We often get request from customers to control mail flow routing in a hybrid deployment, for various compliance requirements. Achieving the desired routing greatly depends on where the MX record is p...
Updated Aug 17, 2022
Version 4.0
Blog Post
8 MIN READ
Advanced Office 365 Routing: Locking Down Exchange On-Premises when MX points to Office 365
Denis_Signorelli Thanks for your prompt response and for this workaround 🙂,
Please see the following PowerShell command which I used to configure the transport rule on On prmeise Exchange Server (2016).
So far I have confirmed following is working.
- Email Only from 'YourDomain' is accepted. other emails are rejected from non authorized O365 Tenant.
- SMTP Relay emails working as expected sent via a Custom Receive connector (before it was not working).
- Calender invites and delegates not tested yet.
Command below - Please replace 'YourDomain' with your actual domain. Also add all accepted domains if needed (not sure if this is needed).
I am using PowerShell Splatting for better readablity
$transportRuleName = 'Accept Only [YourDomain] O365 Emails on Hybrid Connector'
$RejectMessage = 'Direct email relay is not allowed. Please use MX to relay your emails.'
$header = 'X-OriginatorOrg'
$HeaderWords=@(
'YourDomain.com'
'YourDomain.mail.onmicrosoft.com'
'YourDomain.onmicrosoft.com'
)
$paramNewTransportRule = @{
Name = $transportRuleName
HeaderMatchesMessageHeader = $header
HeaderMatchesPatterns = '$'
RejectMessageReasonText = $RejectMessage
ExceptIfHeaderContainsMessageHeader = $header
ExceptIfHeaderContainsWords = $HeaderWords
Enabled = $true
StopRuleProcessing = $true
Mode = 'Enforce'
SetAuditSeverity = 'High'
}
New-TransportRule @paramNewTransportRule
Denis_Signorelli Can you pelase advise if there are any other caveats or considerations to use this solution ?