Mailflow with Microsoft 365 (formerly Office 365)

In order to process incoming and outgoing mails via the appliance, the following conditions are necessary:

  • The MX record for the mail domain must point to the REDDOXX appliance (or to the company firewall that is responsible for routing to the appliance).
  • The domain must be configured and set up in Exchange Online (for this, it is first necessary that the DNS entries point to O365, then the MX record can be changed to the REDDOXX Appliance).
  • E-mail addresses of the domain (with mailboxes and licensing) must already be configured.
  • A valid SSL certificate must be added in the REDDOXX Appliance and used in the TLS settings for the SMTP Receive Connector and in the SMTP Transport Policy.
  • DKIM must be configured for the domain (note that CNAME entries must be set to create the two selectors).
    You can do this e.g. via
nslookup -q=cname selector1._domainkey.YOURDOMAIN.TLD

and the result must be a non-authorising response:

Enter the domain(s) in the Appliance Admin web interface => Configuration => Local Domains

Configure the transport rules in the Appliance Admin web interface for each domain so that they point to the corresponding Microsoft 365 MX record.

Specify the corresponding domain for the recipient addresses.

Use the SSL certificate in the TLS settings.

In the Transport tab, enter the MX record that is displayed in O365 for your domain as the smarthost.
You can see the DNS name required for this in the Microsoft 365 domain view::


In the advanced tab, set the FQDN according to your appliance.

In the Local Domains of the appliance, configure the option "Hosted Exchange" for the O365 domains.
Setting Local domains

Also configure DKIM for the Local Domains so that outgoing emails can receive a correct DKIM signature.
This is especially necessary when using the MailSealer.

  1. Log in to the Exchange Admin Center
  2. Create a new connector (Email Flow => Connectors => Add Connector) and adjust the settings accordingly (the following screenshots serve as an example):

Select the MX of your REDDOXX Appliance here:

Enter the name of the SSL certificate that is used in the REDDOXX Appliance:

Even if the test fails, accept the save with "Yes", as the connector is necessary for the configuration of the transport rule.

  1. Create a new transport rule (Email Flow => Rules => Add a Rule => Create a New Rule)