locked
Exchange Online with Inbound/Outbound Gateway RRS feed

  • Question

  • Hi all,

    can i use Exchange Online / BPOS with our own MX records?

    We would like to use our own inbound and outbound gateway.

    -- 

    Hendrik

    Thursday, October 21, 2010 12:43 AM

Answers

  • Thanks Chad.  One other point is that blocking all internal IP addresses doesn't work if the sender is in BPOS since it, technically, will come from an internal IP address.

    The only way to force email to follow this specific path (other than internal email), is to follow the default External Relay (Co-Existence) scenario:

    1.  MX record points to on-premise

    2.  On-premise forwards to domain.microsoftonline.com

    3.  Domain indicated as External Relay in MOAC.

    4.. Optional: employ a support engineer to help create a record in FOPE for the domain to point to on-premise.


    If it wasn't difficult, it wouldn't be fun, but why's it got to be this much fun.
    Monday, November 1, 2010 3:49 AM

All replies

  • Inbound you could use your own gateway, outbound would go right out from BPOS to the end recipient.  The next release should give you more options on the outbound.

    Chad


    Chad Mosman, MessageOps | www.MessageOps.com
    Thursday, October 21, 2010 1:41 AM
  • Hi Chad,

    thanks. And how does it work with an inbound relay?

    Our inbound relay (public MX record) is receiving the mails and with the mailertable feature we forward it to microsoft?

    For example:

    /etc/mail/mailertable
    ourdomain.com esmtp:mail.global.frontbridge.com

    Can i set our inbound relay (MX record ip address) to a whitelist ?

    --

    Hendrik

    Thursday, October 21, 2010 10:57 AM
  • Hi Hendrick, I'm not that familiar with the mailertable, but it sounds right. 

    Essentially the mx would point to your gateway, which would accept the message, scan it, and then forward it to mail.global.frontbridge.com. 

    On the Microsoft Online side, the domain would have to be enabled for inbound mailflow.  So if someone was tricky they could bypass your local gateway and send directly to Microsoft online.  The chances of that seem low, but in talking with support about this in the past, they did tell me it was possible to block all IP addresses and then just allow the IP address of your server.

    Hopefully that helps.

    Chad


    Chad Mosman, MessageOps | www.MessageOps.com
    Thursday, October 21, 2010 12:54 PM
  • Thanks Chad.  One other point is that blocking all internal IP addresses doesn't work if the sender is in BPOS since it, technically, will come from an internal IP address.

    The only way to force email to follow this specific path (other than internal email), is to follow the default External Relay (Co-Existence) scenario:

    1.  MX record points to on-premise

    2.  On-premise forwards to domain.microsoftonline.com

    3.  Domain indicated as External Relay in MOAC.

    4.. Optional: employ a support engineer to help create a record in FOPE for the domain to point to on-premise.


    If it wasn't difficult, it wouldn't be fun, but why's it got to be this much fun.
    Monday, November 1, 2010 3:49 AM