Allow relay from O365

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
jeremywatco
Posts: 18
Joined: Sat Sep 13, 2014 3:52 am

Allow relay from O365

Post by jeremywatco »

Hi all,

We have a split domain and have had it working great for past 5 years or so. Traditionally we had mail flow from our 3rd party Spam/AV gateway > Zimbra > Office 365 and then for outbound Office 365 has a connector back to the Spam/AV. So in or out it all follows this flow. Worked great. Now we have a specific business need to reverse the flow and have the mail go from our Spam/AV > Office 365 > Zimbra. For inbound messages this is working fine. The issue is for outbound messages originating from Office 365.... We want those messages to flow through the Zimbra server and out to the Spam/AV and NOT go direct to the Spam/AV.

My issue is with Zimbra I can't figure out the best way to allow for a relay from Office 365. The host name it sends from is never the same. The IP it sends from is never the same. Thoughts?
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Allow relay from O365

Post by L. Mark Stone »

jeremywatco wrote:Hi all,

We have a split domain and have had it working great for past 5 years or so. Traditionally we had mail flow from our 3rd party Spam/AV gateway > Zimbra > Office 365 and then for outbound Office 365 has a connector back to the Spam/AV. So in or out it all follows this flow. Worked great. Now we have a specific business need to reverse the flow and have the mail go from our Spam/AV > Office 365 > Zimbra. For inbound messages this is working fine. The issue is for outbound messages originating from Office 365.... We want those messages to flow through the Zimbra server and out to the Spam/AV and NOT go direct to the Spam/AV.

My issue is with Zimbra I can't figure out the best way to allow for a relay from Office 365. The host name it sends from is never the same. The IP it sends from is never the same. Thoughts?
Wouldn't an Outbound Connector in 365 solve the issue?
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
jeremywatco
Posts: 18
Joined: Sat Sep 13, 2014 3:52 am

Re: Allow relay from O365

Post by jeremywatco »

The Outbound connector back to Zimbra is just fine. Zimbra is just rejecting the relay. So I need to find a way to allow relaying from O365 through Zimbra. The O365 setup is straight forward and already done. It seems I can only relay by IP address. I know its not the best way to do it but is there a way within zimbra to say allow relay from *.outlook.com or something wildcarded like that?
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Allow relay from O365

Post by L. Mark Stone »

jeremywatco wrote:The Outbound connector back to Zimbra is just fine. Zimbra is just rejecting the relay. So I need to find a way to allow relaying from O365 through Zimbra. The O365 setup is straight forward and already done. It seems I can only relay by IP address. I know its not the best way to do it but is there a way within zimbra to say allow relay from *.outlook.com or something wildcarded like that?
If the mailbox exists in Zimbra, Zimbra should accept the email from M365 for delivery locally (assuming it passes through amavis...)

Why not provide logs from Zimbra showing the rejects? Hard to help further without specifics...
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
jeremywatco
Posts: 18
Joined: Sat Sep 13, 2014 3:52 am

Re: Allow relay from O365

Post by jeremywatco »

Correct, and that works just fine.

What i need is an O365 user that sends an email to lets say @yahoo.com. I need that message to flow through the Zimbra MTA and then out.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Allow relay from O365

Post by phoenix »

jeremywatco wrote:What i need is an O365 user that sends an email to lets say @yahoo.com. I need that message to flow through the Zimbra MTA and then out.
OK, I'll bite. :) Why do you need to relay messages from O365 through another server?
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
jeremywatco
Posts: 18
Joined: Sat Sep 13, 2014 3:52 am

Re: Allow relay from O365

Post by jeremywatco »

Because!

No, because we have a strange issue that neither Barracuda (Spam Appliance) or Microsoft can figure out. We need all in/out mail routed through our Barracuda Appliance for compliancy reasons (encryption, content checking, etc). When an office 365 message gets sent out from Office 365 through the barracuda its great works fine. Zimbra the same. But when a O365 origin message destined to a different O365 tenant is sent out the barracuda appliance and O365 on the other tenant start to fight and creates a mail loop for unknown reasons finally ending up in a bounce back. It's weird.

Strangely enough if I route that O365 message through Zimbra first and then to the barracuda appliance this fight doesnt happen and everything is great. Again.. Barracuda support & Microsoft are just left puzzled.
Post Reply