Articles in this section

See more

Configure Office 365 Exchange to use Email Signature Server

Updated
Follow

About this article

In this article we will be creating and configuring a mail flow rule and the connectors in the Exchange Online Admin Center. These will identify the e-mails that will redirected through the Templafy Email Signature Server cluster for processing.

Prerequisites

 
  • Global Admin rights in Exchange Online Admin Center
  • Email Signature Server cluster Public IP address

 

Step 1. Create the inbound connector

  • Go to https://admin.microsoft.com/ or go directly to https://admin.exchange.microsoft.com/

  • Click Show all

    MAC_show_all.png

  • Click Exchange

    EAC2.png

  • Click Mail flow and then Connectors

    EAC_connectors2.png

     

  • Click [+ Add a connector]

  • Choose Your organization's email server
  • Click [Next]

    New_connector.png

  • Enter a name for the connector: templafyemailsignatureserver-inbound

  • Click [Next]Connector_name.png

  • Choose the By verifying that the IP address... option

  • Add the public hostname/IP of the smarthost. The IP address can be retrieved in Kubernetes portal for the cluster created earlier in Configure a new Email Signature Server in kubernetes

  • For Templafy-hosted solutions you will be provided the IP address of your dedicated Email Signature Server hosted by Templafy.

     

    • Update the SPF record for all email sending domains

       

    • To ensure the Email Signature Server is identified as authorized to process mail for your domains it is important to add the Inbound Connector IP address to the DNS SPF record for each domain that may be sending emails through the Templafy Email Signature Server for processing.
    • nslookup -type=txt <your primary domain>
    • Below an example (SPF Record): v=spf1 ip4:<ess_inbound_connector_ip> -all
    • Click the [+] sign

    Authenticating_sent_email.png

  • Click [Next]
  • Click [Create connector]

Step 2. Create the Outbound connector

  • Click [+ Add a connector]

  • Choose Office 365
  • Click [Next]

    New_connector_outbound.png

  • Enter a name for the connector: templafyemailsignatureserver-outbound
  • Click [Next]

    Connector_name_outbound.png

  • Choose Only when I have a transport rule set up that redirects messages to this connector

  • Click [Next]

    Use_of_connector.png

  • Specify the smart host (public hostname/IP with port forwarding on port 25 to the docker service)

  • Click the the [+] sign

  • Click [Next]

    Routing_outbound.png

  • Select Any digital certificate, including self-signed certificates

  • Click [Next]

    Security_restrictions_outbound.png

Step 2a. Validate the Outbound Connector

 
  • Connector validation is REQUIRED for Microsoft Exchange (through Exchange Online Protection) to trust our connectors.

  • Provide an email address from inside of your domain or templafy.com

  • Click [+]

  • Click [Validate]

    Validation_email_outbound.png

  • There will be a three step validation progress bar. This will take one to two minutes to complete.

  • Click [Save]  

     
    •  If the second part of the test failed, then please check if other connectors are already configured, if yes, then make sure that those are not the ones used for executing the send test for your new connector. This can be done by adding an Exception rule for the built-in user O365ConnectorValidation@<current domain> to the other connector's mail flow rule.
    • If the connector has already been saved in a failed validation state, it can be re-attempted after connector has been saved. Open the connector and at the bottom of the pane click [Validate this connector]. Then, repeat the validation process described above.

     

Step 3. Create the mail flow rule

  • Go to Rules
  • Click [+ Add a rule] Create a new rule...
  • Name suggestion: templafy email signatures

  • Add the message targeting under the "Apply this rule if" section

    • Select The sender... -> is external/internal Inside the organization
    • Click [+]

    • Select The sender... -> domain is and [Add] each Email Domain that is configured in your Templafy tenant Email signatures settings.

      This is found in your Templafy tenant at Admin Center -> Email signatures -> More options -> Settings: How to add or remove Email Domains?

      Ensure the SPF record is updated with the cluster Inbound Connector IP address for each of these added domains as described in the Inbound Connector configuration above.

     

    • Targeted user distribution to Email Signature Server:

      Additionally, we recommend this configuration if you have many automated mail sending systems that would not be receiving a Templafy managed signature.

      You can add the condition "Sender is a member of..." and use a Distribution Group, or Mail Enabled Security Group, of users that are in the Templafy tenant for a managed signature.

  • Add the redirect to the Outbound Connector under the "Do the following" section

    • Select Redirect the message to... -> the following connector Connector: templafyemailsignatureserver-outbound
       
      •  if you would like to add the Secret Key Validation, follow the article below to do so: Enable sender secret key validation
      • Note: For Templafy-Hosted Email signature server, the Templafy team will provide this Value along with the related IP addresses

  • Add the three required exceptions under the "Except if" section

    • Add the exception for excluding the processed emails that are returned from the ESS

      • Select The message headers... -> includes any of these words
      • Click Enter text...
        specify header name: Templafy-EmailSignatureServer-Processed
        Click [Save]
      • Click Enter words... specify words or phrases: true
        Click [Add]
        Click [Save]
      • Click [+]

    • Add the exception for excluding the emails already processed by a Templafy Email Signature add-in OR the exception for excluding only the unsupported email types

      • Select The message headers... -> matches these text patterns
      • Click Enter text... specify header name: x-processedbytemplafy OR x-unsupportedformatbytemplafy
         
        • Use the header x-processedbytemplafy if you prefer the emails already processed by Templafy via the Outlook VSTO Plugin on PC or via the Templafy Outlook Web Add-in in to skip the Email Signature Server
        • Use the header x-unsupportedformatbytemplafy if you prefer all the traffic will go to Templafy Email signature for a sanity check (in case the signature was removed by the end users while the add-ins are in use in their sending application) except the non-supported format items (meeting invites and vote feature in Outlook Application for PC)
      • Click [Save]
      • Click Enter words... specify words or phrases: true
        Click [Add]
        Click [Save]
      • Click [+]

    • Add the exception for Permission controlled emails

      • Select The message properties... -> Include the message type
      • Select Permission controlled from the dropdown list
      • Click [Save]
  • Click [Next] to go to the next page
  • Select the option for Stop processing more rules
     
    • The rest of the mail flow rules you may have will be applied when the email is returned back from the ESS solution to Exchange.
  • Click [Next]
  • Click [Finish]

     

  • Enable the new mail flow rule and set the priority to the hightest

    • Select the newly created rule verify the rule
    • Click the toggle to set the rule to be Enabled.
      • You have to wait at this panel until the operation says it completed.
    • Click "Edit rule settings" at the top of the panel.
      • Set the Priority textbox to 0
    • Click [Save]

mceclip0_rule_example_1.png

mceclip1._rule_example_2png.png

 

 

Related articles

 

Related articles

Comments

0 comments

Article is closed for comments.