Forum Discussion
Securing mailflow in the hybrid configuration
If your MX is pointing to on-prem, internet senders and O365 users outside of your tenant will not be hitting the connector. Generally speaking, you can restrict the connector to only specific domain, or even scope it based on a transport rule (for example with the "sender is internal" condition), but it should not be needed in your scenario.
I wish I could agree with you :) We've set up a custom outbound connector in another tenant which points to the Edge server. At this case emails are delivered. Is it possible to filter inbound messages only from a specific domain?
- Receive connectors can't filter by domain. You're also already filtering by domain by way of "Accepted Domains".
If someone tries to send you an email to a domain that's not on that list, exchange is going to reject it regardless whether it's coming from.Thanks for the replies, but that's not what I'm trying to achieve. It's about the senders not recipients domain . I 've had to use Exchange Edge as a SMTP gateway in the perimeter network, because putting non-exchange SMTP server between Exchange on-premise and Exchange Online it's not supported. It's against the company policy to allow the Ex Edge in the perimeter to accept from "non-authorized" organization which is only the companys tenant nad not the others. If I create a custom Outbound connector in the another tenant and points it to the Edge server then emails are received :( I found a header X-MS-Exchange-CrossTenant-id which could help. Do you know anything about this?
Thanks in advance.
D.
- I think what you're trying to do is impossible because of the shared nature of Office365. You would have to create a Receive connector with only the IPs you want to accept connections from, but since those IPs are shared it won't help you in this case.
I looked at that CrossTenant-ID and it seems to be Tenant ID of the person receiving the email not the sender, so I don't think it's going to help in this case.
