Manual setup

NOTE: If you cannot forward outgoing emails via port 25, it is also possible to use port 587. Note that STARTTLS is required on port 587.

Displaying tenant-specific TLS and domain names

To display the TLS and domain names required for your tenant, proceed as follows:

The relevant information is displayed.

Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
Go to Email Flow > Connectors and click Add Connector.
Under Connection from select Partner organization, under Connection to select Office 365 and click Next.
Enter From NoSpamProxy as the name for the connector, optionally add a description, place a check mark next to Activate and click Next.
Select the option By checking whether the sender domain [...], enter * as the sender domain, click the plus sign and then Next.
Tick the check box next to Reject email messages if [...] and And require that [...].
Specify the required TLS subject name for the Exchange inbound send connector, click Next and then Save.
Confirm the selected settings and click Beenden / Finish.

NOTE: Some email servers still have the old MX record in their cache for up to 24 hours. We therefore recommend that you do not activate the restriction to the applicant name until 24 hours after the MX record has been changed. Otherwise it is possible that emails from Exchange Online will be rejected with 5.7.51.

Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
Go to Email Flow > Connectors and click Add Connector.
Under Connection from, select the option Office 365, under Connection with, select the option Partner organisation and click Next.
Enter To NoSpamProxy as the name for the connector, optionally add a description, tick the check box next to Activate and click Next.
Select the option Only when I have a transport rule [...] and click Next.
Select the option Forward emails through these smart hosts, click the plus sign and specify the smarthost on the outbound Exchange send connector.
Click Save and then Next.
Tick the check box next to Always use Transport Layer Security [...] and select the option Issued by a trusted certificate authority (CA).
Tick the box next to Add the subject name or alternative subject name (SAN) [...] and specify the TLS requester for the outgoing Exchange send connector.
Click Next.
Enter one or more email addresses in the following dialogue, click on the plus sign, then click on Check and follow the instructions in the dialogue.

Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
Go to Email flow > Rules.
Click Add a rule and then Create a new rule.
Give the rule the name Outbound mails to NoSpamProxy.
Under Apply this rule if, set the following options:
- The recipient
- is external/internal
- Outside the organisation
Under Proceed as follows, select the option Redirect message to and then The following connector.
Specify the previously created connector To NoSpamProxy and click OK.
Click Next.
Leave the settings for your transport rule unchanged and click Next.
Confirm the selected settings and click Beenden / Finish.

Open your Exchange Admin Centre at https://admin.exchange.microsoft.com/.
Go to Email flow > Rules.
Click Add a rule and then Create a new rule.
Give the rule the name Disable spam filtering for inbound emails.
Under Apply this rule if, set the following options:
- The recipient
- is external/internal
- Outside the organisation
Select the following options under Proceed as follows:
- Change message properties
- Set SCL rating (Spam Confidence Level)
In the following dialogue, select the Bypass spam filtering option under Specify SCL.
Click Save and then Next.
Leave the settings for your transport rule unchanged and click Next and then Finish.