Exchange
Instructions for integrating with SecuMailer.
Last updated
Instructions for integrating with SecuMailer.
Last updated
Exchange is able to direct traffic to certain recipients (recipient based routing), it does not however contain functionality for routing based on the sender (sender based routing). By using a redirect mail flow rule it is possible to do a form of sender based routing that is sufficient for directing traffic to SecuMailer without violating the Exchange way-of-working. The high level approach is that any mailbox that needs to be integrated with SecuMailer is placed in a specific Distribution Group. Next to that a new mail contact is created that uses a non-existent email address / domain (to prevent any undesirable external routing). A new mail rule is created that redirects email from members of the Distribution Group to the Contact with the non-existent email address. This Contact is associated with a Send Connector which in turn forwards all email to the SecuMailer Mail Relay (and thereby into the SecuMailer system).
The integration method outlined in this document has been tested with Microsoft Exchange 2016. There is no reason to assume this method will not work in older versions of Exchange, however this has not been verified by SecuMailer. The basic idea is to direct traffic from certain addresses / mailboxes towards SecuMailer. It is not necessary to direct all email traffic towards SecuMailer unless this is your intended desire.
Please open a browser and provide the url for your Exchange Admin Center.
In EAC select recipients
in the main menu and subsequently select groups
from the context menu. Click on the +
symbol and select Distribution Group
from the dropdown menu. You should now see the pop-up named new distribution group
.
Please fill in Display name
.
If you have a naming convention in your organization, please use that convention. If there is no naming convention you can use
SecuMailer
.
Please fill in Alias
.
If you have a naming convention in your organization, please use that convention. If there is no naming convention you can use
SecuMailer
.
Please select the Organizational unit
that contains the mailboxes that you wish to connect with SecuMailer. Please set the Owners
according to your organization’s standards. Please add as Members
the mailbox(es) that you wish to connect with SecuMailer.
Please deselect
Add group owners as members
as this would automatically add the administrators to the group that will forward all email via SecuMailer (unless this is your intention).
Please apply any other setting that you apply within your organization on this Distribution Group. After you are finished setting all options please click on the Save
button to store your Distribution Group configuration.
You should still be in the recipients
context (if not please click on recipients
in the main navigation). Please select contacts
in the context menu. Click on the +
symbol and select Mail contact
from the dropdown menu. You should now see the pop-up new mail contact
(see below).
Please fill in Display name
.
If you have a naming convention in your organization, please use that convention. If there is no naming convention you can use
SecuMailer Relay
.
Please fill in Name
.
If you have a naming convention in your organization, please use that convention. If there is no naming convention you can use
SecuMailer Relay
.
Please fill in Alias
.
If you have a naming convention in your organization, please use that convention. If there is no naming convention you can use
SecuMailer Relay
.
Please fill in External email address
and use the following convention:
SMTP:secumailer@secumailer.relay
The domain secumailer.relay
doesn’t exist which is intentional. After you are finished setting all options please click on the Save
button to store your Contacts configuration.
In this section you will create two Transport Rules. The first transport rule will handle external BCC recipients, the second rule will direct your mail traffic towards the SecuMailer platform.
Due to how mail relay integration works SecuMailer can’t work with BCC recipients, this information gets lost in the protocol exchange. Internal BCC recipients are not affected but to make sure no inadvertent external BCC recipients are used we require a transport rule that will decline usage of external BCC recipients. In EAC select mail flow
in the main menu and subsequently select rules
from the context menu. Click on the +
symbol and select create a new rule
from the dropdown menu. You should now see the pop-up named new rule
(see below).
Please fill in Name
.
If you have a naming convention in your organization, please use that convention. If there is no naming convention you can use “No external BCC”.
Carry out the following steps:
At dropdown list Apply this rule if…
please select The sender is a member of…
and select and add the distribution group you created in paragraph "Create Distribution Group" and click on the OK
button.
Click on the button Add condition
to add the second condition. At the second dropdown list select The recipient...
and in the sub dropdown list select is internal/external
. In the select recipient location
popup select the option Outside the organization
and click on OK
.
Click on the button Add condition
to add the third and last condition. At the third dropdown list select A message header …
and in the sub dropdown list select matches these text patterns
. To the right of the dropdown click on the Enter text
link and in the popup titled specify header name
fill in the following: X-MS-Exchange-Organization-BCC
and click on OK
. Next click on the link titled Enter text patterns …
and in the popup titled specify words or phrases
fill in the following: $
and click on the +
symbol to the right and subsequently click on OK.
At the next drop down under the label Do the following...
select the option Block the message
and in the sub drop down select Reject the message with the explanation
. In the popup titled specify rejection reason
you can provide an explanation why this message is blocked. An example that you might use is:
“Your message is blocked and not delivered due to our policy not allowing external BCC recipients”. Click on ‘OK’.
Scroll down the form and check the box at Stop processing more rules.
Click on Save
. You are now done with the first transport rule
You are still in the rules
section of mail flow
. Please create the second transport rule by clicking on the +
symbol and select create a new rule
from the dropdown menu. You should now see the pop-up named new rule.
Please carry out the following steps:
Please fill in Name
If you have a naming convention in your organization, please use that convention. If there is no naming convention you can use “Redirect to SecuMailer”.
At dropdown list Apply this rule if…
please select The sender is a member of…
and select and add the distribution group you created in paragraph "Create Distribution Group" and click on the OK
button.
At dropdown list Do the following…
please select Redirect the message to…
and select and add the contact you created in paragraph "Create Contact" and click on the OK
button.
At Except if …
click on the button add exception
. If you don’t see this option please scroll down until you see the link More options…
and click on the link, this should give you the possibility of adding an exception. In the dropdown list select The recipient…
and select internal/external
. In the popup window select internal
and click on OK
.
Click on the button add exception
to add a second exception. In the dropdown list select A message header…
and in the sub dropdown list select matches these text patterns
. To the right of the dropdown click on the Enter text
link and in the popup titled specify header name
fill in the following: X-MS-Exchange-Organization-BCC
and click on OK
. Next click on the link titled Enter text patterns…
and in the popup titled specify words or phrases
fill in the following: $
and click on the +
symbol to the right and subsequently click on OK
. After you are finished setting all options please click on the Save
button to store your Mail Rule configuration.
You should still be in the mail flow
context (if not please click on mail flow
in the main navigation). Please select send connectors
in the context menu. Click on the +
symbol. You should now see the pop-up new send connector
(see below).
Please fill in Name
If you have a naming convention in your organization, please use that convention. If there is no naming convention you can use “SecuMailer”.
Click on button Next
. Please select Route mail through smart hosts
and click on the +
symbol.
You will get a pop-up titled “add smart host”.
Please fill in the following value: mail-relay.secumail.cloud
. Click on the Save
button. Click on the Next
button to proceed.
Please select option Basic authentication
and select Offer basic authentication only after starting TLS
. At the User name
and Password
fields please fill in the values supplied by SecuMailer. If you haven’t received these values please contact SecuMailer Support at support@secumailer.com. Click on the Next
button to proceed to the next screen.
Please click on the +
symbol. In the popup please fill in Full Qualified Domain Name (FQDN)
with value: secumailer.relay
Click on the Save
button to proceed. The new send connector
windows should look as follows:
Click on the Next
button to proceed. In the next popup click on the +
button.
Please select your server and click on the Add
button. Please click on the OK
button.
The new send connector
windows should look as follows (with your mail server shown rather than the example server):
Please click on Finish
Please start the Exchange Management Shell.
Please type: Get-SendConnector
With the next command you switch the SecuMailer Send Connector to use port 587 rather than port 25. This instruction assumes you have used “SecuMailer” as the name for your Send Connector. If you have chosen a different name for the Connector please use that name. Please type:
Set-SendConnector -identity "SecuMailer" -Port:587
Hit enter to execute. If all went well the command completes without any issues.
Please make sure you allow port 587 outgoing to mail-relay.secumail.cloud to allow the email traffic to reach the SecuMailer platform.
Microsoft uses an outdated format for emails called “Rich Text Format” (or RTF in short). The RTF format is only supported by Outlook and can’t be read on the standard mail clients of Apple devices or Android devices. Microsoft advises to disable Rich Text Format to avoid inadvertently sending mails in this format.
To disable RTF please start the Exchange Management Shell. This instruction assumes you have used “SecuMailer Contact” as the name for your Contact setting. If you have chosen a different name for the Contact please use that name. Please type:
Set-MailContact -Identity "SecuMailer Contact" -UseMapiRichTextFormat Never
Hit enter to execute. If all went well the command completes without any issues.
The integration is now completed. Please send a couple of test emails from the address you connected with SecuMailer and verify they arrive correctly at an email address you have access to.
The NTA 7516 functionality requires two additional changes to your Exchange configuration:
Creation of a separate Distribution Group
Creation of a mail flow rule
For the creation of the Distribution Group please see the relevant instructions in this manual. You can name this Distribution Group "SecuMailer NTA7516".
After you have created the Distribution Group please create a new mail flow rule.
In EAC select mail flow
in the main menu and subsequently select rules
from the context menu. Click on the +
symbol and select create a new rule
from the dropdown menu. You should now see the pop-up named new rule
(see below).
Please fill in Name
.
If you have a naming convention in your organization, please use that convention. If there is no naming convention you can use “SecuMailer NTA7516”.
At dropdown list Do the following… please select Redirect the message to… and select and add the contact you created in paragraph "Create Contact" and click on the OK button.
Please carry out the following steps:
At dropdown list Apply this rule if…
please select The sender is a member of…
and select and add the distribution group you created in NTA 7516 Distribution Group and click on the OK
button.
In the next dropdown list named Do the following
select the option Modify the message properties
and select Set a message header
. In the text to the right of the option click on the first Enter text...
link and in the message header popup fill in: X-SecuMailer-NTA7516 and click on OK
. Click on the second Enter text...
link and in the message value popup fill in: true and click on OK
.
Click on the button add action
to add a second Action. At dropdown list Do the following…
please select Redirect the message to…
and select and add the contact you created in paragraph "Create Contact" and click on the OK
button.
Click on the button Add exeption
to add a exeption. At dropdown list select The recipient...
and in the sub dropdown list select is internal/external
. In the select recipient location popup select the option inside the organization
and click on OK
.
This completes the Transport Rule for NTA 7516. Please click on Save
to finalize the setup.
If the customer is using Exclaimer or CodeTwo, please see the separate section on configuring SecuMailer together with Exclaimer or configuring SecuMailer together with CodeTwo .