When you are using a 3rd-party spam filter for inbound email like Email Security, you typically want to configure Exchange Online to ONLY receive emails from your spam filtering servers and bypass the EOP (Exchange Online Protection) default spam filtering to prevent duplicate filtering after setting up Email Security (in the HEIMDAL Dashboard). This ensures that inbound emails are filtered by the 3rd-party service and do not undergo further anti-spam processing in Microsoft 365, avoiding issues like false positives or blocked emails. To achieve this, you need to configure mail flow rules (transport rules) in Exchange Online to reject inbound emails that are not coming through Email Security and bypass the EOP spam filtering. Here's a step-by-step guide to doing that.
1. Creating a rule to reject inbound emails that are not coming from the Email Security servers
2. Creating a rule to bypass Exchange Online Protection (EOP) spam filtering
CREATING A RULE TO REJECT INBOUND EMAILS THAT ARE COMING FROM THE EMAIL SECURITY SERVERS
1. Navigate to Mail flow -> Rules and press Add a rule that will route all messages through our newly created connector.
2. Set the rule conditions by giving it a name and by selecting the following rules:
Apply this rule if: The sender -> is external/internal -> Outside the organization.
Do the following: Block the message -> Reject the message and include an explanation, then specify the rejection reason to The email is NOT sent through the MX Records configured on the DNS.
Except if: The sender -> IP address is in any of these ranges or exactly matches and specify the following IP addresses: 20.50.183.144, 20.50.183.146, 20.50.183.145, 20.50.183.147, 20.50.183.148, 20.50.183.149, 20.50.183.150, 20.50.183.151, 20.88.177.217, 20.88.177.218, 20.88.177.208, 20.88.177.209, 172.166.114.48, 172.166.114.49, 172.166.114.50, 172.166.114.51.
3. Save rule conditions, leave the Rule settings just like this, and click Next.
4. Review and Finish. Your rule should look similar to the one below:
CREATING A RULE TO BYPASS EXCHANGE ONLINE PROTECTION (EOP) SPAM FILTERING
1. Navigate to Mail flow -> Rules and press Add a rule that will route all messages through our newly created connector.
2. Set the rule conditions by giving it a name and by selecting the following rules:
Apply this rule if: The sender -> IP address is in any of these ranges or exactly matches
Do the following: Modify the message properties -> Set the spam confidence level (SCL), then set it to Bypass Spam Filtering (SCL = -1).
3. You can add an optional condition to prevent emails from being marked as Clutter or Junk (due to the user-level settings in Outlook). To prevent this you can use a custom header (like X-MS-Exchange-Organization-BypassClutter) to bypass clutter filtering. To do this, in the same rule, add an additional action:
Do the following: Modify the message properties -> Set a message header, then set it to X-MS-Exchange-Organization-BypassClutter and its header value to true.
4. Leave the Rule settings just like this.
4. Review and Finish. Your rule should look similar to the one below:
After setting up the rules, it's important to monitor the mail flow to ensure that everything works as expected. You can do this through the Message Trace (in the Exchange Admin Center) to verify that emails from Email Security are arriving correctly.