Connection of NoSpamProxy in Office 365
Please use the current documentation Integrating NoSpamProxy into Office 365, into Microsoft Azure and as an on-premises solution and Integrating NoSpamProxy Encryption into Office 365, into Microsoft Azure and as an on-premises solution respectively.
Since version 10 the full integration of NoSpamProxy in Office 365 is possible. This article describes the configuration steps required in both NoSpamProxy configuration and Office 365.
An article at Microsoft is worth mentioning in this context that no other SMTP hosts are allowed between an on-premises Exchange CAS or Exchange Edge Transport Server and Exchange Online Protection (EOP). Since NoSpamProxy always works before the complete Exchange infrastructure, this hint can be ignored.
Enabling Office 365 as a relay host
First, Office 365 must be allowed as relay host in the NoSpamProxy configuration. This step is necessary so that e-mails can be sent from Office 365 to external communication partners through NoSpamProxy. Otherwise NoSpamProxy would recognize and reject the email as a relay abuse attempt.
To allow Office 365 as relay host, switch to the “Configuration / E-mail routing” menu in the NoSpamProxy MMC. In the upper section, the “Corporate email servers” are specified.
Now select the domains that you have configured in Office 365 and that will appear in the sender address for outgoing Emails. If you do not find all domains here, you must add the missing domains in the menu “People and identities / Domains and users” and there in the section “Owned domains”. You are also welcome to do this at a later date. Click on Next.
Forwarding to Office 365
Next, NoSpamProxy is configured to forward all incoming emails to Office 365. To do this, you must edit the inbound send connectors in the “Configuration / E-mail routing” menu. If inbound emails are to be sent to Office 365, it is absolutely necessary to switch NoSpamProxy to the so-called queue mode. To do this, click on “Switch to queued delivery” in the “Inbound send connectors” section. The “Change delivery” dialog opens.
Next, you must enter a certificate for the “client identity”. This will authenticate NoSpamProxy to the Office 365 server. To do this, click Select certificate. The dialog for selecting the certificate opens.
Now select the certificate created by NoSpamProxy during setup. ou can recognize it by the fact that it contains the host name and has a validity of about 50 years. Alternatively, you can select a TLS certificate that you have purchased in advance from a trusted certification authority such as D-Trust, SwissSign or GlobalSign. The advantage is that you can select this certificate in the Office 365 environment to prevent man-in-the-middle attacks.
Select the certificate and click Select and close.
Office 365 Configuration
Finally, the Office 365 Tenant is configured so that outbound emails are not delivered directly to the recipient server, but first to NoSpamProxy.
Log in to your Office 365 Tenant using the following link:
Use a user with administration rights. This is the only way to select the “Message flow” menu item in the Exchange interface.
On the first page, select Office 365 in the “From” field and e-mail server of your organization in the “To” field. This setting sends outgoing emails from the Office 365 Tenant to NoSpamProxy. Click on Next.
In this dialog you configure the connection encryption. Always activate the option “Always use TLS to secure the connection”. Select the item “All digital certificates, including self-signed certificates” in the selection dialog below and click Next.
You will now receive a summary of the information you have entered so far.
In the next step, the wizard wants to check the connector settings.
Next, a transport rule must be created. To do this, click on Rules in the “Message Flow” menu at the top of the Office 365 administration interface.
In the “Proceed as follows” field, set “Use the following connector” and then specify the previously created connector. This setting can be made using the Add Action button. If you can only select “People” at this point, please click on Advanced options in the lower section. Now you can select the “Use the following connector…” under “Forward the message to” and then use the previously created connector.
All necessary settings have been made and the test can begin.