Mailflow with Microsoft 365 (formerly Office 365)

In order to process incoming and outgoing mails via the appliance, the following conditions are necessary:

  • The MX record for the mail domain must point to the REDDOXX appliance (or to the company firewall that is responsible for routing to the appliance).
  • The domain must be configured and set up in Exchange Online (for this, it is first necessary that the DNS entries point to O365, then the MX record can be changed to the REDDOXX Appliance).
  • E-mail addresses of the domain (with mailboxes and licensing) must already be configured.
  • A valid SSL certificate must be added in the REDDOXX Appliance and used in the TLS settings for the SMTP Receive Connector and in the SMTP Transport Policy.
  • DKIM must be configured for the domain (note that CNAME entries must be set to create the two selectors).
    You can do this e.g. via
nslookup -q=cname selector1._domainkey.YOURDOMAIN.TLD

and the result must be a non-authorising response:
cname

Enter the domain(s) in the Appliance Admin web interface => Configuration => Local Domains
01-local-domain

Configure the transport rules in the Appliance Admin web interface for each domain so that they point to the corresponding Microsoft 365 MX record.
02-transport-policy

Specify the corresponding domain for the recipient addresses.
04-transport-policy

Use the SSL certificate in the TLS settings.
05-transport-policy

In the Transport tab, enter the MX record that is displayed in O365 for your domain as the smarthost.
You can see the DNS name required for this in the Microsoft 365 domain view::

06-transport-policy

In the advanced tab, set the FQDN according to your appliance.
07-transport-policy

In the Local Domains of the appliance, configure the option "Hosted Exchange" for the O365 domains.
Setting Local domains

09-local-domain
Also configure DKIM for the Local Domains so that outgoing emails can receive a correct DKIM signature.
10-local-domain
This is especially necessary when using the MailSealer.

  1. Log in to the Exchange Admin Center
  2. Create a new connector (Email Flow => Connectors => Add Connector) and adjust the settings accordingly (the following screenshots serve as an example):
    11-connector
    12-connector
    13-connector

Select the MX of your REDDOXX Appliance here:
14-connector

Enter the name of the SSL certificate that is used in the REDDOXX Appliance:
15-connector

Even if the test fails, accept the save with "Yes", as the connector is necessary for the configuration of the transport rule.
16-connector

  1. Create a new transport rule (Email Flow => Rules => Add a Rule => Create a New Rule)
    17-regel
    18-regel
    19-regel