Import the Module with:
Import-Module SEPPmail365
After successful import, this command will also generate an identification code that is needed for the SEPPmail Secure E-Mail Gateway setup with Exchange Online. Remember that code and use it for the Gateway setup.
|
All CmdLets support the PowerShell common parameters -Confirm, -Whatif, -Verbose, etc. |
1 - Test-SM365ConnectionStatus
Synopsis:
Internally used to check your connection status to Exchange Online..
Returns $true if you are connected and throws an exception if the connection is not ready.
Parameter List:
None
Example:
Test-SM365ConnectionStatus
# returns true/false
2 - Before you change something
Check existing SEPPmail Rules and Connectors
Get-SM365Rules # Shows existing SEPPmail Rules
Get-SM365Connectors # Shows existing SEPPmail Connectors
Generate an Exchange Online Report
New-SM365ExoReport ~\Desktop # generates a report on the desktop
New-SM365ExoReport # generates a report in the users home directory
Cleanup environment
Remove-SM365Setup # Removes SEPPmail Rules and Connectors
(Get-HostedConnectionFilterpolicy).IpAllowList # Show existing IP Whitelist
Report on Exchange Online Environment
New-SM365ExOReport
3 - Build Connectivity between Exchange Online and SEPPmail
In this part we create inbound and outbound connectors to allow E-Mail-flow between Exchange Online and SEPPmail. You have several options to establish connectivity.
Option 1: FQDN with full SSL and optional "AllowSelfsigned" Option
Full SSL is the recommended setting for production environments. All else is for test and demo purposes.
New-SM365Connectors [-SEPPmailFQDN] <String> [-TLSCertificateName] <String> [-AllowSelfSignedCertificates] [-NoAntiSpamWhiteList] [-Disabled] [-WhatIf]
[-Confirm] [<CommonParameters>]
Option 1a: Option 1 in an MSP environment
If you run a customers-enabled SEPPmail Secure E-Mail Gateway and manage multiple customers with multiple managed domains, you need to use certificate-based connectors to ensure that mail-transport from, to and between your Exchange Online tenants works well. Therefore you need a certificate for each managed domain which you can specify with the -CBCcertName parameter.
New-SM365Connectors [-SEPPmailFQDN] <String> [-TLSCertificateName] [-CBCCertName] <String> [-Disabled] [-WhatIf]
[-Confirm] [<CommonParameters>]
Option 2: FQDN and NoTLS Option
If you want that Exchange Online talks to SEPPmail via an FQDN but do not want to use TLS check, use this option.
New-SM365Connectors [-SEPPmailFQDN] <String> [-NoOutBoundTlsCheck] [-NoAntiSpamWhiteList] [-Disabled] [-WhatIf] [-Confirm]
[<CommonParameters>]
Option 3: IP Option
If you want that Exchange Online talks to SEPPmail via an IP address use this option.
New-SM365Connectors [-SEPPmailIP] <String> [-NoAntiSpamWhiteList] [-Disabled] [-WhatIf] [-Confirm] [<CommonParameters>]
4 - Adding Mailflow-Rules
When inbound- and outbound connectors are established, we need mailflow rules to route E-Mails via the SEPPmail Secure E-Mail Gateway if necessary. The New-SM365Rules CmdLet handles this for you. The most convenient way to do this is running the following code:
New-SM365Rules -SEPPmailDomain 'contoso.eu','contoso.ch'
# If you want to know what happens in detail, run command with the verbose option
New-SM365Rules -SEPPmailDomain 'contoso.eu','contoso.ch' -Disabled:$false -Verbose
5 - Controlling SPAM and SEPPmail Secure E-Mail Gateway handling
When Exchange Online protection of Defender classifies an E-mail it sets a so-called "SCL"-Value. If this happens, we do not want those E-mails flow through the SEPPmail Secure E-Mail Gateway. Therefore, beginning with version 1.2.5, all SCL-tagged e-mails with value >=5 are excluded from mailflow to SEPPmail.
To change the default value of 5 to 9, use the following example.
New-SM365Rules -SEPPmailDomain 'contoso.eu','contoso.ch' -SCLInboundValue 9
In rare cases, SEPPmail domain encrypted messages are classified as SPAM. Use the above parameter to adapt your mailflow.
BETA 1.2.5 - Tracing Exchange Online Mailflow with Get-SM365MessageTrace
Microsoft stores information about the messageflow in TraceLogs and TraceDetailLogs. This logs can be used with the native CmdLets Get-Messagetrace and Get-MessagetraceDetails. For your convenience, we added a CmdLet that does this for you.
You need two pieces of information:
The MessageID and the RecipientAddress, independently if the message is send inbound or outbound. Use:
Get-MessageTrace | Select-Object Messageid,RecipientAddress
# This delivers messageids and recipient mailaddresses you can use with the new CmdLet.
Get-SM365MessageTrace -MessageId '4b3a2890-f91b-d781-0308-3447459413fb@domain.com' -Recipient 'someone@fabrikam.com'
See the Commandlets chapter for more information.
Clustering and multi-host configurations
The current version only supports the usage of one SEPPmail per Connector command. This might be an SMTP load-balancer for a cluster or a single node.
If you want to use multiple hosts for Exchange Online-SEPPmail connectivity, create the connectors with one host and add the others in the UI or PowerShell CmdLets Set-OutboundConnector and Set-InboundConnector. Furthermore adapt the Anti-SPAM Whitelist with Set-HostedConnectionFilterPolicy.
