About this article
In this article we will be creating and configuring a mail flow rule and the connectors in the Exchange Online Admin Center. These will identify the e-mails that will redirected through the Templafy Email Signature Server cluster for processing.
- Step 1. Create the inbound connector
- Step 1a. Update the SPF record for all email sending domains
- Step 2. Create the Outbound connector
- Step 2a. Validate the Outbound Connector
- Step 3. Create the mail flow rule
- Step 3a. Add the message targeting under the "Apply this rule if" section
- Step 3b. Add the redirect to the Inbound Connector under the "Do the following" section
- Step 3c. Add the three required exceptions under the "Except if" section
- Step 3d. Enable the new mail flow rule and set the priority to the highest
Prerequisites
|
Step 1. Create the inbound connector
- Go to https://admin.microsoft.com/ or go directly to https://admin.exchange.microsoft.com/
-
Click Show all
-
Click Exchange
-
Click Mail flow and then Connectors
-
Click [
+ Add a connector
] - Choose Your organization's email server
- Click [
Next
] -
Enter a name for the connector:
templafyemailsignatureserver-inbound
-
Click [
Next
] -
Choose the By verifying that the IP address... option
-
Add the public hostname/IP of the smarthost. The IP address can be retrieved in Kubernetes portal for the cluster created earlier in Configure a new Email Signature Server in kubernetes
-
For Templafy-hosted solutions you will be provided the IP address of your dedicated Email Signature Server hosted by Templafy.
-
Update the SPF record for all email sending domains
- To ensure the Email Signature Server is identified as authorized to process mail for your domains it is important to add the Inbound Connector IP address to the DNS SPF record for each domain that may be sending emails through the Templafy Email Signature Server for processing.
nslookup -type=txt <your primary domain>
- Below an example (SPF Record):
v=spf1 ip4:<ess_inbound_connector_ip> -all
- Click the [
+
] sign
-
- Click [
Next
] - Click [
Create connector
]
Step 2. Create the Outbound connector
-
Click [
+ Add a connector
] - Choose Office 365
- Click [
Next
] - Enter a name for the connector:
templafyemailsignatureserver-outbound
- Click [
Next
] -
Choose Only when I have a transport rule set up that redirects messages to this connector
- Click [
Next
] -
Specify the smart host (public hostname/IP with port forwarding on port 25 to the docker service)
- Click the the [
+
] sign -
Click [
Next
] -
Select Any digital certificate, including self-signed certificates
- Click [
Next
]
Step 2a. Validate the Outbound Connector
|
-
Provide an email address from inside of your domain or templafy.com
-
Click [
+
] -
Click [
Validate
] -
There will be a three step validation progress bar. This will take one to two minutes to complete.
-
Click [
Save
]- If the second part of the test failed, then please check if other connectors are already configured, if yes, then make sure that those are not the ones used for executing the send test for your new connector. This can be done by adding an Exception rule for the built-in user
O365ConnectorValidation@<current domain>
to the other connector's mail flow rule. - If the connector has already been saved in a failed validation state, it can be re-attempted after connector has been saved. Open the connector and at the bottom of the pane click [Validate this connector]. Then, repeat the validation process described above.
- If the second part of the test failed, then please check if other connectors are already configured, if yes, then make sure that those are not the ones used for executing the send test for your new connector. This can be done by adding an Exception rule for the built-in user
Step 3. Create the mail flow rule
- Go to Rules
- Click [
+ Add a rule
] Create a new rule... - Name suggestion:
templafy email signatures
-
Add the message targeting under the "Apply this rule if" section
- Select
The sender...
->is external/internal
Inside the organization
- Click [
+
] -
Select
The sender...
->domain is
and [Add] each Email Domain that is configured in your Templafy tenant Email signatures settings.This is found in your Templafy tenant at Admin Center -> Email signatures -> More options -> Settings: How to add or remove Email Domains?
Ensure the SPF record is updated with the cluster Inbound Connector IP address for each of these added domains as described in the Inbound Connector configuration above.
-
Targeted user distribution to Email Signature Server:
Additionally, we recommend this configuration if you have many automated mail sending systems that would not be receiving a Templafy managed signature.
You can add the condition
"Sender is a member of..."
and use a Distribution Group, or Mail Enabled Security Group, of users that are in the Templafy tenant for a managed signature.
- Select
-
Add the redirect to the Outbound Connector under the "Do the following" section
- Select
Redirect the message to...
->the following connector
Connector:templafyemailsignatureserver-outbound
- if you would like to add the Secret Key Validation, follow the article below to do so: Enable sender secret key validation
- Note: For Templafy-Hosted Email signature server, the Templafy team will provide this Value along with the related IP addresses
- Select
-
Add the three required exceptions under the "Except if" section
-
Add the exception for excluding the processed emails that are returned from the ESS
- Select The message headers... -> includes any of these words
- Click Enter text...
specify header name:Templafy-EmailSignatureServer-Processed
Click [Save
] - Click Enter words... specify words or phrases:
true
Click [Add
]
Click [Save
] - Click [
+
]
-
Add the exception for excluding the emails already processed by a Templafy Email Signature add-in OR the exception for excluding only the unsupported email types
- Select The message headers... -> matches these text patterns
- Click Enter text... specify header name:
x-processedbytemplafy
ORx-unsupportedformatbytemplafy
- Use the header
x-processedbytemplafy
if you prefer the emails already processed by Templafy via the Outlook VSTO Plugin on PC or via the Templafy Outlook Web Add-in in to skip the Email Signature Server - Use the header
x-unsupportedformatbytemplafy
if you prefer all the traffic will go to Templafy Email signature for a sanity check (in case the signature was removed by the end users while the add-ins are in use in their sending application) except the non-supported format items (meeting invites and vote feature in Outlook Application for PC)
- Use the header
- Click [
Save
] - Click Enter words... specify words or phrases:
true
Click [Add
]
Click [Save
] - Click [
+
]
-
Add the exception for Permission controlled emails
- Select The message properties... -> Include the message type
- Select Permission controlled from the dropdown list
- Click [
Save
]
-
- Click [
Next
] to go to the next page - Select the option for Stop processing more rules
- The rest of the mail flow rules you may have will be applied when the email is returned back from the ESS solution to Exchange.
- Click [
Next
] - Click [
Finish
] -
Enable the new mail flow rule and set the priority to the hightest
- Select the newly created rule verify the rule
- Click the toggle to set the rule to be Enabled.
- You have to wait at this panel until the operation says it completed.
- Click "Edit rule settings" at the top of the panel.
- Set the Priority textbox to
0
- Set the Priority textbox to
- Click [
Save
]
Comments
0 comments
Article is closed for comments.