For us to accept your inbound email, recipient validation must be configured. This enables us to only accept messages from the email addresses you have authorized. To do this, we must have a complete list of all internal users.
Recipient validation can be completed by one of the following methods:
Synchronization with your Network Directory (e.g. LDAP)
This is the recommended method.
|Automatically by email flow as users send emails through Mimecast|
Office 365 does not support Active Directory integration. User management is controlled manually through:
- Your internal domains.
- Using a spreadsheet import.
For environments that use a separate domain controller, Active Directory synchronization can be configured.
On Premises / Hosted Exchange (HEX)
To enable directory synchronization:
- Open the LDAP port on your firewall to the Mimecast Data Center IP ranges. By default, this will be:
- Port 389 for LDAP
- Port 636 for LDAPS
- Ensure the correct routing has been setup from the firewall through to the selected domain controller.
- Create a user account in the directory for Mimecast to use for authentication purposes. This enables the extraction of all valid email addresses, group structures, and any attributes that have been setup in Mimecast to be synchronized. See the User Account Requirements section below for further details.
- Review and complete the configuration steps outlined in the Directory Connections article for each connector.
See the Enable LDAP Directory Sync for Active Directory page for further details.
Ensure the domain controller has a publicly routable IP address configured that Mimecast can access. If LDAPS is used, ensure that the certificate is registered to the Fully Qualified Domain Name (FQDN) of the server. This means that LDAPS will not work unless the certificate name is based on the FQDN of the server.
User Account Requirements
The user account created in point 3 above does require:
- Permissions to read Active Directory users and attributes. By default a member of the Domain Users group has these permissions.
- A password that does not require to be changed at first logon, and does not expire.
The user account created in point 3 above does not require:
- Special permissions.
- A local mailbox.
You can also: