Project Puchufy

Outbound Connectors

Outbound connectors is similar to static routes for other types of mail processing server. The Office 365 outbound connector can be configured to route certain emails to a specific domain to either smart hosts or to an MX record associated with the domain being routed.

0365 Outbound connector, same as inbound connector, can be found under:
Office365 Admin > Exchange > Mail Flow > Connectors

 

Attributes of an Outbound Connector Explained Per Tab

General

  • It’s where you can assign a name for the connector. The name does not have bearing with the routing.
  • Tick the check box for “Enable outbound connector” if it should be enabled.
  • Connector Type: (1) Partner is for servers not within your organization; (2) On-premises is for servers managed by your own organization.

Security

  • Opportunistic TLS – 0365 connects to this mail system ans attempts to encrypt the communication channel. If the encrypted communication is not supported, it falls back to unencrypted connection.
  • Self-signed certificate – 0365 will use a certificate signed with its own private key, and not by a high ranking certification authority (CA). To learn more about self-signed certificates, visit Wikipedia.
  • Trusted CA – Trusted certificates are used to initiate connection to a server over the internet and to avoid MITM attacks. Trusted CA are those that are signed by commercial providers like Symantec and GoDaddy.
  • Recipient certificate matches domain – Certificates is for a wildcard on a domain.

Delivery

  • MX record associated with the recipient domain
  • Route mail through smart hosts – this is where you can provide the IP address or the FQDN of the server.

As per experience, for example 4 servers will be assigned as smart hosts for the outbound connector and all 4 were located at 4 different geographical sites, 0365 prioritizes connecting to the server with nearest hop. It connects to farther server only if the nearest server(s) are unreachable.

Scope

  • Route all accepted domains through this connector
  • Recipient domain portion allows you to specify the domains that you will route to the smart hosts. These domains should be added to “accepted domains” in order for 0365 to accept the emails, else it will return a relay access denied to a relaying server.

 

To add a domain: