0

A customer of mine recently moved its mail infrastructure on Office365 and Outlook on the web. All is working properly, but we have a problem with automatically sent log/alert email.

Basically, we have a number of servers/printers/firewalls/switches configured to send alert log using user@host.domain.com as sender (for example, root@test.example.com. Not all of these senders support SMTP auth and/or SSL (some are very old).

Until now, using an internal mail server, we simply had to whitelist the internal host IP to enable unauth mail relay. However, Outlook is now marking these email as spam/junk.

As each email contain a predictable subject, with well defined words (which we use to fine filtering our logs), I thought to use incoming mail filter rules to mark as "clean" or "not spam". However, I can not find such an option (conversely, I found the "mark as spam" action).

My question are:

  • it is possible, by using Office365 with Outlook on the web, to mark an email as "not junk"? If so, how can I do that?

  • if it is not possible, there are any other methods (short of manually set each sender as a trusted one) to accomplish something similar to what I need?

  • any additional ideas?

Thanks.

shodanshok
  • 47,711
  • 7
  • 111
  • 180

1 Answers1

1

You will need to configure your SPF record to include the public IP address of the on-premise SMTP relay server.

From the link below:

Bypasses antispam for Direct send/SMTP Relay: No. Suspicious emails might be filtered. We recommend a custom Sender Policy Framework (SPF) record

https://support.office.com/en-us/article/How-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4

Here's a good article on how to configure your SPF records:

https://technet.microsoft.com/en-us/library/dn789058(v=exchg.150).aspx

Noor Khaldi
  • 3,869
  • 3
  • 19
  • 28
  • I would prefer to not touch the SPF record, for a simple reason: enabling the public IP addresses of our main site means that *any* infected PC can (legitimately!) send big amount of spam. Sure I can work around that, by using a dedicated public IP address for a "private" SMTP relay used by our servers/devices only, but this open other security concerns by itself. In the meantime, I found that simply marking those emails as "not spam" was sufficient to correctly train Outlook's antispam, so they are not marked as spam anymore. – shodanshok Dec 11 '17 at 08:35
  • Anyway, thanks for the useful links and your correct reply. I'm marking it as the accepted answer. – shodanshok Dec 11 '17 at 08:36