integrating nospamproxy into office 365 nospamproxy 13 · 2020-04-30 · configuring microsoft...

NoSpamProxy 13.1

Integrating NoSpamProxy into Office 365

• Protection• Encryption• Large Files

ImprintAll rights reserved. This manual and the depicted applications are copyrighted products of Netat Work GmbH, Paderborn, Germany and are subject to change without notice. The informationcontained in this manual does not represent any grounds for liability, warranty or other claims.No part of the publication may be reproduced without prior written permission by Net at WorkGmbH.Copyright © 2019 Net at Work GmbHNet at Work GmbHAm Hoppenhof 32aD-33104 Paderborn

TrademarksMicrosoft®, Windows®, Windows Server 2008®, Windows Server 2012®, Windows Server2012 R2® und Windows Server 2016® are registered trademarks of Microsoft Corporation.NoSpamProxy® is a registered trademark of Net at Work GmbH.

1 October 2019

Contents

1. Introduction ........................................................................................................................... 42. Configuring Microsoft Azure ................................................................................................. 5

Setting up a static IP address for the NoSpamProxy server ................................................ 5Configuring the reverse DNS entry for the NoSpamProxy server ........................................ 5Activating the Azure proxy server for NoSpamProxy ........................................................... 5

3. Enabling Office 365 as relay host ........................................................................................ 74. Setting Up Forwarding to Office 365 .................................................................................. 105. Configuring Office 365 ........................................................................................................ 166. Checking the connector settings ........................................................................................ 237. Creating a transport rule .................................................................................................... 248. Using NoSpamProxy in Office 365 with Exchange Online ................................................. 27

Step 1: Creating an inbound connector for the domain * ................................................... 27Step 2: Creating a transport rule to deactivate the spam filter ........................................... 36

9. Help and support ................................................................................................................ 40

Net at Work GmbH1 October 2019

Introduction

1. Introduction

Since version 10 NoSpamProxy can be fully integrated into Microsoft Office 365. This manual describesthe configuration steps for NoSpamProxy and Office 365 as well as for the server environment used.

Configuring Microsoft Azure

2. Configuring Microsoft Azure

After integrating NoSpamProxy into Office 365 and installing NoSpamProxy in Microsoft Azure, emailsare no longer sent through Office 365, but directly through NoSpamProxy. To allow NoSpamProxy tosend emails, you must configure your NoSpamProxy installation in Microsoft Azure accordingly. Thisconfiguration covers three areas.

Setting up a static IP address for the NoSpamProxy server

This is done on the virtual machine in Microsoft Azure on which NoSpamProxy isinstalled.

Open the website portal.azure.com.

Under Home/Virtual Computers, click on the virtual computer on which NoSpamProxy is installed.Go to Network/Network Interfaces/IP Configurations and click on the configuration relevant forNoSpamProxy. Activate the option Public IP Address and click on Create new. Enter a name andselect the option Static.

Click OK.

The IP address is now displayed under the specified name.

Configuring the reverse DNS entry for the NoSpamProxy server

To configure the reverse DNS entry, follow the instructions in the section Configure reverse DNS forservices hosted in Azure of the Microsoft Azure documentation.

If SPF entries (Sender Policy Framework entries) exist, you must enter the IP addressof the NoSpamProxy server as a permitted sender. Alternatively, you can also enter thedomain name proxy.nospamproxy.de.

Activating the Azure proxy server for NoSpamProxy

The NoSpamProxy server cannot send emails via port 25 in Microsoft Azure. In addition, emailaddresses are often blacklisted by Microsoft Azure. For these reasons, we provide our customers with afree proxy server that eliminates these problems.

You must activate this proxy server via the "Gateway Role.config" file. To do this, proceed as follows:

Stop the gateway role.

portal.azure.com

https://docs.microsoft.com/en-gb/azure/dns/dns-reverse-dns-for-azure-services#reverse-dns-for-publicipaddress-resources

https://docs.microsoft.com/en-gb/azure/dns/dns-reverse-dns-for-azure-services#reverse-dns-for-publicipaddress-resources

Configuring Microsoft Azure

Go to C:\ProgramData\Net at Work Mail Gateway\_Configuration and open the file GatewayRole.config. Search for the tag <netatwork.nospamproxy.proxyconfiguration>. Add the tag<smtpServicePointConfiguration isProxyTunnelEnabled="true" /> anywhere within the above tag.

The tag <smtpServicePointConfiguration> may already exist. In this case, you only haveto add the attribute.

Enabling Office 365 as relay host

3. Enabling Office 365 as relay host

In this step, you allow Office 365 in the NoSpamProxy configuration as relay host. This allows emailsfrom Office 365 to be sent to external communication partners through NoSpamProxy. OtherwiseNoSpamProxy will recognize and reject the email as a relay abuse attempt.

In the NoSpamProxy MMC go to the menu Configuration/Email routing.

Picture 1: Email routing overview page

Under Corporate email servers, click Add.The dialog „Manage corporate email servers“ opens.


Picture 2: Selecting server identification

As type, select As Office 365 tenant and click Next.

Picture 3: Selecting the endpoint

Make the appropriate selection for your organisational environment under Endpoint.

Then, enter your client ID. Make sure you enter the name of the ID (not the ID in hexadecimal notation).Then click Next.


Picture 4: Selection of assigned own domains

Under Assigned Owned Domains, select the domains that you have stored in Office 365 and that willappear in the sender address for outbound emails.

If you don't find all domains here, you need to add the missing domains under People and identities/Domains and users/Owned domains. This is also possible at a later date.

Click Next.

If necessary, enter a comment and then click Finish. The email server has been created.

Setting Up Forwarding to Office 365

4. Setting Up Forwarding to Office 365

In this step, you configure NoSpamProxy to forward all inbound emails to Office 365. To do this, theinbound send connectors must be edited.

Go to Configuration/Email routing.

Picture 5: Editing the inbound send connectors

Under Inbound send connectors, click Switch to queued delivery .

In the dialog Change delivery, select Replace delivery.


Picture 6: Selecting the connector type

In the following dialog, select Office 365 and click Next.


Picture 7: General settings for the connector

Enter any name for the incoming send connector, then select the gateway role to process emails toOffice 365. Then click on Next.


Picture 8: Selecting the certificate for the client identity

Now enter a certificate for the client identity which NoSpamProxy can use to authenticate itself to theOffice 365 Server.

Click Select certificate.


Picture 9: Selecting from the list of available certificates

In the following dialog, select the certificate created by NoSpamProxy during setup. You can recognizeit by the fact that it contains the host name and is valid for about 50 years. Alternatively, you can selecta TLS certificate that you have purchased in advance from a trusted certificate authority such as D-Trust, SwissSign or GlobalSign. The advantage is that you can select this certificate in the Office 365environment to prevent man-in-the-middle attacks.

Click Select and close.


Picture 10: The certificate for the client identity has been selected

Click Finish. The configuration for NoSpamProxy is now complete.

Configuring Office 365

5. Configuring Office 365

In this step you configure the Office 365 client to deliver outgoing emails not directly to the recipientserver, but to NoSpamProxy first.

To do this, log on to your Office 365 client under https://outlook.office365.com/ecp. Use a user withadministrative rights.

Picture 11: The Exchange Admin Center

In the Exchange Admin Center go to Message Flow/Connectors, then click the Plus sign. The wizardfor creating a new connector opens.

https://outlook.office365.com/ecp


Picture 12: Choosing the messaging scenario

On the first page, select Office 365 in the From field. In the To field, select the Your organization'semail server. Then click Next. This setting sends outbound emails from the Office 365 client toNoSpamProxy.


Picture 13: Creating a new connector

On the next page, enter any name for the connector. Uncheck the box next to "Keep internal Exchangeemail headers (recommended)". Enter a description if required. Then click Next.


Picture 14: Settings for the new connector

On the next page, select Only when I have a transport rule set up that redirects messages to thisconnector. Then click Next.


Picture 15: Adding a smarthost

On the next page, specify the smarthost you want Office 365 to send the emails to. Enter the name or IPaddress of the server on which the gateway role is installed. Then click Save.


Picture 16: Connection encryption settings

Then configure the connection encryption in the following dialog. Always activate the option Always useTransport Layer Security (TLS) to secure the connection (recommended). In the selection dialogbelow, select the item Any digital certificate, including self-signed certificates and click Next.


Picture 17: Summary of the information entered

A summary of the information you have entered so far is displayed. Verify that this information is correctand then click Next

Checking the connector settings

6. Checking the connector settings

In this step the wizard checks the connector settings. One or more email addresses are required for this.

Enter one or more email addresses that you want to use to check this connector.

Picture 18: Checking the connector

Click Validate. One or more test messages will be sent. Upon completion of the examination you willreceive a result of the examination.

The test message usually fails. You can ignore this at first.

Click Save to close the dialog.

Creating a transport rule

7. Creating a transport rule

In this step you create a transport rule.

Picture 19: Creating a transport rule

In the Office 365 administration interface, go to Message Flow/Rules.

Click the plus icon, then select the Create a new rule option. The wizard for creating a new transportrule opens.


Picture 20: Customising the behaviour of the rule

Enter any name for the rule.

Under Apply this rule if, set the following options: The recipient is located and Outside theorganization. Then click Add Condition.

Under Do the following, select the option Use the following connector. Select the connector you justset up and click Add action.

If only the option "Persons" is available, click More options. Under Redirect the message to, select thefollowing connector. Then, select the connector you created.


Picture 21: Further settings for the new transport rule

Apply the remaining settings as shown in the screenshot, then click Save.

Using NoSpamProxy in Office 365 with Exchange Online

8. Using NoSpamProxy in Office 365 with Exchange Online

If you use NoSpamProxy in Office 365 in conjunction with Exchange Online, you must make additionalsettings in your tenant to ensure spam protection.

Step 1: Creating an inbound connector for the domain *

To prevent the delivery of unwanted emails you need to create an inbound connector. This connector willonly allow emails from certain IP addresses for the domain "*", which is either your own email server orNoSpamProxy. A corresponding Partner Connector is required for this.

To create the Partner Connector in Powershell, enter the following:

# Request login data for Office 365 Exchange Online $UserCredential = Get-Credential

# Instance Remote PowerShell Session $Session = New-PSSession ` -ConfigurationName Microsoft.Exchange ` -ConnectionUri https://outlook.office365.com/powershell-liveid/ ` -Credential $UserCredential ` -Authentication Basic ` -AllowRedirection

# Importing CMDLets Import-PSSession $Session

# Creating Connector New-InboundConnector ` -Enable $True ` -Name "Inbound only from Antispamrelay" ` -SenderDomains * ` -RestrictDomainsToIPAddresses:$true ` -RequireTls:$true ` -SenderIPAddresses[ServerOnWhichTheGatewayRoleIsInstalled]

Remove-PSSession $Session

You can also provide the certificate of the sending gateway instead of the IP address.

To create the Partner Connector using the Exchange Control Panel, proceed as follows:


Picture 22: Connecting the partner organisation to Office 365

Go to Message Flow/Connectors and click the Plus sign.


Picture 23: Adding name and description of the connector

In the dialog box, select Partner organization and Office 365. Then click Next.


Picture 24: Determining the identification of the partner organisation

In the New Connector dialog, enter a name for the connector. Add a description if necessary. Leave thecheckbox next to Switch on ticked. Then click Next.


Picture 25: Adding the partner domain

In the following dialog box, select Use sender domain. Then click Next.


Picture 26: The domain *

On the following page, click the Plus sign.


Picture 27: Entering the domain *

Enter star ("*") as the domain name. Then click OK. On the next page, click Next.


Picture 28: Rejecting emails that do not originate from *

On the next page, check reject emails if they are not sent from this address range. Click on Next.


Picture 29: Adding the IP address of the gateway role

In the dialog Add IP address enter the address of the server on which the gateway role is installed.Click OK.


Picture 30: Summary of the information entered

You will receive a summary of the information provided by you. Check the information for accuracy andclick OK.

The new connector now appears under Message Flow/Connectors.

Step 2: Creating a transport rule to deactivate the spam filter

Go to Message Flow/Rules.


Picture 31: Creating a rule to bypass spam filtering

Click the Plus sign and select Bypass spam filtering from the drop-down menu.

Enter a name for the rule.


Picture 32: Specifying the address range to which the rule applies

Under Apply this rule if, select the option Sender and then IP is in one of these ranges or matchesexactly with.

Picture 33: Specifying the IP address of the gateway role


In the Specify IP address ranges dialog specify the IP address of the server on which the gateway roleis installed.

Click the Plus sign/Add, then click OK. Then click Save.

The rule is now set up. Spam protection for using NoSpamProxy in Office 365 with Exchange Online isactive.

Help and support

9. Help and support

Net at Work offers many forms of help and support for the installation and the operation ofNoSpamProxy.

• Training videosTraining videos provide an overview of different areas and include step-by-step configurationtutorials as well as practical examples.

• BlogThe Blog provides daily updated alerts for new product versions, suggested changes to yourconfiguration, warnings on compatibility issues and more help. To make sure you do not missany important advice, you can also find the latest news from the blog on the start page of theNoSpamProxy configuration console.

• Knowledge BaseThe Knowledge Base contains additional information on specific issues.

• SupportIf you require additional support, please visit our support website.

https://service.nospamproxy.de/Link/Tutorials

https://service.nospamproxy.de/Link/BlogDe

https://service.nospamproxy.de/Link/KnowledgeBase

https://service.nospamproxy.de/Link/Support

integrating nospamproxy into office 365 nospamproxy 13 · 2020-04-30 · configuring microsoft...

Documents