C370 email security appliance as a relay between O365 and Exchange Edge

MM NZ · ‎03-22-2017

Hi,

Due to a security constraint, I have a request to route all in/out email between Office 365 and the on-premises Exchange Edge servers through a C370 email security appliance.

I have not found any information regarding such a scenario and was wondering if this can be achieved or not.

Microsoft's recommendation is not to have an email relay between O365 and Edge that may alter the message but I in this case, I can’t avoid that.

Thanks,

Muhammad

Libin Varghese · ‎03-23-2017

Hi Muhammad,

In order to allow inbound/outbound emails through the ESA, you would need to confirm if you have dedicated IP's from the O365 servers or if they are dynamic/shared.

All connections coming to the ESA would match the HAT sender groups first based on the sending server IP/hostname, sender group with relay action is considered outbound while all others are considered inbound.

All connections leaving the ESA would use SMTP routes or DNS to deliver emails to the next hop.

So based on your requirement of email flow you would need to add IP's to the HAT sendergroup and SMTP routes for emails inbound and outbound.

I wasn't able to locate any specific article for the same, since the configuration would vary depending on the specific requirement of the organization.

Thank You!
Libin Varghese