PMG - Office 365 Mail flow

facyber

New Member
Sep 9, 2020
23
5
3
Hi everyone,

I was wondering if anybody (or believe it is possible to) setup that all incoming mails must go first through the PMG first then to the office 365? We tried with guidance from Mailrpotector when it comes to the Office365 configuration, but still mails can be send directly and not pass through the PMG. Not sure if there is something additional that needs to be configured from PMG side.

We are slowly migrating domains from old mail protection solution to PMG (community license), but two days ago we noticed throttling, there were quite number of mails in queue and after setting up this connector, after flushing mails they were all sent. Still investigating what could be the issue, I suspect IP reputation (but we are very carefull with this), but then again our IP wasn't blacklisted, only mails were delayed. Not sure if anyone experienced something like this.

Thanks,
facyber
 
I was wondering if anybody (or believe it is possible to) setup that all incoming mails must go first through the PMG first then to the office 365? We tried with guidance from Mailrpotector when it comes to the Office365 configuration, but still mails can be send directly and not pass through the PMG. Not sure if there is something additional that needs to be configured from PMG side.
I have no experience with office 365 - but technically speaking making "sure" that all mails go via PMG to office 365 can be done e.g. in the following 2 ways:
* set up a firewall rule in front of office365, which only allows access on port 25 from your PMG (this assumes that you have a dedicated IP for your domains, since else all other office365 customers would also need to take that route ;)
* configure some ACL inside office365, which denies access for your domain from anything but your PMG (on SMTP-level)

However both of these things need to be setup on the office365 side.

(in most cases it should be enough simply to configure your MX record to point to your PMG, which then relays the mail - even though some spammers might still decide to use the office365 IP)

Still investigating what could be the issue, I suspect IP reputation (but we are very carefull with this), but then again our IP wasn't blacklisted, only mails were delayed.
could be many things - e.g. greylisting - without logs it's not really possible to track this down.

I hope this helps!
 
Hi Stoikov,

Thanks for the help. Will then check that up, that was also something we had in mind but still wanted to check to be sure. We tried this Mailprotection guidance and indeed we set only PMG IP but we were still able to send a mail that went straight to office365, not through the PMG.

Correct, forgot to mention the error message I saw in Tracking Center. Basically it was this issue and after more search it usually ends on this official Microsoft page for this error and setting up that Connector. Maybe this will be more of help for somebody else.

After we setup that Connector for one domain and flushed mails,they all went good but there were other still in queue. This morning when I checked Queue, those other mails were also sent so it could be greylisting ineed.

Cheers
 
Try Sigsync Office 365 email Signature, Its server side email signature. You can configure it once, you will have a consistent, tamperproof email signature for all your users. It grabs all of the user data from our Active Directory. You can use it for branding, advertising, and disclaimers.

Visit: Email Signature manager Office 365
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!