The diagram below shows how connectors in Office 365 (including Exchange Online or EOP) work with your own email servers.
In this example, John and Bob are both employees at your company. John has a mailbox on an email server that you manage, and Bob has a mailbox in Office 365. John and Bob both exchange mail with Sun, a customer with an Internet mail account:
In this example, John and Bob are both employees at your company. John has a mailbox on an email server that you manage, and Bob has a mailbox in Office 365. John and Bob both exchange mail with Sun, a customer with an Internet mail account:
- When email is sent between John and Bob, connectors are needed.
- When email is sent between John and Sun, connectors are needed. (All Internet email is delivered via Office 365.)
- When email is sent between Bob and Sun, no connector is needed.
If
you have your own email servers and Office 365, you must set up
connectors. Without connectors, email will not flow between Office 365
and your organization’s email servers.
How do connectors route mail between Office 365 and my own email server?
You need two connectors to route email between Office 365 and your email servers, as follows:- A connector from Office 365 to your own email server
When you set up Office 365 to accept all email on behalf of your organization, you will point your domain's MX (mail exchange) record to Office 365. To prepare for this mail delivery scenario, you must set up an alternative server (called a "smart host") so that Office 365 can send email to your organization's email server (also called "on-premises server"). To complete the scenario, you might need to configure your email server to accept messages delivered by Office 365.
- A connector from your own email server to Office 365
When this connector is set up, Office 365 will accept messages from your organization's email server and send the messages to recipients on your behalf. This recipient could be a mailbox for your organization in Office 365, or it could be a recipient on the Internet. To complete this scenario, you'll also need to configure your email server to send email messages directly to Office 365.
This connector enables Office 365 to scan your email for spam and malware, and to enforce compliance requirements such as running data loss prevention policies. When your email server sends all email messages directly to Office 365, your own IP addresses are shielded from being added to a spam block list. To complete the scenario, you might need to configure your email server to send messages to Office 365.
Here is an overview of the steps:
- Complete the prerequisites for your email server environment.
- Part 1: Configure mail to flow from Office 365 to your email server.
- Part 2: Configure mail to flow from your email server to Office 365.
Prepare
your server environment (also known as your on-premises environment) so
that it’s ready to connect with Office 365. Follow these steps:
- Make sure that your email server (also called "on-premises mail server") is set up and capable of sending and receiving mail to and from the Internet.
- Check that your on-premises email server has Transport Layer Security (TLS) enabled, with a valid certification authority-signed (CA-signed) certificate. We recommend that the certificate subject name includes the domain name that matches the primary email server in your organization. Buy a CA-signed digital certificate that matches this description, if necessary.
- If you want to use certificates for secure communication between Office 365 and your email server, update the connector your email server uses to receive mail. This connector must recognize the right certificate when Office 365 attempts a connection with your server. If you’re using Exchange, see Receive connectors for more information. On the Edge Transport Server or Client Access Server (CAS), configure the default certificate for the Receive connector. Update the TlsCertificateName parameter on the Set-ReceiveConnector cmdlet in the Exchange Management Shell. To learn how to open the Shell in your on-premises Exchange organization, see Open the Shell.
- Make a note of the name or IP address of your external-facing email server. If you’re using Exchange, this will be the Fully Qualified Domain Name (FQDN) of your Edge Transport server or CAS that will receive email from Office 365.
- Open port 25 on your firewall so that Office 365 can connect to your email servers.
- Make sure your firewall accepts connections from all Office 365 IP addresses. See Exchange Online Protection IP addresses for the published IP address range.
- Make
a note of an email address for each domain in your organization. You'll
need this later to test that your connector is working properly.
There are three steps for this:
- Configure your Office 365 environment.
- Set up a connector from Office 365 to your email server.
- Change your MX record to redirect your mail flow from the Internet to Office 365.
Make sure you have completed the following in Office 365:
- To set up connectors, you need permissions assigned before you can begin. To check what permissions you need, see the ”Office 365 connectors" entry in the Feature permissions in EOP topic.
- If you want EOP or Exchange Online to relay email from your email servers to the Internet, either:
- Use a certificate configured with a subject name that matches an accepted domain in Office 365. We recommend that your certificate's common name or subject alternative name matches the primary SMTP domain for your organization. For details about this, see Prerequisites for your email server environment.
- -OR-
- Make sure that all your organization sender domains and subdomains are configured as accepted domains in Office 365.
- Decide
whether you want to use transport rules or domain names to deliver mail
from Office 365 to your email servers. Most businesses will choose to
deliver mail for all accepted domains. For more information, see Using a connector with a transport rule.
To create a connector in Office 365, click Admin, and then click Exchange to go to the Exchange admin center. Next, click mail flow, and click connectors.
If any connectors already exist for your organization, you can see them listed here.
If any connectors already exist for your organization, you can see them listed here.
Before you set up a new connector, check any connectors that are already listed here for your organization. For example, if you ran the Exchange Hybrid Configuration wizard, connectors that deliver mail between Office 365 and Exchange Server will be set up already and listed here. You don’t need to set them up again, but you can edit them here if you need to. If you don’t plan to use the hybrid configuration wizard, or if you’re running Exchange Server 2007 or earlier, or if you’re running a non-Microsoft SMTP mail server, set up connectors using the wizard.
To start the wizard, click the plus symbol +. On the first screen, choose the options that are depicted in the following screenshot:
Click Next, and follow the instructions in the wizard. Click the Help or Learn More links if you need more information. The wizard will guide you through setup. At the end, make sure your connector validates. If the connector does not validate, double-click the message displayed to get more information, and see Fixing connector validation errors for help resolving issues.
To redirect email flow to Office 365, change the MX (mail exchange) record for your domain. For instructions on how to do this, see Add MX record to route email.
There are two steps for this:
- Set up a connector from your email server to Office 365.
- Set up your email server to relay mail to the Internet via Office 365.
To create a connector in Office 365, click Admin, click Exchange, and then to go to the Exchange admin center. Next, click mail flow, and click connectors. If any connectors already exist for your organization, you can see them listed here.
To start the wizard, click the plus symbol +. On the first screen, choose the options that are depicted in the following screenshot:
Click Next, and follow the instructions in the wizard. Click the Help or Learn More links if you need more information. In particular, see Identifying email from your email server for help configuring certificate or IP address settings for this connector. The wizard will guide you through setup. At the end, save your connector.
If you have completed all of these steps correctly, all your mail will now be delivered via Office 365.
To check that this is working:
- Send email from a mailbox on your email server to an Internet mailbox.
- Send email from an Internet mailbox to a mailbox on your email server.
To change settings for a connector, select the connector you want to edit and then select the edit icon as shown in the following screen shot.
The connector wizard opens, and you can make changes to the existing connector settings. While you change the connector settings, Office 365 continues to use the existing connector settings for mail flow. When you save changes to the connector, Office 365 starts using the new settings.
Ref: https://technet.microsoft.com/en-us/library/dn751020(v=exchg.150).aspx
No comments:
Post a Comment