📌 Compatibility: Exchange Server 2016, 2019 | Microsoft 365 (Exchange Online)
Objective
Instead of sending emails directly to the Internet, this procedure allows you to route all outbound messages from your organization through the e-securemail antispam gateways using a secure SMTP relay.
🔑 Important Information
SMTP relay server to configure:smtp.security-mail.net
This is the address you must configure to route your outbound mail flow through the e-securemail filtering gateways.
🔒 Security Recommendation
For optimal protection of your Exchange infrastructure, restrict inbound connections by allowing only the IP addresses of the e-securemail servers.
📥 View the list of e-securemail IP ranges 📥 Consulter la liste des plages IP e-securemail
📋 Configuration Procedures
Choose the procedure corresponding to your environment:
- Configuration for Exchange Server (On-Premise)
- Configuration for Microsoft 365 (Exchange Online)
- Full version (detailed), section 4: ESM outbound filtering connector
- Whitelisting e-securemail IP adresses (mandatry)
☁️ Configuration for Microsoft 365 (Exchange Online)
Step 1: Access the Exchange Admin Center
- Go to:
www.office.com - Click Sign in
- Once logged in, click Admin
- Select …Show all
- Choose Exchange
- Go to Mail flow
Step 2: Create the Outbound Filtering Connector
2.1 Create a New Connector
- In the Connectors tab, click Create ➕
-
From: Select
Office 365 -
To: Select
Partner organization - Click Next
2.2 Name the Connector
- Name: Enter:
ESM outbound filtering
Click Next
2.3 Usage Conditions
Enable the following option:
Only when a transport rule is set up that redirects messages to this connector
Click Next
Step 3: Configure Routing
3.1 Configure the Smart Host
- Select:
Route email through these smart hosts
- Click Add ➕
- Enter:
smtp.security-mail.net
- Click the + button to save
- Click Next
Step 4: Security Restrictions
4.1 TLS Configuration
- Enable:
Always use TLS
- Select:
Issued by a trusted Certificate Authority (CA)
- Click Next
- Confirm by clicking Next
Step 5: Validate the Connector
5.1 Send a Test Email
- Click Add ➕
- Enter a validation email address:
Recommended:
support@secuserve.com
Or use an address from your own domain.
- Confirm by clicking OK
A confirmation message will indicate that a test email has been sent.
5.2 If Validation Fails
⚠️ If you receive a validation error message:
Option 1
Repeat the validation process.
Option 2
Click:
Start without validation
Step 6: Create the Routing Rule
6.1 Access Mail Flow Rules
- Go to Exchange mail flow rules
- Click Add a new rule ➕
6.2 Configure the Rule
- Name: Enter:
ESM outbound filtering
6.3 Define the Condition
In:
Apply this rule if
Select:
The sender > is > The domain is
- Click the +
- Enter the domain name(s) concerned
- Confirm
6.4 Define the Action
In:
Do the following
Select:
Redirect the message toThe following connector
Choose:
ESM outbound filtering
6.5 Add an Exception
To prevent internal emails from passing through the relay:
- Select:
Except if
- Choose:
The recipient is
- Select:
The recipient is located inside the organization
⚠️ Important: Also apply exceptions for tenant domains that do not use e-securemail filtering/relay services.
6.6 Save the Rule
- Review the entire configuration
- Click Save
Step 7: Whitelist e-securemail IPs in Microsoft 365
🔒 Strongly recommended: Allow the e-securemail server IP addresses in your Microsoft 365 configuration to ensure proper delivery of inbound emails.
📖 Refer to the dedicated guide:
Procedure for whitelisting e-securemail IP addresses in Microsoft 365 (link to your knowledge base)