Configure Inbound Delivery Routing for Office 365

Document created by user.oxriBaJeN4 Employee on Sep 21, 2015Last modified by user.oxriBaJeN4 Employee on Dec 21, 2016
Version 7Show Document
  • View in full screen mode

These steps should be completed to route emails from Mimecast to Office 365, and completed once your Mimecast account has been configured.


Bypassing Spam Checks


To ensure that emails delivered from Mimecast to Office 365 are not incorrectly identified as spam, resulting in delayed or failed email delivery, the Mimecast service IP Ranges should be added to the Allowed List in the Connection Filtering Policy within the Office 365 Exchange Admin Center (EAC).


To add the Mimecast Datacenter IP Ranges to the connection filter policy:

  1. Login to the Office 365 Exchange Admin Center (EAC)
  2. Click on Protection:

  3. Click on Connection Filter, then click the Edit icon:


  4. Click Connection Filtering then click the Add icon within the IP Allow list section:


  5. Add the Inbound Mimecast IP Ranges. See the Mimecast Data Centers and URLs page for details of these for your region.
  6. Check the Enable Safe List checkbox.
  7. Click Save to apply the changes.


Determining the Host Name


In order to deliver emails from Mimecast to your Office 365 service, you must determine your Host Name by following the steps below:

  1. Log in to the Office 365 Admin Center.
  2. Select Domains from the menu on the left of the page.
  3. From the Manage Domains page, select Domain Settings for the domain you wish to configure inbound delivery for.
  4. Once presented with the DNS records screen, find and note the MX value.


Mimecast Delivery Routes are now configured to deliver all inbound email to a specified hostname, which in this case is the MX record for the Office 365 account.


Create a new Mimecast Delivery Route and associated Policy to complete your inbound routing.


Setting Us Up as Your Only Trusted Email Source


We recommended that you lock down your inbound email flow in Office 365 to only allow mail from Mimecast IP addresses. This requires you to create a receive connector in Office 365.


To lock down your firewall:

  1. Log on to the Office 365 Exchange Admin Console.
  2. Click on the Mail flow menu item on the left hand side.
  3. Click on the Connectors link at the top. Your connectors are displayed.
  4. Click on the + icon.
  5. Complete the Select Your Mail Flow Scenario dialog as follows:

    FromPartner organization
    ToOffice 365
    The text at the bottom of the wizard changes to:

    “Creating a connector is optional for this mail flow scenario. Create a connector only if you want to enhance security for the email messages sent between your partner organization or service provider and Office 365. You can create multiple connectors for this scenario, each applying to different partner organizations or service providers”
  6. Click the Next button.
  7. Change the connector's name to Mimecast to Office 365.
  8. Click the Next button.
  9. Select the Use the Sender's Domain option in the "How do you want to identify the partner organization?” dialog.
  10. Click the Next button.
  11. Click on the + icon to add the * as the domain and click OK.
  12. Click the Next button.
  13. Leave the Reject Email Messages if They Aren't Sent Over TLS option with the default value on the “What security restrictions do you want to apply?” dialog. Mimecast will send the message on to Office 365 with Opportunistic TLS.
  14. Select Reject email messages if they aren't sent from within this IP address range.
  15. Click on the + icon to add the Mimecast IP address ranges depending on your region.
  16. Click the Next button.
  17. A summary page is displayed. Check this to ensure it has all the correct information.
  18. Click the Save button.


See Also...