Manual setup

NOTE: If you cannot forward outgoing emails via port 25, it is also possible to use port 587. Note that STARTTLS is required on port 587.

Displaying tenant-specific TLS and domain names

To display the TLS and domain names required for your tenant, proceed as follows:

  1. Go to Configuration > Office 365.
  2. Select your Office 365 tenant.
  3. Click Show Exchange configuration.

The relevant information is displayed.

Creating an inbound connector

  1. Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
  2. Go to Email Flow > Connectors and click Add Connector.
    Adding connectors
  3. Under Connection from select Partner organization, under Connection to select Office 365 and click Next.
    Mail flow scenario
  4. Enter From NoSpamProxy as the name for the connector, optionally add a description, place a check mark next to Activate and click Next.
    Add name and description
  5. Select the option By checking whether the sender domain [...], enter * as the sender domain, click the plus sign and then Next.

  6. Tick the check box next to Reject email messages if [...] and And require that [...].

  7. Specify the required TLS subject name for the Exchange inbound send connector, click Next and then Save.
    Requesting TLS encryption
  8. Confirm the selected settings and click Beenden / Finish.

    NOTE: Some email servers still have the old MX record in their cache for up to 24 hours. We therefore recommend that you do not activate the restriction to the applicant name until 24 hours after the MX record has been changed. Otherwise it is possible that emails from Exchange Online will be rejected with 5.7.51.


Creating an outbound connector

  1. Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
  2. Go to Email Flow > Connectors and click Add Connector.
    Adding connectors
  3. Under Connection from, select the option Office 365, under Connection with, select the option Partner organisation and click Next.

    Mail flow scenario
  4. Enter To NoSpamProxy as the name for the connector, optionally add a description, tick the check box next to Activate and click Next.

    Add name and description
  5. Select the option Only when I have a transport rule [...] and click Next.

    Transport rule
  6. Select the option Forward emails through these smart hosts, click the plus sign and specify the smarthost on the outbound Exchange send connector.
    Adding a smarthost
  7. Click Save and then Next.
  8. Tick the check box next to Always use Transport Layer Security [...] and select the option Issued by a trusted certificate authority (CA).
  9. Tick the box next to Add the subject name or alternative subject name (SAN) [...] and specify the TLS requester for the outgoing Exchange send connector.
    Requesting TLS encryption
  10. Click Next.
  11. Enter one or more email addresses in the following dialogue, click on the plus sign, then click on Check and follow the instructions in the dialogue.

Creating a transport rule

  1. Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
  2. Go to Email flow > Rules.
  3. Click Add a rule and then Create a new rule.
    Adding a rule
  4. Give the rule the name Outbound mails to NoSpamProxy.

  5. Under Apply this rule if, set the following options:
    • The recipient
    • is external/internal
    • Outside the organisation

  6. Under Proceed as follows, select the option Redirect message to and then The following connector.
    Redirect to connector
  7. Specify the previously created connector To NoSpamProxy and click OK.

  8. Click Next.
  9. Leave the settings for your transport rule unchanged and click Next.
  10. Confirm the selected settings and click Beenden / Finish.

Disabling spam filtering by Office 365

  1. Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
  2. Go to Email flow > Rules.
  3. Click Add a rule and then Create a new rule.
    Adding a rule
  4. Give the rule the name Disable spam filtering for inbound emails.
  5. Under Apply this rule if, set the following options:
    • The sender
    • is external/internal
    • Outside the organisation
  6. Select the following options under Proceed as follows:
    • Change message properties
    • Set SCL rating (Spam Confidence Level)
  7. In the following dialogue, select the Bypass spam filtering option under Specify SCL.
  8. Click Save and then Next.
  9. Leave the settings for your transport rule unchanged and click Next and then Finish.

Displaying tenant-specific TLS and domain names

To display the TLS and domain names required for your tenant, proceed as follows:

  1. Go to Configuration > Office 365.
  2. Select your Office 365 tenant.
  3. Click Show Exchange configuration.

The relevant information is displayed.

Creating an inbound connector

  1. Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
  2. Go to Email Flow > Connectors and click Add Connector.
    Adding connectors
  3. Under Connection from select Your organization's email server, under Connection to select Office 365 and click Next.

  4. Enter From NoSpamProxy as the name for the connector, optionally add a description, place a check mark next to Activate and click Next.
    Add name and description
  5. Specify the required TLS subject name for the Exchange inbound send connector, click Next and then Save.
    Requesting TLS encryption
  6. Confirm the selected settings and click Beenden / Finish.
  7. Open https://security.microsoft.com/.
  8. Go to Email & collaboration > Policies and rules > Threat policies > Enhanced filtering (for Connectors).
  9. Click the connector From NoSpamProxy (without Protection).
  10. Configure the following options:
    • Automatically detect and skip the last IP address
    • Apply to entire organization
  11. Click Save.

    12. NOTE: Some email servers still have the old MX record in their cache for up to 24 hours. We therefore recommend that you do not activate the restriction to the applicant name until 24 hours after the MX record has been changed. Otherwise it is possible that emails from Exchange Online will be rejected with 5.7.51.

Creating an outbound connector

  1. Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
  2. Go to Email Flow > Connectors and click Add Connector.
    Adding connectors
  3. Under Connection from, select the option Office 365, under Connection with, select the option Your organization's email server and click Next.

  4. Enter To NoSpamProxy as the name for the connector, optionally add a description, tick the check box next to Activate and click Next.

    Add name and description
  5. Select the option Only when I have a transport rule [...] and click Next.

    Transport rule
  6. Specify one or more smart hosts to which Office 365 will send email messages.
    Adding a smarthost
  7. Click Next.
  8. Tick the check box next to Always use Transport Layer Security [...] and select the option Issued by a trusted certificate authority (CA).
  9. Tick the box next to Add the subject name or alternative subject name (SAN) [...] and specify the TLS requester for the outgoing Exchange send connector.
    Requesting TLS encryption
  10. Click Next.
  11. In the following dialog, enter one or more email addresses, click Check and follow the instructions in the dialog.

Creating a transport rule: Accepting emails from the inbound NoSpamProxy Cloud connector

  1. Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
  2. Go to Email flow > Rules.
  3. Click Add a rule and then Create a new rule.
    Adding a rule
  4. Give the rule the name From NoSpamProxy (without Protection).
  5. Under Apply this rule if, set the following options:
    • The message headers...
    • includes any of these words
  6. Click Enter text and enter the value X-NoSpamProxy-Office365Identification.
  7. Click Enter words and enter the required value for the header. See How do I find the required value for the header?
  8. Under Do the following, set the options Modify the message properties and Remove a message header and enter the value X-NoSpamProxy-Office365Identification.
  9. Under Except if, set the options The message properties and include the message type and enter the value Automatic reply. The dialog should now look like this:
  10. Click Next and tick the Stop processing more rules box.
  11. Leave the other settings for this transport rule unchanged and click Next.
  12. Confirm the selected settings and click Finish.

Creating a transport rule: Route outbound emails to NoSpamProxy

  1. Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
  2. Go to Email flow > Rules.
  3. Click Add a rule and then Create a new rule.

    Adding a rule
  4. Give the rule the name Outbound Mails to NoSpamProxy (without Protection).
  5. Under Apply this rule if, set the following options:
    • The recipient
    • is external/internal
    • Outside the organization
  6. Under Proceed as follows, set the options Redirect message to and the following connector and specify the previously created connector To NoSpamProxy.
  7. Also under Do the following, click the plus sign and select the options Modify the message properties and set a message header.
  8. Click Enter text and enter the value X-NoSpamProxy-Office365Identification.
  9. Click Enter words and enter the required value for the header. See How do I find the required value for the header?
  10. Under Except if, set the options The message properties and include the message type and enter the value Automatic reply. The dialog should now look like this:

  11. Click Next and tick the Stop processing more rules box.
  12. Leave the other settings for this transport rule unchanged and click Next.
  13. Confirm the selected settings and click Finish.

Creating a transport rule: Route inbound emails to NoSpamProxy

  1. Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
  2. Go to Email flow > Rules.
  3. Click Add a rule and then Create a new rule.

    Adding a rule
  4. Give the rule the name Inbound Mails to NoSpamProxy (without Protection).
  5. Under Apply this rule if, set the following options:
    • The recipient
    • is external/internal
    • Inside the organization
  6. Click the plus sign and also set the following options under Apply this rule if:
    • The sender
    • is external/internal
    • Outside the organization
  7. Under Do the following, set the options Redirect message to and the following connector and specify the previously created connector To NoSpamProxy.
  8. Also under Do the following, click the plus sign and select the options Modify the message properties and set a message header.
  9. Click Enter text and enter the value X-NoSpamProxy-Office365Identification.
  10. Click Enter words and enter the required value for the header. See How do I find the required value for the header?
  11. Under Except if, set the options The message properties and include the message type and enter the value Automatic reply. The dialog should now look like this:

  12. Leave the settings for this transport rule unchanged and click Next.
  13. Confirm the selected settings and click Finish.

How do I find the required value for the header?

  1. Go to Configuration > Office 365.
  2. Select your Office 365 tenant.
  3. Click Show Exchange configuration.
  4. (Optional) Copy the required value for the header to the clipboard.
  5. Click Close.

NOTE: Note your existing Exchange configuration. These instructions change the email traffic without restrictions.