Bundle Xeams with Office 365 For Added Security

Microsoft offers a hosted email solution eliminating the need for an in-house Exchange server. There are several benefits of running a spam filtering solution in conjunction with your Exchange server on Office 365. This page talks about benefits and how to configure this solution.

Benefits

  • Junk Filtering - Many companies that have switched from an in-house Exchange to Office 365 still prefer Xeams for their Junk/Spam filtering. Similar to on-premises Exchange, the built-in junk filtering in Office 365's filtering is not very aggressive.
  • Full Control - You have full control over how filtering occurs. It is very important you know why something is quarantined in order to fine-tuning filtering rules. Xeams will give you exactly why something was blocked.
  • Extensive Logging - Extensive logging in Xeams helps troubleshooting common delivery problems.
  • Email Archiving - Archive emails sent to and from your company with the ability to search messages previously sent.
  • Quarantine Reports - You users will get a daily quarantine report with Xeams allowing them to see, and if required, restore messages. Additionally, they will also be able to maintain their own white/black list.
  • End-to-End Encryption - With Xeams you can achieve End-To-End encryption without any plugins in your Outlook.
  • URL Sandbox Protection - Allow users to analyze links before clicking. Click here for details.
  • Safe Attachment Viewer - Safely open attached files by converting them to text. Click here for details.

How to Setup Inbound

You can filter both inbound as well as outbound. Although there is no need to filter outbound emails, Xeams can learn from what goes out making the inbound filtering better.

Following image display the message flow when installing Xeams to filter inbound messages.

O356-Inbound.png


Setup Before Xeams When Xeams is not in the picture

  • Assume your domain name is example.com
  • MX record for your domain will point to something like: example-com.mail.protection.outlook.com

Setup After Xeams When Xeams is configured to sit in front of Office 365

Configuration within Xeams

  • Configure the MX record of your domain so inbound emails come to the network where Xeams is installed
  • Run Xeams in either Hybrid or Spam Firewall mode
  • Configure your domain under SMTP Configuration to forward messages to Office 365. You should put example-com.mail.protection.outlook.com for the address in the Forward To field.

Configuration in MS Exchange on Office 365

  • Create a rule to disable built-in spam filtering when emails are received from your IP address using following steps:

Office 365 IP Throttling

When using Xeams in the front, servers on Office 365 will see every message coming from your IP address, which could kick in the rate limits on Microsoft's end and you could see the following error message in the SMTPOutboundConversation.log.

451 5.7.(500-699) Server Busy. Please try again later.

The following steps are copied from this page on Microsoft's site to add a connector, which resolves this issue.

  • Log in to Exchange portal on https://outlook.office365.com/ecp/default.aspx
  • Click mail flow
  • Click connectors
  • Click the icon to add a new connector.
  • Select Partner organization for the From and Office 356 for To, similar to the image below. Screen shot...
  • Provide a name for this connection on the following screen.
  • Select Use the sender's IP address on the following screen. Screen shot...
  • Add the IP address where Xeams is running on the following screen.
  • Next, leave Reject email messages if they aren't sent over TLS. Screen shot...
  • Finally, save the settings

How to Setup Outbound

Inbound filtering rules are improved when you let Xeams look at messages that are going out to users on the Internet. There are two ways to accomplish this:

  • Method 1 - (preferred) Let Exchange Online send outbound emails but configure it to add a BCC address that comes to Xeams. Click here for details on how to accomplish this goal.

    This is the preferred method since it reduces an extra network hop and requires less configuration.

  • Method 2 - Rerouting every outbound email through Xeams. Click here for details on how to accomplish this goal.