Using NoSpamProxy in Microsoft 365 with Exchange Online

If you use NoSpamProxy® in Microsoft 365 in conjunction with Exchange Online, you must make additional settings in your tenant to ensure spam prevention.

Step 1: Creating an inbound connector for the domain *

To stop the delivery of unwanted emails from the Internet, create an inbound connector. This connector allows for the domain * only emails from specific IP addresses, i.e. your own email server or NoSpamProxy. A corresponding partner connector is required for this.

To create the partner connector in PowerShell, type the following:

New-InboundConnector

-Name "AcceptOnlyEMailsFromThisServer<NoSpamProxy>"

-ConnectorType Partner

-SenderDomains *

-RestrictDomainsToCertificate $true

-TlsSenderCertificateName <TheCertificatePreviouslyCreatedAndSelected>

-AssociatedAcceptedDomains <AllDomainsListedUnderCorporateDomainsAndUsedInTheOffice365Tenant>

WARNING: To ensure spam protection through NoSpamProxy®, you must route all inbound email traffic through NoSpamProxy and address Microsoft 365 exclusively through NoSpamProxy using a dedicated connector. Otherwise, it is possible that the anti-spam functionalities of NoSpamProxy and Exchange Online Protection (EOP) will interfere with each other. We strongly recommend that you make the following setting, otherwise the security and stability of your configuration cannot be guaranteed.

TIP: Instead of the IP address, you can also store the certificate of the supplying gateway.

To create the partner connector via the Exchange Control Panel, proceed as follows:

  1. Go to Email Flow > Connectors and click Add Connector.
    Creating a partner connector
  2. In the dialog box, select Partner organization and Office 365, and then click Next.
    Adding name and description
  3. In the New Connector dialog, enter a name for the connector and add a description if required. Leave the tick next to Activate. Then click Next.
    Determining the identification of the partner organisation
  4. In the following dialogue window, select the option By checking whether the sender domain [...].
    Adding the partner domain
  5. Enter an asterisk ("*") as the domain name and then click on the plus sign
    Adding the domain *.
  6. On the following page, tick the Reject emails if they are not sent from this address range box, enter the IP address of the server on which the Gateway Role is installed and click the plus sign.
    Adding the IP address of the Gateway Role
  7. Verify that the information in the summary is correct and click OK.
    Summary of the information

The new connector now appears under Email flow > Connectors.

Step 2: Creating a transport rule to deactivate the spam filter

  1. Go to Email flow > Rules.
  2. Click Add a rule and then Create a new rule.
  3. Give the rule a name.
    Specifying a rule to bypass spam filtering
  4. Under Apply this rule, select if the option The sender and then IP is in one of these ranges or matches exactly.
    Setting the address range to which the rule applies
  5. In the Specify IP address ranges dialogue, enter the IP address of the server on which the gateway role is installed, click Add and then Save.
    Specifying the IP address of the Gateway Role
  6. Select the following options under Proceed as follows:
    • Change message properties
    • Set SCL rating (Spam Confidence Level)
  7. In the following dialogue, select the Bypass spam filtering option under Specify SCL.
  8. Click Save and then Next.
  9. Leave the settings for your transport rule unchanged and click Next and then Finish.

The rule is now set up. Spam protection for the use of NoSpamProxy in Microsoft 365 with Exchange Online is ensured.

Next steps

Now continue with the following steps:

Necessary configurations for the operation in Microsoft Azure