Help Center
Home Submit a ticket Tickets list Login Status
  1. Home
  2. Solution home
  3. Server-side Signatures
  4. Deployment and configuration
Open navigation

How to use Signature 365 together with third-party security solutions

Information

When using Signature 365 together with a third-party security solution such as Mimecast you may find that emails do not route as desired or do not get a signature applied.

Signature 365 is known to work with the following smart hosts and security solutions:

  • Barracuda
  • Fusemail
  • Mimecast
  • Proofpoint
  • Reflexion

Note: If your smart host or security solution is not listed above, it may still work fine in combination with Signature 365.

Below you will learn how to reconfigure your smart host or security solution configuration in Microsoft 365 so that it works with Signature 365.

Ensure messages are routed to Signature 365 first

The first step is to ensure that messages are routed to Signature 365 first before they are passed to any other smart host services:

  1. Log on to the Microsoft 365 admin center as a Global Administrator
  2. Open the Exchange admin center
  3. Go to Mail flow, then select Rules
  4. Select the Send to Signature 365 for signature injection rule
  5. Move the rule to the top so it has priority 0

Reconfigure the outbound connector of your smart host service

The second step is to reconfigure the outbound connector of your smart host service (for example Mimecast) so that the connector is controlled by a transport rule:

  1. Log on to the Microsoft 365 admin center as a Global Administrator
  2. Open the Exchange admin center
  3. Go to Mail flow, then select Connectors
  4. Select the outbound connector of your smart host
  5. In the pane that opens, click Edit use
  6. If there are any domains listed under Only when email messages are sent to these domains, write them down - you will need this information when you create a new transport rule to send messages via this connector, as described in the next section
  7. Select the option Only when I have a transport rule set up that redirects messages to this connector, and click Next
  8. Complete the wizard without making any other changes and at the final step click Save

Create a transport rule to forward messages through the outbound connector

The third step is to create a new transport rule to send messages via the outbound connector depending specified conditions, while preventing messages from looping:

  1. Log on to the Microsoft 365 admin center as a Global Administrator
  2. Open the Exchange admin center
  3. Go to Mail flow, then select Rules
  4. Click the New (+) button and choose Create a new rule... from the dropdown menu
  5. In the new window that opens, name the rule and click More options... to be able to configure all options
  6. In the Apply this rule of...section:
    1. Select The sender... > is external/internal, and select Inside the organization
    2. Click the add condition button, and select The recipient... > is external/internal, and select Outside the organization
    3. If the connector was originally configured to only process email sent to specific domains (see step 6 in the previous section), click the add condition button, and select The recipient... > domain is and add the list of domains
  7. In the Do the following...section:
    1. Select Modify the message properties > set a message header, and enter a name such as X-Smarthost-Processed and set value to true
    2. Click the add action button, and select Redirect the message to... > the following connector, and select the smart host outbound connector
  8. In the Except if...section:
    1. Click the add exception button, and select A message header... > includes any of these words and enter the name you entered in the first action, for example X-Smarthost-Processed and set the value to true
  9. In the Properties of this rule section, enable the option Defer the message if rule processing doesn't complete (this option ensures the message will be retried if previous attempt to send to smart host fails)
  10. Click Save to create the rule
  11. Optionally move the rule up to its desired priority, while making sure the Signature 365 transport rule remains the top priority at priority 0

Modify the Signature 365 transport rule

The final step is to modify the Signature 365 transport rule as follows:

  1. Select the Send to Signature 365 for signature injection rule
  2. Click the Edit button
  3. In the Properties of this rule section, enable the option Stop processing more rules
  4. Click Save to save the change

New email flow

Completing the steps above will ensure the following email flow:

Sender > Office 365 > Signature 365 > Office 365 > Third Party Security Solution > Recipient(s)

Notes

If you are using a hybrid environment, check if your on-premise Exchange server routes any messages to smart hosts. If this is the case, consider moving this responsibility to your Office 365 tenant. Otherwise, email flow may not work as required for email signatures to work properly.

Modified on: 19 May 2022

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.