Office 365: Configuring Outbound Delivery Routing

Document created by user.oxriBaJeN4 Employee on Sep 21, 2015Last modified by user.oxriBaJeN4 Employee on May 23, 2018
Version 15Show Document
  • View in full screen mode

This step must be completed to route emails outbound from Office 365 to Mimecast.

We recommend completing this step at least three working days before switching your MX records to route inbound email through us. This allows us to build your Auto Allow list, based on recipients your users send messages to. This has a positive impact on inbound email delivery speed, because many senders will already be known and consequently not be subject to our greylisting security feature.

What You'll Need

 

  • An Office 365 administrator logon with permission to create a send connector.
  • Your internal domains must already be registered with us.
  • A Mimecast administrator logon with at view permission to the Gateway | Accepted Email menu item.

 

Walkthrough

 

Updating the SPF Record for your Domain(s)

 

You must have a SPF record for the domain(s) registered with Office 365. When implementing Mimecast with Office 365, this record must be updated in the DNS zone for the relevant domain to include the following:

  • Remove: v=spf1 include:spf.protection.outlook.com –all
  • Replace with or add:  v=spf1 include:_netblocks.mimecast.com ~all

If your outbound email is temporarily coexisting with us, you can leave the v=spf1 include:spf.protection.outlook.com –all SPF record. However it must be removed once all your outbound email is routed through us.

Configuring Outbound Routing

We recommend this process is completed using Internet Explorer. Other browsers have issues with the controls used in the final validation step.

  1. Log in to the Office 365 Administration Console.
  2. Select the Admin | Exchange menu item.
  3. Select the Mail Flow | Connectors menu item.
  4. Create a Connector.
  5. Complete the New Connector - Select Your Mail Flow Scenario dialog as follows:

    FieldDescription
    FromSelect "Office 365" from the drop down list.
    ToSelect "Partner Organization" from the drop down list.
  6. Select the Next button.
  7. Complete the New Connector - New Connector dialog as follows:

    FieldDescription
    NameEnter a name for the connector.
    DescriptionEnter a description for the connector.
    Turn It OnSelect this option to enable the connector.
  8. Select the Next button.
  9. Select the Only When Email Messages are Sent to These Domains option.
  10. Select the ico_plus.png icon to add the recipient domains that should use this connector.
  11. Enter a value of * to route all outbound emails through us.
  12. Select the OK button.
    Connector
  13. Select the Next button.
  14. Select the Route Email Through These Smart Hosts option.
  15. Select the ico_plus.png icon to add your region's smart hosts.
    add_smart_host.png
    RegionOffice 365 Account Hostnames
    Europe (Excluding Germany)

    eu-smtp-o365-outbound-1.mimecast.com

    eu-smtp-o365-outbound-2.mimecast.com

    Germany

    de-smtp-o365-outbound-1.mimecast.com

    de-smtp-o365-outbound-2.mimecast.com

    America

    us-smtp-o365-outbound-1.mimecast.com

    us-smtp-o365-outbound-2.mimecast.com

    South Africa

    za-smtp-o365-outbound-1.mimecast.co.za

    za-smtp-o365-outbound-2.mimecast.co.za

    Australia

    au-smtp-o365-outbound-1.mimecast.com

    au-smtp-o365-outbound-2.mimecast.com

    Offshore

    je-smtp-o365-outbound-1.mimecast-offshore.com

    je-smtp-o365-outbound-2.mimecast-offshore.com

  16. Select the Save button.
  17. Select the Next button.
  18. Select the following options:
    • Always use Transport Layer Security (TLS) to Secure the Connection (recommended)
    • Issued by a trusted certificate authority (CA)
  19. Select the Next button.
  20. Select the Next button.
  21. Add an Email Address of a recipient from a domain external to your organization.
  22. Select the Validate button.
  23. Select the Save button once Office 365 has successfully validated your settings.

Disable or remove any other Outbound Send Connectors. Failure to do this means your outbound email still uses theseand isn't routed through us. Any send connectors used for other purposes (e.g archiving) may still be enabled. If in doubt, consult Mimecast Support.

Adding the Office 365 Tenant Domain as an Internal Domain

 

Your Office 365 tenant domain must be added to the list of internal domains available in the Mimecast Administration Console. See the Configuring Internal Domain / Subdomains page for full details. This enables us to recognize certain auto response messages, where the sender address is not a normal internal domain. This is typically in the format @domain.onmicrosoft.com. See the Validating an onmicrosoft.com Tenant Domain page for further details.

 

Verifying Your Configuration

Once this step is complete, Office 365 must be added to your authorized outbounds as an umbrella account. View the Maintaining Authorized Outbound Addresses page for more information.

To verify that Office 365 is successfully routing email outbound via us:

  1. Log on to the Administration Console.
  2. Select the Administration toolbar button.
  3. Select the Gateway | Accepted Email menu item.
  4. Select the View | Outbound menu item.

 

You should see messages from your organization's internal users to external recipients. If you don't see messages shortly after they're sent, this indicates a configuration problem on your Office 365 send connector. Double check your configuration. Use the Office 365 Message Trace Tool in the Mail Flow | Message Trace menu of the Exchange Admin Center to help identify the issue.

10 people found this helpful

Attachments

    Outcomes