Forum Discussion

markspoonman's avatar
markspoonman
Copper Contributor
Mar 26, 2017

Use EOP in Hybrid for incoming and outgoing mailflow

Hello,

we are in the middle of a hybrid setup between local Exchange 2013 and Office 365. All mail from local exchange mailboxes is routet to the Internet via 3rd party antispam/antivirus appliance. We have configured centralized mail transport for hybrid so all mail from Office 365 mailboxes flows through the on premises exchange organization and then through the 3rd party antispam/antivirus appliance to the internet.


Only 1/3 of mailboxes are migrated.

 

We now need to get rid of the 3rd party antispam/antivirus appliance and want to use EOP completely for incoming (change mx) and outgoing mailflow from either local exchange mailboxes or Office 365 mailboxes.

 

There are good documentations about using EOP for incoming mailflow in hybrid, would work without a problem. But how can we ensure that all outgoing mailflow uses EOP in this hybrid situation? Is this supported, what do we have to do to make it work?

  • Hi Mark,

     

    To archive the mail flow that you want you need to do the following in this order:

    • Change TTL of MX record to 300 sec or 5 min;
    • Review your SPF record to have your ip's addresses and Office 365 protection.outlook.com;
    • Re-run Hybrid Configuration Wizzard to change the mail flow from centralized transport to users on Office 365 send directly from Office 365;
    • Test Mail Flow;
    • Change your Send Connector on Your Exchange Server to send directly to Internet;
    • Test Mail Flow;
    • Change MX record to Office 365;
    • Test Mail Flow;
    • Change the TTL of MX record to 60 min or 3600 sec

     

    Note: You cannot use the EOP to send mails from your on-premises organization is not supported. 

    • markspoonman's avatar
      markspoonman
      Copper Contributor

      First of all, big thanks for replying on this topic.

       

      O.K., so looking at the link Paul provided this seems to be a supported scenario.

       

      Last question would be how to modify local exchange to route all outbound mail through EOP and get rid of the 3rd party antispam-appliance. Hybrid wizard created send connector with scope (tenant.mail.onmicrosoft.com). Other send connector with scope * points to 3rd party antispam-appliance.

       

      So do we have to modify the hybrid send connector with scope * then to route all outbound mail through O365? What would be the value for the smarthost were sending to?

      • NunoAriasSilva's avatar
        NunoAriasSilva
        MVP

        Hi Mark,

         

        You can change your send connector to Internet * pointing to Office 365 (MX) record to route all email to Internet using Office 365 EOP.

         

        The best approach to test you can create new Send Connector, put only one domain that you could test and after test with success change the send connector to all. 

         

  • Vishal Kalal's avatar
    Vishal Kalal
    Brass Contributor

    Hi,

     

    Below are the highlevel steps-

     

    1. First if you have centralized email flow configured in Hybrid Setup, change it to decentralized email flow. In this options, all your emails excpet your accpted domain will be delivered directly from Office 365 for the users whos mailbox's are moved.

     

    2. Add new internet connector which will be sending email to Internet and disable existing internet sending connector, add smart host entry pointing to MX record of your O365 Domain or change your on-premise send connector which is being used for sending email to Internet and add smart host entry point to MX record of your O365 Domain. You don't need connector for sending email out from Office 365 to Internet and verify the functionality for mail flow. You can use Exchange test connectivity analyzer to verify the header of incoming and outgoing emails.

     

    3. Move your MX record to Office 365 to receive emails.

Resources