restrictions tab, ensure Always use Transport Layer Security (TLS) to secure the connection (recommended) is ticked
    1. Use Issued by a trusted certificate authority (CA)
    2. Click Next
  12. Enter any valid email address in the Validation email field
  13. Click +, then Validate

    If this validation fails after completing all of the instructions in Step 1 and Step 2 successfully, you may skip this to complete connector creation and then proceed to Step 3.

  14. Once the email is validated, click Next
  15. Review the details for the connector and click Create connector

Step 3: Create the Transport Rule in Exchange Online

The below instructions are just an example, please specify your settings for your unique transport rule needs.

  1. Log in to the Microsoft 365 Admin Center
  2. Using the left hand menu, navigate to New Exchange Admin Center (this is default)
  3. Open Mail flow > Rules
  4. Create a new Rule by selecting the +
  5. Click More options at the bottom of the window
  6. Give the rule a name (for example: Route through Mail Assure, or Mail Assure Outbound)
  7. Fill the fields in as follows:
    1. Apply this rule if: The sender's domain is domain.invalid

      Where domain.invalid is replaced with the domain(s) required

      Specify the domain(s) in the pop-up, ensuring you click the + icon to add each one

    2. Do the following: Redirect messages to the following connector

      Select the connector made in step 2 from the dropdown provided in the Select Connector pop-up

    3. Except if: The recipient is internal/external

      Select inside the organization from the Select Recipient Location pop-up

      This will prevent Internal mail from routing via the Private Portal

    4. Chose a mode for this rule: Enforce
  8. Click Save

Once this is done, any traffic matching your outgoing sender domain will be relayed via the transport rule and be processed by the filtering servers.

For additional details on configuring this in either the Classic EAC or the New EAC, see the Microsoft documentation to set up connectors for secure mail flow.