How to Ensure On-Prem SMTP Relay is Recognized as Internal When Sending to EXO?

0
8
Asked By TechWiz42 On

I'm dealing with an SMTP relay setup where all our mailboxes are in Exchange Online (EXO). We have some on-prem devices, like multifunction printers and monitoring platforms, that need to send emails. They're configured to send through an on-prem SMTP relay, which then connects to our smarthost. While there's a connector in place for routing mail from on-prem to O365 based on IP, I've found that the mail from these devices is being flagged as Anonymous instead of Internal. This prompted me to create a bypass rule to prevent messages from being marked as spam, but I'm concerned that's not a secure solution. I discovered the 'TreatMessagesAsInternal' setting, which works, but I'm worried it might expose us to risks. I'm pondering if using a subdomain for our on-prem sending could enhance security, but I also know there are suggestions to assign each device its own mailbox, which isn't feasible for us right now. I'd appreciate any advice or insight on how to better configure this setup!

3 Answers

Answered By GadgetGuru99 On

It sounds like your MFP is using an anonymous connector, which is common for those devices. You might want to double-check the settings on the connector. You typically need to have a send connector that's scoped specifically for the MFP’s static IP to ensure smooth mail flow. This way, it should be treated as a legitimate sender instead of anonymous.

Answered By ExchangeExpert91 On

You're on the right track with your concerns! That 'TreatMessagesAsInternal' setting will help with the recognition, but indeed comes with risk. It could allow some malicious users to spoof emails if they find a way inside. It might still be worth exploring using a subdomain for your on-prem servers. While getting separate mailboxes is ideal, a subdomain could provide an extra layer of security without needing certificates right now.

Answered By AdminAce123 On

I think the issue lies in the configuration of your receiving connector. You need to switch to externally secured permissions rather than allowing anonymous permissions. That would help ensure that emails sent through your setup are recognized as coming from internal senders. You can find more details on how to configure this in the Microsoft documentation.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.