[Microsoft 365] Configuring the e-securemail SMTP Relay for Exchange Server and Microsoft 365

📌 Compatibility: Exchange Server 2016, 2019 | Microsoft 365 (Exchange Online)

Objective

Instead of sending emails directly to the Internet, this procedure allows you to route all outbound messages from your organization through the e-securemail antispam gateways using a secure SMTP relay.

🔑 Important Information

SMTP relay server to configure:
smtp.security-mail.net

This is the address you must configure to route your outbound mail flow through the e-securemail filtering gateways.

🔒 Security Recommendation

For optimal protection of your Exchange infrastructure, restrict inbound connections by allowing only the IP addresses of the e-securemail servers.

📥 View the list of e-securemail IP ranges 📥 Consulter la liste des plages IP e-securemail


📋 Configuration Procedures

Choose the procedure corresponding to your environment:


☁️ Configuration for Microsoft 365 (Exchange Online)

Step 1: Access the Exchange Admin Center

  1. Go to:
    www.office.com
  2. Click Sign in
  3. Once logged in, click Admin
  4. Select …Show all
  5. Choose Exchange
  6. Go to Mail flow

Step 2: Create the Outbound Filtering Connector

2.1 Create a New Connector

  1. In the Connectors tab, click Create ➕
  2. From: Select Office 365
  3. To: Select Partner organization
  4. Click Next

2.2 Name the Connector

  • Name: Enter:

ESM outbound filtering

Click Next


2.3 Usage Conditions

Enable the following option:

Only when a transport rule is set up that redirects messages to this connector

Click Next


Step 3: Configure Routing

3.1 Configure the Smart Host

  1. Select:

Route email through these smart hosts

  1. Click Add ➕
  2. Enter:

smtp.security-mail.net

  1. Click the + button to save
  2. Click Next

Step 4: Security Restrictions

4.1 TLS Configuration

  1. Enable:

Always use TLS

  1. Select:

Issued by a trusted Certificate Authority (CA)

  1. Click Next
  2. Confirm by clicking Next

Step 5: Validate the Connector

5.1 Send a Test Email

  1. Click Add ➕
  2. Enter a validation email address:

Recommended:

support@secuserve.com

Or use an address from your own domain.

  1. Confirm by clicking OK

A confirmation message will indicate that a test email has been sent.


5.2 If Validation Fails

⚠️ If you receive a validation error message:

Option 1

Repeat the validation process.

Option 2

Click:

Start without validation


Step 6: Create the Routing Rule

6.1 Access Mail Flow Rules

  1. Go to Exchange mail flow rules
  2. Click Add a new rule ➕

6.2 Configure the Rule

  • Name: Enter:

ESM outbound filtering


6.3 Define the Condition

In:

Apply this rule if

Select:

The sender > is > The domain is

  1. Click the +
  2. Enter the domain name(s) concerned
  3. Confirm

6.4 Define the Action

In:

Do the following

Select:

  • Redirect the message to
  • The following connector

Choose:

ESM outbound filtering


6.5 Add an Exception

To prevent internal emails from passing through the relay:

  1. Select:

Except if

  1. Choose:

The recipient is

  1. Select:

The recipient is located inside the organization

⚠️ Important: Also apply exceptions for tenant domains that do not use e-securemail filtering/relay services.


6.6 Save the Rule

  1. Review the entire configuration
  2. Click Save

Step 7: Whitelist e-securemail IPs in Microsoft 365

🔒 Strongly recommended: Allow the e-securemail server IP addresses in your Microsoft 365 configuration to ensure proper delivery of inbound emails.

📖 Refer to the dedicated guide:

Procedure for whitelisting e-securemail IP addresses in Microsoft 365 (link to your knowledge base)

Tags