Using NoSpamProxy in Microsoft 365 with Exchange Online

If you use NoSpamProxy® in Microsoft 365 in conjunction with Exchange Online, you must make additional settings in your tenant to ensure spam prevention.

Step 1: Creating an inbound connector for the domain *

To stop the delivery of unwanted emails from the Internet, create an inbound connector. This connector allows for the domain * only emails from specific IP addresses, i.e. your own email server or NoSpamProxy. A corresponding partner connector is required for this.

To create the partner connector in PowerShell, type the following:

New-InboundConnector

-Name "AcceptOnlyEMailsFromThisServer<NoSpamProxy>"

-ConnectorType Partner

-SenderDomains *

-RestrictDomainsToCertificate $true

-TlsSenderCertificateName <TheCertificatePreviouslyCreatedAndSelected>

-AssociatedAcceptedDomains <AllDomainsListedUnderCorporateDomainsAndUsedInTheOffice365Tenant>

WARNING: To ensure spam protection through NoSpamProxy®, you must route all inbound email traffic through NoSpamProxy and address Microsoft 365 exclusively through NoSpamProxy using a dedicated connector. Otherwise, it is possible that the anti-spam functionalities of NoSpamProxy and Exchange Online Protection (EOP) will interfere with each other. We strongly recommend that you make the following setting, otherwise the security and stability of your configuration cannot be guaranteed.

TIP: Instead of the IP address, you can also store the certificate of the supplying gateway.

To create the partner connector via the Exchange Control Panel, proceed as follows:

  1. Go to Mail flow > Connectors and click the plussign.
    Creating a partner connector
  2. In the dialog box, select Partner organization and Office 365, and then click Next.
    Adding name and description
  3. In the New Connector dialog, enter a name for the connector and add a description if required. Leave the check mark next to Switch on. Then click Next.
    Determining the identification of the partner organisation
  4. In the following dialog box, select Use the sender's domain and click Next.
    Adding the partner domain
  5. Click the plussign in the following dialog box.
    The domain *
  6. Enter an asterisk ("*") as the domain name. Then click OK and on the following page Next.
    Adding the domain *.
  7. On the following page, tick the check box Reject email messages if they aren't sent from within this IP address. Click Next.
    Rejecting emails that are not from *.
  8. In the dialogue Add IP address, enter the address of the server on which the gateway role is installed. Click OK.
    Adding the IP address of the Gateway Role
  9. Verify that the information in the summary is correct and click OK.
    Summary of the information

The new connector now appears under Mail flow > Connectors.

Step 2: Creating a transport rule to deactivate the spam filter

  1. Go to Mail flow > Rules.
  2. Click the plussign .
  3. Select Bypass spam filtering from the drop-down menu.
  4. Give the rule a name.
    Specifying a rule to bypass spam filtering
  5. Under Apply this rule if select if the option Sender and then IP is in any of these ranges or exactly matches.
    Setting the address range to which the rule applies
  6. In the Specify IP address ranges dialog, specify the IP address of the server on which the Gateway Role is installed.
    Specifying the IP address of the Gateway Role
  7. Click the plus sign and then click OK.
  8. Click Save.

The rule is now set up. Spam protection for the use of NoSpamProxy in Microsoft 365 with Exchange Online is ensured.

Next steps

Now continue with the following steps:

Necessary configurations for the operation in Microsoft Azure