locked
Exchange Online Protection Recieve Email Problem from EOP RRS feed

  • Question

  • Hi!

    We are currently migrating from Google Postini to EOP. The trial tenant has been configured and dns is verified on the tenant via TXT record from our Public DNS registrar. Currently there are 4 MX records of google postini published on the internet and those are used to route all the emails to our on premise Edge servers. There are two HUB Transport and Two Edge Servers on our premise. One of the Edge server is used to receive emails from google postini and the other is used to send email to google postini. We created another MX record as was mentioned on the EOP admin center as domain-com.mail.protection.outlook.com with the lowest priority. the priorities of all the MX records for our domain are as follows:

    Priority                          Provider

    0                                  POINTS TO  GOOGLE POSTINI

    15                                POINTS TO  GOOGLE POSTINI

    20                                POINTS TO  GOOGLE POSTINI

    25                                POINTS TO  GOOGLE POSTINI

    90                                POINTS TO  domain-com.mail.protection.outlook.com (EOP)

    All the EOP IPs with port 25 is allowed on our firewall. Inbound and Outbound Connectors are pointing to our on premise sending and receiving EDGE Servers and I am sure about the configuration of Inbound and Outbound Connectors on EOP. After the creation of the MX record of EOP we started getting emails through that MX with priority 90 and was verified by EOP Admin center>mail Flow> Message trace. the status of all the messages are pending. Also we created outbound connector on our on-prem server with domain-com.mail.protection.outlook.com and all the mails are flowing from our on premise server to EOP successfully but we are not able to receive any email from EOP to our on-premise exchange servers. Also no Rules are created on EOP to block any kind of emails from EOP to our On premise servers.

    I just want to ask that do we have to configure Receive connectors on our on-premise servers? if Yes then please provide and specify the Detailed configuration of the Receive connectors along with the best practices.

    I want to make sure that we can receive emails from EOP to our on premise server before switching our MX to highest priority before migrating our production environment to EOP.

    Wednesday, March 26, 2014 5:14 PM

Answers

  • Hi,

    you don't have to configure any specific receive connectors for EOP. You already have one for Postini which you can use, just add the IP address ranges to it and EOP should work.

    The IP address ranges for EOP and FOPE are the same:

    http://technet.microsoft.com/de-de/library/hh510075.aspx

    Greetings

    Christian


    Christian Groebner MVP Forefront

    Wednesday, March 26, 2014 8:22 PM

All replies

  • Hi,

    you don't have to configure any specific receive connectors for EOP. You already have one for Postini which you can use, just add the IP address ranges to it and EOP should work.

    The IP address ranges for EOP and FOPE are the same:

    http://technet.microsoft.com/de-de/library/hh510075.aspx

    Greetings

    Christian


    Christian Groebner MVP Forefront

    Wednesday, March 26, 2014 8:22 PM
  • Thank you Christian for your quick reply and the information you have provided. Wanted to ask about Inbound and Outbound connectors that should be created on Exchange Online Protection admin center. We want to FORCE TLS from our Exchange Organization users to other 150 Organization for all Inbound and Outbound Emails sent or received for compliance reasons through EOP. I want to verify that do we have to create a separate inbound and outbound connector on EOP for each partner domain/organization or we should create Just one Inbound and Outbound Connector to FORCE TLS communication with our partners? We have created a separate Inbound and Outbound connectors on EOP to Opportunistic TLS for all other organizations or domains and these Connectors configured with Opportunistic TLS is working properly. Please help me in verifying the current configuration of Inbound and Outbound connectors with FORCE TLS security and the configuration is as follows:

    Inbound Connector (Force TLS):

    1.General:

    Name: Inbound Connector(Partner), Connector Type: Partner

    2. Security: Force TLS, Domain Restriction: Restrict Domain By Cert, *Certificate: Our Domain Name

    3. Scope: In Sender domains: We Have added all the domain names of our Partners.

    OUTBOUND CONNECTOR:

    1. General> Name: Outbound Connector(Partner), Connector Type: Partner

    2. Security> Trusted CA

    3. Outbound Delivery> MX Record Associated with  Recipient Domain

    4. SCOPE> We have specified Partner domain names and CBR is unchecked

    Also I will be very thankful if you can Please let me know that what should be configured on our on premise servers in detail for sending and receiving the EMAILs using FORCED TLS. i.e, send and receive connectors on our On-premise servers. The details about the on-premise environment can be found in my previous post above. Thanks again Christian for your help and support


    • Edited by Abdullah Salam Thursday, March 27, 2014 6:22 PM Typo Mistake
    Thursday, March 27, 2014 6:18 PM
  • Hi,

    check the following article/video. It should answer your question:

    http://technet.microsoft.com/en-us/library/jj723154(v=exchg.150).aspx

    Greetings

    Christian


    Christian Groebner MVP Forefront

    Friday, March 28, 2014 12:28 PM