Connect Application: Securing Your Inbound Email (On Premise / Hybrid Exchanges)

Document created by user.oxriBaJeN4 Employee on Apr 13, 2016Last modified by user.oxriBaJeN4 Employee on May 29, 2019
Version 17Show Document
  • View in full screen mode

Applies To...


This page applies to new clients connecting with Mimecast using the Connect Application with an On Premise or Hybrid exchange. If you are using an Office 365 exchange, see the Connect Application: Securing Your Inbound Email (Office 365) page. If you're not using the Connect Application, click here.


Securing Your Inbound Email


Once you have completed all the Connect Application tasks, you must lock down your organization's firewall on port 25 to the Mimecast Data Center IP Ranges. The Connect Application will display the relevant IP Ranges for your account.


This ensures your emails are scanned by the Mimecast security systems to prevent viruses and spam from reaching your internal environment. 


To secure your inbound email, you must:

  • Ensure all emails are being delivered by Mimecast only, before locking down your firewalls.
  • Remove any other MX Records.

If your firewall is managed by a third party provider, you'll need to provide them the IP Ranges so they can lock down the firewall for you.

Testing Your Firewall is Secure


Once you have locked down your firewall, you can run the firewall test from the Connect Application to determine if the lockdown was successful.


To test your firewall and complete the task:

  1. Click on the Gateway | Secure Your Inbound Email menu item.
  2. Click on the Start button. Our Inbound IP Ranges are displayed.
  3. Set up Mimecast as your only trusted email source. See the "Securing Your Inbound Email" section above.
  4. Click on the Next button.
  5. Click the Test Host link to test your On Premise or Hybrid connection. A popup dialog is displayed.
  6. Enter a valid internal email address and click Test. Your firewall's status is displayed as one of the following:

    • Secured: The host has rejected the recipient. This is the desired outcome
    • Not Secured: The host has accepted the recipient.
    Hybrid Inbound Secure
  7. Click the More or Less link to toggle the view of your domain's route information.
  8. When you're ready, click the Confirm button. A summary of your secure inbound email connection is displayed.


See Also...