Issue:
Customer is migrating mail to Office 365 and wants to keep our spam filtering solution. This assumes you are using the latest 365 Exchange Admin Center not classic view
Resolution:
Preparation
You will need to ensure the Office 365 tenant is listed as a recipient host under the customers configuration in the MyVSL portal. Once the tenant address is listed here it will also be able to accept outbound email from that address, if you wish to send mail through the filter also.
You will have to disable SPF checking on the customers Office 365 tenant, as the mail will be coming through our service this can sometimes cause email to be blocked by Office 365 and is not required, as we will already be doing an SPF check against the original sender.
The setting is located at Microsof 365 Defender admin center > Email & Collaboration > Policies & Rules > Threat policies > Anti-Spam Policies >Anti-Spam Inbound Policy > set SPF record: hard fail: off
We also recommended that you lock down your inbound email flow in Office 365 to only allow mail from Vitanium IP addresses (109.74.248.0/26 & 109.74.252.0/26). This requires you to create a receive connector in Office 365 and a guide for this is below.
Lock Down Inbound Mail Flow
1. Log on to the Office 365 Exchange Admin Console.
2. Click on the Mail flow menu item.
3. Click on the Connectors link. Your connectors are displayed.
4. Click on the + icon.
5. Complete the Select Your Mail Flow Scenario dialog as follows:
Field Option
From Partner organization
To Office 365
The text at the bottom of the wizard changes to, “Creating a connector is optional for this mail flow scenario. Create a connector only if you want to enhance security for the email messages sent between your partner organization or service provider and Office 365. You can create multiple connectors for this scenario, each applying to different partner organizations or service providers”
6. Click the Next button.
7. Change the connector's name to Vitanium to Office 365.
8. Click the Next button.
9. Select the Use the Sender's Domain option in the "How do you want to identify the partner organization?” dialog.
10. Click the Next button.
11. Click on the + icon to add the * as the domain.
12. Click on the OK button.
13. Click the Next button.
14. Leave the Reject Email Messages if They Aren't Sent Over TLS option with the default value on the “What security restrictions do you want to apply?” dialog. We will send the message on to Office 365 with Opportunistic TLS.
15. Select the Reject email messages if they aren't sent from within this IP address range option.
16. Click on the + icon to add the Vitanium IP address ranges 109.74.248.0/26 & 109.74.252.0/26.
17. Click the Next button.
18. A summary page is displayed. Check this to ensure it has all the correct information.
19. Click the Save button.