Relevant Products: Exclaimer Cloud - Signatures for Office 365
When using Exclaimer Cloud with a third-party security solution (for example: Mimecast; Proofpoint; Barracuda; Reflexion etc.), you may find that emails do not route the way you would like them to or do not have a signature applied.
The recommended setup for Exclaimer Cloud in conjunction with a third party security solution is as follows:
Sender > Office 365 > Exclaimer Cloud > Office 365 > third party security solution > Recipient.
The following list of smart hosts or security solutions are known to work when using Exclaimer Cloud - Signatures for Office 365:
- Fusemail (Exclaimer Cloud is known to work with the Fusemail SecureSMART Suite, but cannot be used with the Fusemail Hosted Exchange.)
- Symantec Cloud
Note: While your chosen Smart Host or email security service may not be listed above, this does not mean that it can't be used when using Exclaimer Cloud - Signatures for Office 365.
In the example below, we are using Mimecast, but you can follow the same steps for other Smart Host or Third Party Security system.
Currently, the connector is set to apply to all messages at the connector level and likely appears similar to the following connector:
The above setup shows the correct SMTP address for the Mimecast smart host, but this setup bypasses Office 365 Transport Rules.
The objective of this solution is to modify the connector setup so that it uses a Transport Rule with a lower priority than the Exclaimer Transport Rule, therefore ensuring that signatures are applied before messages are scanned by the third party security solution.
Please follow the steps below to reconfigure your connector (note that there may be downtime during the change - we recommend making this change out of hours where possible):
- Step 1: Reconfigure the 3rd party Security connector
- Step 2: Add a new mail flow rule
- Step 3: Configure the new mail flow rule
- Step 4: Add your .onmicrosoft address to the Exclaimer portal
Step 1: Reconfigure the 3rd party Security connector
1. Log on to the Office 365 Portal as a Global Administrator.
2. Open the admin center.
3. Click admin centers and select Exchange.
4. Select mail flow and then connectors.
5. Reconfigure the connector to apply Only when I have a transport rule set up that redirects messages to this connector:
6. Continue pressing next to leave all other connector settings as they are and save the connector.
Step 2: Add a new mail flow rule
1. Still in the admin center under mail flow, select rules.
2. Click the + (plus) button to add a new rule.
3. Give the rule a name - for example: Send to Mimecast.
Step 3: Configure the new mail flow rule
1. Scroll down and click the More options link to enable additional rule options.
2. Add a condition which states The sender is located inside the organisation. This ensures that all emails sent from your Office 365 tenancy are routed through the connector.
3. Add another condition which states The Recipient is located Outside the organisation. This ensures that your internal emails sent from your Office 365 tenancy are not routed through the connector, and prevents mail loops.
4. Add an action which states Redirect messages to the following connector and select your Third party Security connector. The rule should now resemble the example below.
5. Save the new rule. It should now be shown in the rules list with a priority of 1. Also in this list, you should see the Exclaimer rule called Identify messages to send to Exclaimer Cloud, which has a priority of 0:
Using an Exception instead
If your Security Connectors also process the internal mail, the The Recipient is located Outside the organisation setting would not be appropriate.
Instead of this condition you would use an additional action and exception rule to prevent mail looping using the below steps:
1. Follow steps 1 and 2 above as normal to make changes to the Connector and create the new mail flow rule
2. Scroll down and click the More options link to enable additional rule options.
3. Add an action using the options Modify the message properties and Set a Message header.
4. Set the message header to something such as 'ThirdPartyProcessed' and then the Value to 'True'
5. Add an exception for 'A Message Header' that 'Includes any of these words' and set that rule to also be for the text 'ThirdPartyProcessed' and the Value 'True'.
6. Add an action which states Redirect messages to the following connector and select your connector.
This combination of adding the header and setting it as an exception means that if the mail is returned to your 365, it is not then redirected to the connector again and prevents mail loops.
Step 4: Amend the Exclaimer mail flow rule
1. Open the rule named Identify messages to send to Exclaimer Cloud.
2. Scroll down until you see the option to Stop processing more rules:
3. Your Office 365 set up is now complete.
Step 5: Add your .onmicrosoft address to the Exclaimer portal
The final step of this process is to return to the Exclaimer Cloud portal to ensure emails are routed to Office 365 once the signature has been applied:
1. Log in to your Exclaimer portal.
2. Select Launch for your subscription
3. Select Settings in the Cloud portal
4. Select Mail Flow.
5. Under Mail Routing, select
6. Select Static domain.
7. Enter your .onmicrosoft address (listed in your Office 365 tenancy under Domain Name):
8. Save changes.
Your setup is now complete. When you send a test email, you will be able to see (from the message headers) that the email routes from Office 365 to Exclaimer Cloud, then from Exclaimer Cloud back to Office 365 and from Office 365 to Mimecast - as expected.
If you experience any problems, or if you would like to have someone from Exclaimer on the telephone or via a remote session during the setup process, please let us know or raise a support ticket here.