Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12125
Views
0
Helpful
5
Replies

Moving to Office365 but keeping IronPort Appliances

Jason Meyer
Level 1
Level 1

‎07-15-2011 09:26 AM

We are moving our internal e-mail system to Office365 and I'm starting to plan the mail routing.  Basically all inbound and outbound e-mail will still go through our IronPort appliances.  

Outbound e-mail doesn't look too bad, but I'm wondering about what the best way to allow Office365 to relay e-mail out through our appliances. 

-Should I setup a new listener

-Should I setup a content filter on an existing listener/policy that skips all other filters

Right now I'm leaning towards setting up a new listener for them to relay e-mail out through...   any words of advice or thoughts?

Jason

4 people had this problem
Labels:
0 Helpful
5 Replies 5

viahmed
Cisco Employee
Cisco Employee

‎07-15-2011 11:06 AM

Hi Jason,

Configuring a separate listener to relay outbound emails is always a good choice since you can apply different rules/policies based on it. As per as relaying is concern, IronPort only needs IP/hostname of the relaying server to be added in the sender group'RelayList' which will be using a mail flow policy with behaviour 'relay'.

Hope this helps!

Regards,

Viquar

Customer Support Engineer

0 Helpful

Jason Meyer
Level 1
Level 1
In response to viahmed

‎07-23-2011 03:41 PM

Thanks Viquar, this makes sense to me.  I will give it a go and reach out to you if I have further questions.

Jason

0 Helpful

hendzej
Level 1
Level 1
In response to viahmed

‎04-10-2013 09:46 AM

I have been trying to figure out how to get IronPort to allow relaying messages from our Office 365 domain. I have added our 365 domain to the HAT, but that did not work. I have looked in the log for the rejected messages, and tried adding the onmicrosoft.com domain as well as the outlook.com domains that show up in the log, but they do not work either. Any info on how to best set this up?

Thanks, John

0 Helpful

Jason Meyer
Level 1
Level 1
In response to hendzej

‎04-10-2013 02:32 PM

When we were trying Office365 Microsoft gave me a list of IP addresses that they 'could' use to route e-mail from Office365.   So I added those to the HAT for the listener that was on my EXTERNAL network interface.   My EXTERNAL network interface listeners were all named INBOUNDMail____ so it was a little counter intuitive but if you think where the e-mail is coming from (Office365) it makes sense.

One word of caution, if you have a Office365 tennant and an Exchange 2010 ON-Premise environment be careful of putting your IronPort appliances in between the two environments.   That is exactly what we did (because we didn't want to expose an Exchange HUB server to the Internet) and ran into a lot of issues.  Like, e-mails that were .BCC exposed the .BCC recipients in the headers (had to write a content filter to strip .bcc headers off of e-mails).   E-mails from Office365 users to on-premise Exchange 2010 users and vice versa appeared to come from an external organization.  Timestamps were all over the place and not accurate for a users.

Good Luck!

0 Helpful

hendzej
Level 1
Level 1
In response to Jason Meyer

‎04-11-2013 10:27 AM

Thank you! This information will help a lot. I will put in a ticket with Microsoft to find out what the range of IPs for our tennant should be. Currently the plan is to have all the email accounts in the cloud.

Thanks again!

0 Helpful
Customers Also Viewed These Support Documents