Post on 28-May-2020
NoSpamProxy 13.1
Integrating NoSpamProxy into Office 365
• Protection• Encryption• Large Files
ImprintAll rights reserved. This manual and the depicted applications are copyrighted products of Netat Work GmbH, Paderborn, Germany and are subject to change without notice. The informationcontained in this manual does not represent any grounds for liability, warranty or other claims.No part of the publication may be reproduced without prior written permission by Net at WorkGmbH.Copyright © 2019 Net at Work GmbHNet at Work GmbHAm Hoppenhof 32aD-33104 Paderborn
TrademarksMicrosoft®, Windows®, Windows Server 2008®, Windows Server 2012®, Windows Server2012 R2® und Windows Server 2016® are registered trademarks of Microsoft Corporation.NoSpamProxy® is a registered trademark of Net at Work GmbH.
1 October 2019
Contents
1. Introduction ........................................................................................................................... 42. Configuring Microsoft Azure ................................................................................................. 5
Setting up a static IP address for the NoSpamProxy server ................................................ 5Configuring the reverse DNS entry for the NoSpamProxy server ........................................ 5Activating the Azure proxy server for NoSpamProxy ........................................................... 5
3. Enabling Office 365 as relay host ........................................................................................ 74. Setting Up Forwarding to Office 365 .................................................................................. 105. Configuring Office 365 ........................................................................................................ 166. Checking the connector settings ........................................................................................ 237. Creating a transport rule .................................................................................................... 248. Using NoSpamProxy in Office 365 with Exchange Online ................................................. 27
Step 1: Creating an inbound connector for the domain * ................................................... 27Step 2: Creating a transport rule to deactivate the spam filter ........................................... 36
9. Help and support ................................................................................................................ 40
Net at Work GmbH1 October 2019
Introduction
1. Introduction
Since version 10 NoSpamProxy can be fully integrated into Microsoft Office 365. This manual describesthe configuration steps for NoSpamProxy and Office 365 as well as for the server environment used.
Page 4
Configuring Microsoft Azure
2. Configuring Microsoft Azure
After integrating NoSpamProxy into Office 365 and installing NoSpamProxy in Microsoft Azure, emailsare no longer sent through Office 365, but directly through NoSpamProxy. To allow NoSpamProxy tosend emails, you must configure your NoSpamProxy installation in Microsoft Azure accordingly. Thisconfiguration covers three areas.
Setting up a static IP address for the NoSpamProxy server
This is done on the virtual machine in Microsoft Azure on which NoSpamProxy isinstalled.
Open the website portal.azure.com.
Under Home/Virtual Computers, click on the virtual computer on which NoSpamProxy is installed.Go to Network/Network Interfaces/IP Configurations and click on the configuration relevant forNoSpamProxy. Activate the option Public IP Address and click on Create new. Enter a name andselect the option Static.
Click OK.
The IP address is now displayed under the specified name.
Configuring the reverse DNS entry for the NoSpamProxy server
To configure the reverse DNS entry, follow the instructions in the section Configure reverse DNS forservices hosted in Azure of the Microsoft Azure documentation.
If SPF entries (Sender Policy Framework entries) exist, you must enter the IP addressof the NoSpamProxy server as a permitted sender. Alternatively, you can also enter thedomain name proxy.nospamproxy.de.
Activating the Azure proxy server for NoSpamProxy
The NoSpamProxy server cannot send emails via port 25 in Microsoft Azure. In addition, emailaddresses are often blacklisted by Microsoft Azure. For these reasons, we provide our customers with afree proxy server that eliminates these problems.
You must activate this proxy server via the "Gateway Role.config" file. To do this, proceed as follows:
Stop the gateway role.
Page 5
Configuring Microsoft Azure
Go to C:\ProgramData\Net at Work Mail Gateway\_Configuration and open the file GatewayRole.config. Search for the tag <netatwork.nospamproxy.proxyconfiguration>. Add the tag<smtpServicePointConfiguration isProxyTunnelEnabled="true" /> anywhere within the above tag.
The tag <smtpServicePointConfiguration> may already exist. In this case, you only haveto add the attribute.
Page 6
Enabling Office 365 as relay host
3. Enabling Office 365 as relay host
In this step, you allow Office 365 in the NoSpamProxy configuration as relay host. This allows emailsfrom Office 365 to be sent to external communication partners through NoSpamProxy. OtherwiseNoSpamProxy will recognize and reject the email as a relay abuse attempt.
In the NoSpamProxy MMC go to the menu Configuration/Email routing.
Picture 1: Email routing overview page
Under Corporate email servers, click Add.The dialog „Manage corporate email servers“ opens.
Page 7
Enabling Office 365 as relay host
Picture 2: Selecting server identification
As type, select As Office 365 tenant and click Next.
Picture 3: Selecting the endpoint
Make the appropriate selection for your organisational environment under Endpoint.
Then, enter your client ID. Make sure you enter the name of the ID (not the ID in hexadecimal notation).Then click Next.
Page 8
Enabling Office 365 as relay host
Picture 4: Selection of assigned own domains
Under Assigned Owned Domains, select the domains that you have stored in Office 365 and that willappear in the sender address for outbound emails.
If you don't find all domains here, you need to add the missing domains under People and identities/Domains and users/Owned domains. This is also possible at a later date.
Click Next.
If necessary, enter a comment and then click Finish. The email server has been created.
Page 9
Setting Up Forwarding to Office 365
4. Setting Up Forwarding to Office 365
In this step, you configure NoSpamProxy to forward all inbound emails to Office 365. To do this, theinbound send connectors must be edited.
Go to Configuration/Email routing.
Picture 5: Editing the inbound send connectors
Under Inbound send connectors, click Switch to queued delivery .
In the dialog Change delivery, select Replace delivery.
Page 10
Setting Up Forwarding to Office 365
Picture 6: Selecting the connector type
In the following dialog, select Office 365 and click Next.
Page 11
Setting Up Forwarding to Office 365
Picture 7: General settings for the connector
Enter any name for the incoming send connector, then select the gateway role to process emails toOffice 365. Then click on Next.
Page 12
Setting Up Forwarding to Office 365
Picture 8: Selecting the certificate for the client identity
Now enter a certificate for the client identity which NoSpamProxy can use to authenticate itself to theOffice 365 Server.
Click Select certificate.
Page 13
Setting Up Forwarding to Office 365
Picture 9: Selecting from the list of available certificates
In the following dialog, select the certificate created by NoSpamProxy during setup. You can recognizeit by the fact that it contains the host name and is valid for about 50 years. Alternatively, you can selecta TLS certificate that you have purchased in advance from a trusted certificate authority such as D-Trust, SwissSign or GlobalSign. The advantage is that you can select this certificate in the Office 365environment to prevent man-in-the-middle attacks.
Click Select and close.
Page 14
Setting Up Forwarding to Office 365
Picture 10: The certificate for the client identity has been selected
Click Finish. The configuration for NoSpamProxy is now complete.
Page 15
Configuring Office 365
5. Configuring Office 365
In this step you configure the Office 365 client to deliver outgoing emails not directly to the recipientserver, but to NoSpamProxy first.
To do this, log on to your Office 365 client under https://outlook.office365.com/ecp. Use a user withadministrative rights.
Picture 11: The Exchange Admin Center
In the Exchange Admin Center go to Message Flow/Connectors, then click the Plus sign. The wizardfor creating a new connector opens.
Page 16
Configuring Office 365
Picture 12: Choosing the messaging scenario
On the first page, select Office 365 in the From field. In the To field, select the Your organization'semail server. Then click Next. This setting sends outbound emails from the Office 365 client toNoSpamProxy.
Page 17
Configuring Office 365
Picture 13: Creating a new connector
On the next page, enter any name for the connector. Uncheck the box next to "Keep internal Exchangeemail headers (recommended)". Enter a description if required. Then click Next.
Page 18
Configuring Office 365
Picture 14: Settings for the new connector
On the next page, select Only when I have a transport rule set up that redirects messages to thisconnector. Then click Next.
Page 19
Configuring Office 365
Picture 15: Adding a smarthost
On the next page, specify the smarthost you want Office 365 to send the emails to. Enter the name or IPaddress of the server on which the gateway role is installed. Then click Save.
Page 20
Configuring Office 365
Picture 16: Connection encryption settings
Then configure the connection encryption in the following dialog. Always activate the option Always useTransport Layer Security (TLS) to secure the connection (recommended). In the selection dialogbelow, select the item Any digital certificate, including self-signed certificates and click Next.
Page 21
Configuring Office 365
Picture 17: Summary of the information entered
A summary of the information you have entered so far is displayed. Verify that this information is correctand then click Next
Page 22
Checking the connector settings
6. Checking the connector settings
In this step the wizard checks the connector settings. One or more email addresses are required for this.
Enter one or more email addresses that you want to use to check this connector.
Picture 18: Checking the connector
Click Validate. One or more test messages will be sent. Upon completion of the examination you willreceive a result of the examination.
The test message usually fails. You can ignore this at first.
Click Save to close the dialog.
Page 23
Creating a transport rule
7. Creating a transport rule
In this step you create a transport rule.
Picture 19: Creating a transport rule
In the Office 365 administration interface, go to Message Flow/Rules.
Click the plus icon, then select the Create a new rule option. The wizard for creating a new transportrule opens.
Page 24
Creating a transport rule
Picture 20: Customising the behaviour of the rule
Enter any name for the rule.
Under Apply this rule if, set the following options: The recipient is located and Outside theorganization. Then click Add Condition.
Under Do the following, select the option Use the following connector. Select the connector you justset up and click Add action.
If only the option "Persons" is available, click More options. Under Redirect the message to, select thefollowing connector. Then, select the connector you created.
Page 25
Creating a transport rule
Picture 21: Further settings for the new transport rule
Apply the remaining settings as shown in the screenshot, then click Save.
Page 26
Using NoSpamProxy in Office 365 with Exchange Online
8. Using NoSpamProxy in Office 365 with Exchange Online
If you use NoSpamProxy in Office 365 in conjunction with Exchange Online, you must make additionalsettings in your tenant to ensure spam protection.
Step 1: Creating an inbound connector for the domain *
To prevent the delivery of unwanted emails you need to create an inbound connector. This connector willonly allow emails from certain IP addresses for the domain "*", which is either your own email server orNoSpamProxy. A corresponding Partner Connector is required for this.
To create the Partner Connector in Powershell, enter the following:
# Request login data for Office 365 Exchange Online $UserCredential = Get-Credential
# Instance Remote PowerShell Session $Session = New-PSSession ` -ConfigurationName Microsoft.Exchange ` -ConnectionUri https://outlook.office365.com/powershell-liveid/ ` -Credential $UserCredential ` -Authentication Basic ` -AllowRedirection
# Importing CMDLets Import-PSSession $Session
# Creating Connector New-InboundConnector ` -Enable $True ` -Name "Inbound only from Antispamrelay" ` -SenderDomains * ` -RestrictDomainsToIPAddresses:$true ` -RequireTls:$true ` -SenderIPAddresses[ServerOnWhichTheGatewayRoleIsInstalled]
Remove-PSSession $Session
You can also provide the certificate of the sending gateway instead of the IP address.
To create the Partner Connector using the Exchange Control Panel, proceed as follows:
Page 27
Using NoSpamProxy in Office 365 with Exchange Online
Picture 22: Connecting the partner organisation to Office 365
Go to Message Flow/Connectors and click the Plus sign.
Page 28
Using NoSpamProxy in Office 365 with Exchange Online
Picture 23: Adding name and description of the connector
In the dialog box, select Partner organization and Office 365. Then click Next.
Page 29
Using NoSpamProxy in Office 365 with Exchange Online
Picture 24: Determining the identification of the partner organisation
In the New Connector dialog, enter a name for the connector. Add a description if necessary. Leave thecheckbox next to Switch on ticked. Then click Next.
Page 30
Using NoSpamProxy in Office 365 with Exchange Online
Picture 25: Adding the partner domain
In the following dialog box, select Use sender domain. Then click Next.
Page 31
Using NoSpamProxy in Office 365 with Exchange Online
Picture 26: The domain *
On the following page, click the Plus sign.
Page 32
Using NoSpamProxy in Office 365 with Exchange Online
Picture 27: Entering the domain *
Enter star ("*") as the domain name. Then click OK. On the next page, click Next.
Page 33
Using NoSpamProxy in Office 365 with Exchange Online
Picture 28: Rejecting emails that do not originate from *
On the next page, check reject emails if they are not sent from this address range. Click on Next.
Page 34
Using NoSpamProxy in Office 365 with Exchange Online
Picture 29: Adding the IP address of the gateway role
In the dialog Add IP address enter the address of the server on which the gateway role is installed.Click OK.
Page 35
Using NoSpamProxy in Office 365 with Exchange Online
Picture 30: Summary of the information entered
You will receive a summary of the information provided by you. Check the information for accuracy andclick OK.
The new connector now appears under Message Flow/Connectors.
Step 2: Creating a transport rule to deactivate the spam filter
Go to Message Flow/Rules.
Page 36
Using NoSpamProxy in Office 365 with Exchange Online
Picture 31: Creating a rule to bypass spam filtering
Click the Plus sign and select Bypass spam filtering from the drop-down menu.
Enter a name for the rule.
Page 37
Using NoSpamProxy in Office 365 with Exchange Online
Picture 32: Specifying the address range to which the rule applies
Under Apply this rule if, select the option Sender and then IP is in one of these ranges or matchesexactly with.
Picture 33: Specifying the IP address of the gateway role
Page 38
Using NoSpamProxy in Office 365 with Exchange Online
In the Specify IP address ranges dialog specify the IP address of the server on which the gateway roleis installed.
Click the Plus sign/Add, then click OK. Then click Save.
The rule is now set up. Spam protection for using NoSpamProxy in Office 365 with Exchange Online isactive.
Page 39
Help and support
9. Help and support
Net at Work offers many forms of help and support for the installation and the operation ofNoSpamProxy.
• Training videosTraining videos provide an overview of different areas and include step-by-step configurationtutorials as well as practical examples.
• BlogThe Blog provides daily updated alerts for new product versions, suggested changes to yourconfiguration, warnings on compatibility issues and more help. To make sure you do not missany important advice, you can also find the latest news from the blog on the start page of theNoSpamProxy configuration console.
• Knowledge BaseThe Knowledge Base contains additional information on specific issues.
• SupportIf you require additional support, please visit our support website.
Page 40