Every email domain which is to use the SEPPmail Secure E-Mail Gateway in its function must be configured within the appliance and is referred to as a Managed domain.
A new Managed domain is added using the Add Managed Domain... button.
In the next menu, in the section Domain name, the email domain of the organisation, for example contoso.de is to be entered. Under Forwarding Server, the FQDN of the M365EO of your organisation is to be entered, according to the example [contoso-de.mail.protection.outlook.com].
Since this DNS name is to be treated as an A and not as an MX record, the entry is to be delimited by square brackets.
After the successful creation of the Managed domain, the SEPPmail Secure E-Mail Gateway returns to the main menu. There, in the column Domain name of the table in the section Managed domains, click on the newly created entry contoso.de.
In the next menu, in section Settings, the sections Domain name and Forwarding Server are already set to the entries made before.
In the section Exchange Online Integration it is defined how the identity of the sender domain is to be checked. For this, the header
X-OriginatorOrg set by Microsoft 365 is used.
By comparing the header value with the respective SEPPmail Managed domain, the relaying from Microsoft 365 (see Exchange Online Relaying) for the respective Managed domain is limited to the specific Microsoft 365 tenant, see Restrict allowed exchange online originator orgs (comma separated list)).
Any further alias domains can alternatively be maintained manually.
The option "Domain is parallel connected" must always be activated if the domain is connected in parallel (forwarding server corresponds to the smart host). This leads to correct recognition of the direction of the mail and the Authentication Result Header from Microsoft is integrated into ARC Sealing.
In the section Send ALL outgoing mails from this domain to the following SMTP server (optional), the entry under Forwarding Server (in the example [contoso-de.mail.protection.outlook.com]) is applied. By doing so, emails from your organisation to recipients from outside of the organisation are returned to the individual FQDN of the M365EO of your organisation again after processing by the SEPPmail Secure E-Mail Gateway.
In the section TLS settings, the connection of the SEPPmail Secure E-Mail Gateway with the M365EO is secured via TLS. This can be implemented depending on the security requirement. We recommend the setting "Secure", which represents a good balance between security and a reasonable administrative effort. The setting "Secure" requires that the entry contoso-de.mail.protection.outlook.com is treated as an A and not as an MX record, i.e. is entered delimited by square brackets [ ] in the corresponding spots.
Additional configuration steps of a Managed domain can be found under Mail System.
It is also necessary to set up an Authenticated Received Chain (ARC). Depending on the respective environment, the set-up procedure is described in the following articles:
•für multi-tenant systems (MSP)
