Manual Menu

How to setup smart host (mail relay) services to work with Sigsync service

Problem:

While using the Sigsync service with smart third party host services such as
Proofpoint
Barracuda
Mimecast
Reflexion
and similar solutions, you may find an email without the signature applied.

Solution:

Follow the same steps for all smart host services. Here, we are using Mimecast as an example. The connector has been set to apply the settings for all the messages at the connector level.

To ensure that signatures are correctly added after you send an email, it must be directly routed to Sigsync Azure Service before it is relayed to any other third party host services mentioned above. This is required so that Sigsync is able to properly process your emails. If the emails are first routed to other services before they are routed to Sigsync, then the following problems can occur.

  1. The Signatures are not added as the mails are never received by Sigsync service.
  2. Email messages can go into a routing loop resulting in failed delivery reports.
  3. Sigsync might add signatures in the wrong place since the smart host can modify the message body.

In order to solve these problems, make sure that

  • Your email messages are first routed to Sigsync Azure Service.
  • The smart host’s outbound connector is controlled by a transport rule if this is having priority.
  • Sigsync transport rule is reconfigured for correct email routing.

After Sigsync is fully deployed and configured for your Office 365 tenant, it creates an outbound connector with a transport rule. This routes the flow of an email to Sigsync services before the signature can be applied. Such a setup ensures that Sigsync has higher priority and can intercept the email ahead of any other hosts.

There are certain scenarios where a third party host can process your emails even before it can be intercepted by Sigsync. In such cases, follow the steps mentioned below to make sure that you have correctly configured the environment.

Step 1: Open Exchange admin center (EAC) and head over to Mail flow.

select-mailflow

Step 2: Under Rules, check whether Sigsync Transport rule has the top priority. (It must be present on top of the list).

sigsync-priority1

Step 3: If you are using a hybrid environment and your on-premise Exchange environment does the job of relaying the messages, transfer this task to Office 365.

Even after changing these options, if you are still facing issues with the mail flow, you need to analyze the mail headers to cross verify whether emails are routed to Sigsync services first. You can refer to this link to know more about viewing the message header in Outlook.

From the message header information, if you are able to infer that

  1. Mails are not routed to Sigsync first, and
  2. Your emails are looped with the smart host services

You will have to then reconfigure the outbound connectors established by the third party host services such that the connectors are managed by the transport rules instead of taking higher priority by default. Once the transport rules for the outbound connectors are reconfigured manually, it is essential to modify the Sigsync transport rules for proper mail routing.

Follow the steps below to reconfigure the connectors:

Step 1: Reconfigure the third party smart host service connector

  • Login to the Office 365 portal as a global administrator and open Admin center.

    open-admin-center

  • Click the Admin centers and choose Exchange.

    choose-exchange

  • In the left panel, click on the Mail flow → Connectors

    click-connectors

  • Choose the outbound connector of the smart host service.

    choose-outbound-connectors

  • In the panel that opens, click on ‘Edit use’ under Use of connector.

    click-edit-use

  • Select the option ‘Only when I have a transport rule set up that redirects messages to this connector’.

    connectors-mimecast

  • Retain all the other settings as they are by clicking the ‘Next’ button. You will be prompted for the validation email. Once it is successful, click on the ‘Save’ button to save changes to the connector.

    validation-email

    The Smart host's connectors are now configured and are managed by transport rules.

Step 2: Add and create a new mail flow rule

  • In the Exchange admin center, expand Mail flow and click Rules. Click on the ' + ' sign to Add and create new mail flow rule to the smart host.

    create-new-rule

  • Enter an appropriate name for your rule. Scroll down and click on the More options which enables the additional rule options.

    more-option-newrule

  • Add a condition such as ‘The sender is located Inside the organisation’. This makes sure all the emails sent from your Office 365 tenant will be routed through the connector.

    select-sender-location

  • Add one more condition such as ‘The recipient is located Outside the organisation’. This ensures internal email sent from your Office 365 tenant will be routed through the connector by avoiding mail loops.

    select-outside-organization

  • If the connectors are configured for emails sent to specific domains, choose the filter ‘The recipient…address matches any of these text patterns’.

    address-match-anypattern

  • To distinguish the mail using the header information, add an action. Select Modify the message properties -> set a message header. Enter any name for the header and set the value to true.

    modify-message-property

  • Add an action under the heading ‘Do the following...’ as Redirect messages to the following connector and then, choose the third party security connector.

    redirect-message-to-connector


    select-connector

  • Under the Except if section add a new exception: A message header -> includes any of these words. Enter the same header name from the previous step and set the value to true.

    under-the-exceptif

  • Scroll down and check the Defer the message if rule processing doesn't complete option. After this option is enabled, your emails are not looped continuously and the transport rule sends message to the host service only once.

    defer-the-message

  • Save the new rule and it should have a priority of 1. If there are other rules in the list, move the new rule up till it has the priority of 1. Sigsync rules should have a priority of 0. (highest priority).

    new-rule-priority1

Step 3: Modify the Sigsync mail flow rule.

After you have configured the transport rules for the third party host connectors, you have to finally configure the transport rules for Sigsync. This will ensure correct routing of all the email messages.

Note: After an email is sent, it should first reach the Sigsync Azure Service before any other rule takes priority. By selecting the ‘Stop processing more rules option’ it is ensured that the Sigsync transport rule is the only rule to be applied, as long as it has the highest priority of 0.

Once the signature gets added, the email is routed back from the Sigsync Azure Service to Exchange. The Sigsync transport rule is not executed again which makes the ‘Stop processing more rules option’ to become invalid. Any other rules configured for your tenant are now executed.

  • Click on the Sigsync routing rules now having the priority of 0.

    select-sigsync-rule

  • Scroll down to the bottom and check ‘Stop processing more rule’ option. Click on ‘Save’ to save the rule. This guarantees that Sigsync processes all the emails and adds Signature to it and then the Security service processes the email to make it secure.

    select-stop-processing-rule

Office 365 setup is now complete!. You can send an email and test the flow using message trace and also analyse message header.

 

Free On-demand Product Demo

Sigsync email signature service offers company-wide and centralized email signature
for Office 365 and Exchange. We can assist you in getting your signature ready effortlessly.