Hi, Forwarding for the benefit of the list.
-------- Original Message -------- Subject: Re: [exim] Office 365 and Exim sharing a domain Date: Thu, 20 Feb 2014 17:11:45 +0000 From: Andy Bennett <[email protected]> To: Gary Stainburn <[email protected]> Hi, > Thanks for the post. Any help would be greatly appreciated. > > I've got mail reciption working as I simply use my main EXIM server us an > alias lookup to convert [email protected] to > [email protected] and relay the message. This was a doddle to > set up. I use table that looks up the "backend" server based on local part rather than an alias, but I'm not sure that it matters on the exim side. > I have managed to add the ringways.co.uk domain to the O365 setup and have > configured my users to use that when sending emails. This works fine if > sending emails to any address that is not within the ringways.co.uk domain. > > If I send an email to an existing user in O365 the email gets delivered > without ever touching my servers, i.e. internally within O365. > > If I try to send an email to a non O365 user, i.e. a user on my EXIM setup, > the email fails with '550 5.1.1 RESOLVER.ADR.RecipNotFound; not found' being > generated by an Outlook.com server. > > This is what I would expect, and what I would want if I only had one server. > What I need to do is have O365 use my server for those accounts that don't > exist locally. > > It would be sufficient if it sent *all* emails to my server, as they would > simply then get bounced back. > > Any suggestions? Sorry for the late reply! Log in at http://portal.microsoftonline.com/ Click "service settings" in the menu on the left. Click "Custom mail rules" in "mail flow" in the main content area. Add a rule "whitelist <name of my exim MX>" that sets the spam confidence level to -1 for your MX IP address in "Rule mode" "Enforce". This will make it respect your MX and not filter bounces. Click "connectors" in the menu bar near the top of the content area. Define an entry in "Inbound Connectors" called "<fqdn of exim MX>" with "Connector Type" "On-premises". In "security" it should have "None" for "Domain Restrictions". In "scope" it should have "*" in "Sender domains" and the IP address of your MX in "Sender IP addresses" and your domain in "Associated accepted domains". That's how we've got things set up and when someone sends mail using the O365 infrastructure to an address in our domain that it doesn't know about (i.e. an alias or non-O365 mail box) O365 will send the message to our MX which will then route it or bounce it. We do *all* our MX in exim, including spam stuff so we definitely want the spam policy on O365 to be off, but you'd also want it to be off to ensure that bounces generated in exim which don't contain the O365 BATV token get accepted into O365 mailboxes. I've been careful to only configure actual mailboxes in O365 so that there's a single, complete and authoritative set of aliases on the exim MX. On the exim side we have a list of mailbox local-parts along with their backends as well as a list of aliases and what they resolve to. This ensures we don't get any "split brain" behaviour where the available local-parts@ourdomain are different depending on who is sending mail from where. Once again, sorry for the late reply. Let me know if you need any more tips and don't worry about prodding me if I don't respond in a timely way. Regards, @ndy -- [email protected] http://www.ashurst.eu.org/ 0x7EBA75FF -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
