Use Case
If you have MS Exchange on premises - 2010/2013/2016 - you have a couple of deployment options for mxHERO. See the table below:
| Email System | Inbound (1) | Outbound (2) | Intra-bound (3) | Selective Routing | On Prem |
|---|---|---|---|---|---|
| MS EXchange | Yes | Yes | Yes (5) | Yes (6) | Yes |
- Inbound: message from external sender to internal recipients.
- Outbound: message from internal senders to external recipients.
- Intra-bound: message from internal senders to internal recipients in the same email server.
- Selective Routing: only route through the gateway messages for specific users or groups.
- Intra-bound routing requires installation of mxHERO's transport agent on the MS Exchange server.
- Selective Routing can be achieved by installing mxHERO's transport agent or depends on the Security Email gateway for routing.
- On-Premises mxHERO deployments are supported. mxHERO recommends the use of its cloud environment, however on-premises might be the best option in certain cases.
For inbound only, you can simply change your MX records to point to mxHERO (like any email gateway). For outbound, you only need create a Send Connector in your Exchange and route messages through mxHERO. However, to capture intra-bound messages, you must install the mxHERO Transport Agent, and this is what we describe in this article.
Installation
Please ask mxHERO support for the Transport Agent installation package. Then install it in your Exchange Transport servers. There's a package for Exchange 2010 and another for 2013/2016. The configuration for all of them is the same.
Agent configuration
First, please open C:\ProgramData\MxHeroTransportAgent\config.ini and change the "ClientHeader" section value to "X-mxHero-TA-On-Prem". Then, open the mxHERO Agent Setting Editor and setup the configuration according to the following:
Use these values for the mxHERO cloud. If you have mxHERO on prem, they will be according to your deployment. Also please change Connect Timeout to 15000 and Send Timeout 300000.
Agent key - this value is provided by the mxHERO support.
Activate logging. This will help you during the testing phase.
When you click SAVE, the system will ask you to install the change. Just confirm.
Exchange configuration
A few adjustments on the Exchange side are needed in order to finish the integration with the transport agent.
mxHERO relay/whitelist
If you are using mxHERO's SaaS service, please inform mxHERO support your Exchange IPs. We have to configure our cloud to accept emails from your systems.
Exchange relay/whitelist
Also, in the case you are using mxHERO's SaaS service, you have to allow mxHERO to inject emails into your Exchange. Please follow this article for IP based relay: https://technet.microsoft.com/en-us/library/mt668454(v=exchg.160).aspx
The IPs you have to allow relay are:
|
54.208.111.28 54.236.184.32 54.165.252.128 54.165.253.193 |
Receive Connector adjustment
To support the email flow between mxHERO and Exchange, two flags in your existing receive connectors need to be changed. The command below, using Exchange Management Shell, will do the trick, however if you want more information about this, please access: https://technet.microsoft.com/en-us/library/bb232174(EXCHG.140).aspx
|
> Get-ReceiveConnector *\* | Set-ReceiveConnector -BinaryMimeEnabled $False -ChunkingEnabled $False |
All set!
Now, just restart the Exchange services to make sure all settings are in place. Command for the Exchange Management shell below.
|
> $services = Get-Service | ? { $_.name -like "MSExchange*" -and $_.Status -eq "Running"} > foreach ($service in $services) {Restart-Service $service.name -Force} |
Now, create your rules in the mxHERO dashboard and your integration is complete!