[exim] Fwd: Re: Office 365 and Exim sharing a domain

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andy Bennett
Date:  
À: exim-users@exim.org
Sujet: [exim] Fwd: Re: Office 365 and Exim sharing a domain
Hi,

Forwarding for the benefit of the list.

-------- Original Message --------
Subject: Re: [exim] Office 365 and Exim sharing a domain
Date: Thu, 20 Feb 2014 17:11:45 +0000
From: Andy Bennett <andyjpb@???>
To: Gary Stainburn <gary.stainburn@???>

Hi,

> Thanks for the post. Any help would be greatly appreciated.
>
> I've got mail reciption working as I simply use my main EXIM server us an
> alias lookup to convert gary.stainburn@??? to
> gary.stainburn@??? and relay the message. This was a doddle to
> set up.


I use table that looks up the "backend" server based on local part
rather than an alias, but I'm not sure that it matters on the exim side.


> I have managed to add the ringways.co.uk domain to the O365 setup and have
> configured my users to use that when sending emails. This works fine if
> sending emails to any address that is not within the ringways.co.uk domain.
>
> If I send an email to an existing user in O365 the email gets delivered
> without ever touching my servers, i.e. internally within O365.
>
> If I try to send an email to a non O365 user, i.e. a user on my EXIM setup,
> the email fails with '550 5.1.1 RESOLVER.ADR.RecipNotFound; not found' being
> generated by an Outlook.com server.
>
> This is what I would expect, and what I would want if I only had one server.
> What I need to do is have O365 use my server for those accounts that don't
> exist locally.
>
> It would be sufficient if it sent *all* emails to my server, as they would
> simply then get bounced back.
>
> Any suggestions?


Sorry for the late reply!

Log in at
http://portal.microsoftonline.com/

Click "service settings" in the menu on the left.

Click "Custom mail rules" in "mail flow" in the main content area.

Add a rule "whitelist <name of my exim MX>" that sets the spam
confidence level to -1 for your MX IP address in "Rule mode" "Enforce".
This will make it respect your MX and not filter bounces.

Click "connectors" in the menu bar near the top of the content area.

Define an entry in "Inbound Connectors" called "<fqdn of exim MX>" with
"Connector Type" "On-premises". In "security" it should have "None" for
"Domain Restrictions". In "scope" it should have "*" in "Sender domains"
and the IP address of your MX in "Sender IP addresses" and your domain
in "Associated accepted domains".


That's how we've got things set up and when someone sends mail using the
O365 infrastructure to an address in our domain that it doesn't know
about (i.e. an alias or non-O365 mail box) O365 will send the message to
our MX which will then route it or bounce it. We do *all* our MX in
exim, including spam stuff so we definitely want the spam policy on O365
to be off, but you'd also want it to be off to ensure that bounces
generated in exim which don't contain the O365 BATV token get accepted
into O365 mailboxes.

I've been careful to only configure actual mailboxes in O365 so that
there's a single, complete and authoritative set of aliases on the exim
MX. On the exim side we have a list of mailbox local-parts along with
their backends as well as a list of aliases and what they resolve to.
This ensures we don't get any "split brain" behaviour where the
available local-parts@ourdomain are different depending on who is
sending mail from where.



Once again, sorry for the late reply.
Let me know if you need any more tips and don't worry about prodding me
if I don't respond in a timely way.




Regards,
@ndy

--
andyjpb@???
http://www.ashurst.eu.org/
0x7EBA75FF