Jump to:navigation, search
Wiki

Securepoint Mail Security with Office365

From Securepoint Wiki





notempty
Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty
Der Artikel für die neueste Version steht hier

notempty
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Beta-Version bezieht

































































  • Select Connection with  Partnerorganisation }}






























  • Note

    This article includes descriptions of third-party software and is based on the status at the time this page was created.
    Changes to the user interface on the part of the manufacturer are possible at any time and must be taken into account accordingly in the implementation.
    All information without warranty.









    • Example configuration of Mail Security with Office 365

    Last adaption: 03.2025

    New:
    • Routen werden mittels TXT-Record in der Domain authentifiziert und stehen unmittelbar zur Verfügung
    • Aktive Routen werden jetzt mit einer aktivierten Schaltfläche angezeigt
    notempty
    This article refers to a Beta version
    -
    Access: mailsecurity.securepoint.de mail.security

    Introduction

    This HowTo describes how to set up Securepoint Mail Security with Microsoft Office 365.

    An email sent to an Microsoft office 365 mailbox is first received by the upstream Securepoint Mail Security.
    Securepoint Mail Security scans the email for spam and malware. If non is detected, Mail Security forwards the email to the Office 365 mailbox.

    The same applies to outgoing emails. When an email is sent from an Office 365 mailbox, Mail Security checks the outgoing email after it is sent from Office 365 for spam and malware. If no threats are detected, Mail Security forwards the email to its final destination.



    The following setup steps are required:

    1. Set up an inbound and outbound route in Mail Security
    2. Configure Office 365, assign domain, set up receive and send connectors
    3. Adjust the DNS entries
    notempty
    This order is important to ensure that emails can continue to be delivered during setup process.


    Find domains

    Under admin.microsoft.com in Settings → Domains, the existing domains are displayed resp. new ones can be created

    • Select or create the desired Microsoft 365 domain, for example ttt-point.de, which should be verified by Securepoint Mail Security


    Set up Mail Security

    Domäne hinzufügen

    Zu Beginn der Einrichtung wird zunächst unter mail.security Domains über die Schaltfläche eine neue Domäne hinzugefügt.
    Caption Value Description
    Domäne hinzufügen
    Domain ttt-point.de Domain for delivering emails to the Microsoft 365 mailbox
    In Zwischenablage kopieren Kopiert den Wert des TXT-Eintrags in die Zwischenablage
    • A new TXT record in the provider's domain settings is required for validation.
      • The required value for the TXT record must be copied and pasted from the Mail Security Portal.
      • For some providers, a name is also required, this is usually ‘’@.
      • A low TTL (e.g. 1 minute) can also speed up the process.
    • As soon as the entry is set at the provider, the domain can be added in the portal with the Confirm button.

    Create inbound route

    In the second step, an incoming route is created.
    This can be done under mail.security Inbound using the button.
    Activated    Indicates whether the route is being used
    Create inbound route
    Create new set Default Create a new set for a route
    Description TTT-Point Inbound Name of the set
    Required field
    Route description     Description of the inbound route
    Domain ttt-point.de Domain for delivering emails to the Microsoft 365 mailbox
    Target protocol ESMTP_TLSOPT The default target protocol is usually sufficient
    Target server mx-ttt-point-de.mail.protection.outlook.com Target server, i.e., the mail server of the Microsoft 365 mailbox
    Exchange Online: If possible, the domain should be entered here, as its IP address could be changed by Microsoft, and this route might stop working.

    The target server can be found in Office365 Portal:
    • Under Settings → Domains select the corresponding domains
    • Look for the MX Record Entry
    • Under Points to address or value you will find the name of the target server, following the pattern meine-domain-de.mail.protection.outlook.com
      Required field
    From the displayed options Greylisting and Enable SPF check confirm the selection.
    This inbound route is created via the button Create
    The route is available immediately, but can still be configured. (see Edit inbound routes).
    The configuration can be verified by sending a test email. If everything is set up correctly, this email should appear under mail.security Emails with the status delivered

    Create outbound route

    Next, an outbound route is created.
    This is possible under mail.security Outgoing using the button
    Caption Value Description
    Creating an outbound route
    Activated    Indicates whether the route is being used
    Create new set Default Create a new set for a route
    Description TTT-Point Outbound Name of the set
    Route description     Description of the inbound route
    Relay Mail Security acts as the smarthost for outgoing emails in the outbound route
    Relay mx.ttt-point.de Relay domain for the smarthost
    The complete relay address that needs to be entered in Office365 can be displayed later when the complete route is edited. In this case, for example, it is: mx-ttt-point-de.relay.mymailwall.com
    Required field
    Check sender mailbox    Outgoing user validation (This asks the receiving mail server whether the sender exisits)
    Destination type MX An email server (MX) receives the email
    Required field
    Target protocol ESMTP_TLSOPT The default target protocol is usually sufficient
    Required field
    From the displayed options confirm Allow bounce
    This inbound route is created via the button Create
    Once the route is visible, it can still be configured (see Edit outbound route).

    Set up Microsoft 365

    Configure the receive connector

    A receive connector must be configured so that the Microsoft Exchange Online can receive emails from Mail Security.

    1. New Connector: Select Connection from  Partner organization, Connection to will then be filled in automatically
    2. Name: Choose an appropriate name and optionally a description
    3. Sent email will be authenticated: select the second option and enter the IP address from the welcome email, then click on to ensure the IP address is added
      the welcome email is received after ordering mail security
    4. Security restrictions: The desired security restrictions can be configured
    5. Verify connector: After succesfully testing the configuration, the receive connector is ready to use


    Configure send connector

    A send connector must be configured so that Microsoft Exchange can send emails to Securepoint Mail Security

    1. New Connector: Select Connection from  Office 365, Connection with  Partnerorganisation
    2. name: Choose an appropriate name and optionally add an description
    3. Usage of the connector:  Only, when I have set up a transport rule that redirects messages to this connector
    4. Routing:  route email through these smarthosts and use the smarthost from the outbound route in Mail Security under the Relay section
    5. Security restrictions: Configure as desired
    6. Validation email: Email address for verification
    7. Verify connector: After succesfully testing the configuration, the send connector is ready for use

    Afterward, a rule must be added to ensure this send connector can be used.


    Add rule

    After the send connector has been set up, a rule must be created in Microsoft Office 365 to ensure that this connector can be used.

    1. In the burger menu, select Create a new rule
    2. Set the rule conditions:
      1. Choose an appropriate name
      2. Apply this rule, if: the recipient is external/internal outside the organization
      3. Proceed as followed: Redirect message to the following connector and select the previously created connector there
    3. Set rule settings: Adjust the conditions of this rule as desired
    4. Review and complete: The configuration can be reviewed again and corrected if necessary
    5. Use the Finish button to create this rule
    notempty
    After the creation, the rule must be activated manually. Until it is activated, no emails will be routed through Mail Security

    To minimize downtime and avoid potential errors, the rule should only be activated after the MX record has already been switched to

    Mail Security!

    Adjust DNS entries

    First, two DNS entries of the affected domain must be adjusted, as emails are to be routed through the Mail Security server to Microsoft Office 365.
    managed via the domain's DNS management
    • The MX record must be set to mx.mymailwall.com
    • the SPF record must be updated to include mymailwall.com
    This can be verified using the following terminal command: host -t mx DOMAIN
    host -t mx mx.ttt-point.de
    mx.ttt-point.de mail is handled by 10 mx.mymailwall.com.

    Once the DNS entries have been succesfully redirected, the previously created rule can be activated


    Retrieved from "https://wiki.securepoint.de/index.php?title=Mailsecurity/Office365_v2025.10&oldid=99606"