Forum Discussion

Dušan Řezníček's avatar
Dušan Řezníček
Copper Contributor
Sep 27, 2016

Securing mailflow in the hybrid configuration

Hello, I'm looking for some help. I'm facing the customer's security department. We plan to configure hybrid configuration in our current Exchange 2010 deployment to ensure a smooth migration to Off...
exchange online
Exchange Server
hybrid
office 365
Dušan Řezníček's avatar
Dušan Řezníček
Copper Contributor
Sep 27, 2016

I'm talking about the red line which shows the SMTP between EO and on-prem. Basicaly We need to set up the receive connector on the Edge servers to not accepts emails from any other tenant exepct our. Is that clear?

  • VasilMichev's avatar
    VasilMichev
    MVP
    Sep 27, 2016

    If your MX is pointing to on-prem, internet senders and O365 users outside of your tenant will not be hitting the connector. Generally speaking, you can restrict the connector to only specific domain, or even scope it based on a transport rule (for example with the "sender is internal" condition), but it should not be needed in your scenario.

    • Dušan Řezníček's avatar
      Dušan Řezníček
      Copper Contributor
      Sep 27, 2016

      I wish I could agree with you :) We've set up a custom outbound connector in another tenant which points to the Edge server. At this case emails are delivered. Is it possible to filter inbound messages only from a specific domain?

      • Eddie Ortega's avatar
        Eddie Ortega
        Copper Contributor
        Sep 27, 2016
        Receive connectors can't filter by domain. You're also already filtering by domain by way of "Accepted Domains".

        If someone tries to send you an email to a domain that's not on that list, exchange is going to reject it regardless whether it's coming from.

Resources