We have a Microsoft 365 tenant and have run into a problem with the routing of emails that is due to a unusual requirement.
We have connected the domain example.com to the tenant, and email that is sent to [email protected] is put into the Exchange mailbox for the respective user (Exchange Online). In most cases, this is the desired behavior.
However, for certain users, emails should not hit these users' Exchange Online mailboxes, but instead should be forwarded to another MX that handles these users' incoming messages. This seems impossible to achieve if there is the additional requirement that these users' Exchange Online mailboxes remain enabled.
To explain by example:
The users [email protected] and [email protected] both have have their Exchange Online mailbox enabled. Email messages to [email protected] should be put into the respective Exchange Online mailbox, but messages to [email protected] should be forwarded to another, external MX that handles inbound email for [email protected], but not for [email protected].
To make this happen, we have done the following:
- Create a connector with the following properties:
- Mail flow scenario: From Office 365 to Your organization's email server
- Name:
Bypass_Exchange - Status: On
- Use of connector: Use only when I have a transport rule set up that redirects messages to this connector
- Routing: Route email messages through these smart hosts:
mx.otherdomain.com - Security restrictions: (not relevant here)
- Validation: Last validation result: Validation successful (rest of validation property not relevant here)
- Create a rule with the following properties:
- Status: Enabled
- Rule name:
Bypass_b - Mode: Enforce
- Severity: Not specified
- Set date range: Specific date range is not set
- Senders address: Matching header
- Priority: 0
- For rule processing errors: Ignore
- Apply this rule if: any of recipients' addresses matches these patterns:
[email protected] - Do the following: Route the message using the connector named
Bypass_Exchange - Rule comments: (none)
This works halfway:
If somebody sends email to [email protected], the message arrives in the respective Exchange Online mailbox. If somebody sends email to [email protected], the message is forwarded to mx.otherdomain.com, which handles it appropriately because it is configured to take care messages to [email protected].
But if somebody sends email to both recipients (e.g., [email protected] and [email protected] are both in the To: header), things go wrong, and the sender gets a non-delivery notification.
I understand why this is the case: Microsoft 365 triggers the rule because a recipient address matches [email protected], and forwards the message to mx.otherdomain.com, which in turn freaks out because it is not configured to handle email for [email protected].
While having understood the problem, I couldn't find a solution to it, even after having closely looked into all possible conditions in the rule editor and their possible usage. In the mail flow settings in Microsoft 365, is it possible somehow to "split" incoming messages into two copies, where one copy goes only to the recipients that are handled by the Exchange Online mailboxes and the other copy goes only to the recipients that are handled by mx.otherdomain.com?
There are several options here.
The best solution would be to use a different SMTP domain on the external mail server; this way, you could either:
[email protected]mailbox to forward messages to[email protected]If you instead actually need to share the same SMTP domain between Exchange Online and an external mail server, things become a lot more complex.