0

On Office 365 (but essentially any Exchange should have similar problem) there are few groups created:

  • Group 1
  • Group 2
  • Group 3

Requirement is that each of those groups should only accept emails sent to them by internal members (authenticated) and sent from specific server outside of Office 365 that is on Linux.

How to configure it so that it works properly?

I’ve thought configure Group to only receive authenticated messages, setting connectors with that Linux server but since relay will be anonymous those groups will deny those emails. I’ve thought of creating a Group that will hold those 3 groups and create a mail rule. However attempts to create proper mail rule failed because while they allowed members to send emails from “approved” domains by using exception they also blocked emails sent directly to users (thru rule the recipient is a member of… where it seems group membership is checked recursively”). I've played around with multiple rules but I couldn't find anything that played just right. I am missing options like "IF NOT from domain..., sent to group, drop email" for the mail rule and usually had to use exceptions. Which didn't cover my scenario.

What’s the proper/suggested way to do this?

enter image description here

MadBoy
  • 3,725
  • 15
  • 63
  • 94

1 Answers1

0

The recommended approach is to use an authenticated account in Office 365. (requires a license, which is probably why it's the recommended approach :P )

https://support.office.com/en-us/article/How-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4

This definitely ensures the "Require Sender Authentication" requirement is met on your Groups.

What you have attempted so far appears to meet Option 3 in the link above.

blaughw
  • 2,267
  • 1
  • 11
  • 17
  • Its not about licenses but about additional server which needs to be able to deliver messages to groups while dissallowing everyone to send to those groups. – MadBoy Mar 09 '17 at 20:12
  • Do you have multiple email domains in your scenario? If so, can you provide some info on this? – blaughw Mar 09 '17 at 20:34
  • Yes. There are multiple domains. Some authorative on Office 365, some only on that linux server. – MadBoy Mar 09 '17 at 20:35
  • There we go. You will need to use a domain that O365 is authoritative for, otherwise I don't think there will ever be a case where the emails will be treated as Authenticated/Inside the Organization. – blaughw Mar 09 '17 at 20:36
  • Well even if o365 is authorative it doesnt change it. Mails sent by linux still will be anonymous and will fail. – MadBoy Mar 09 '17 at 20:39
  • IF you send the email from your Linux servers From: a domain which O365 is configured to use, you can setup a connector (not a Transport Rule) to accept messages from an IP address, or better yet, from a TLS sender with valid cert for the sending domain. (https://technet.microsoft.com/en-US/library/ms.exch.eac.InboundConnector_TlsNameMatchYourOrgServerCert(EXCHG.150).aspx?v=15.1.947.18&l=1&s=BPOS_S_E15_0) – blaughw Mar 09 '17 at 23:36
  • If you use Option 1 in the link, the messages are not anonymous. The problem is, not all applications will support signing in with the Office 365 account. – blaughw Mar 09 '17 at 23:41