This article applies to Barracuda Message Archiver firmware version 5.0 and higher, and Microsoft 365 Enterprise cloud-based mail service, live@edu.
See also:
- Microsoft 365 Message Encryption to enable journal report decryption
Step 1. Ensure Public Access to Port 25 on the Barracuda Message Archiver
To journal mail directly from Microsoft 365 to your Barracuda Message Archiver, you must have a public IP address and port 25 open and NATed to the Barracuda Message Archiver. Additionally, you can optionally have a public DNS record. You can test this by attempting to telnet to the Barracuda Message Archiver on port 25. You can expect one of three outcomes:
- If the Barracuda Message Archiver is not accessible, either due to port 25 being blocked or incorrectly configured on the firewall, the attempt to telnet simply hangs at Trying [IP address]. In this case, troubleshoot your network settings:
- If the Barracuda Message Archiver is accessible and you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to No, telnet establishes a connection to the Barracuda Message Archiver:
- If the Barracuda Message Archiver is accessible, you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to Yes, and you are attempting to telnet from an IP address not listed in the Trusted SMTP Servers section, telnet establishes a connection and the connection is immediately closed.
Step 2. Add Microsoft 365 Endpoints to the Trusted SMTP Servers List
Microsoft publishes a list of IP addresses used for Microsoft 365 endpoints. The endpoints are grouped into four service areas:
- Exchange Online
- SharePoint Online and OneDrive for Business
- Skype for Business Online and Microsoft Teams
- Microsoft 365 Common and Office Online.
See the TechNet article Microsoft 365 URLs and IP address ranges for further details. Note: For Microsoft 365 Germany endpoints, see the TechNet article Microsoft 365 Germany endpoints .
- Log into the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
- Click Bulk Edit.
- Go to the TechNet article Microsoft 365 URLs and IP address ranges. Copy and paste the IP addresses based on your Microsoft 365 endpoints.
- Click Save .
Step 3. Configure SMTP Forwarding Settings
To configure SMTP forwarding settings:
- Log into the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
- In the SMTP Forwarding Settings section, set Allow Only Trusted Hosts to Yes.
- Click Save.
Step 4. Configure Local Domains
- Log into the Barracuda Message Archiver as the administrator, and go to the Basic > IP Configuration page.
- In the Local Domains section, add all of your mail-enabled domains including your onmicrosoft.com domain, as well as your non-routable domain, for example, bma.int.
- Click Add after each domain entry, and then click Save.
Step 5. Configure SMTP Over TLS/SSL (Optional)
- Log into the Barracuda Message Archiver as the administrator, and go to the Advanced > SMTP Configuration page.
- In the SMTP Over TLS/SSL section, set Enable SMTP over TLS/SSL to Yes.
- Click Save.
Step 6. Create a Remote Domain
- Log into the Exchange admin center (EAC), and click mail flow > remote domains:
- Click the + symbol, and in the new remote domain dialog box, configure the following options:
- Name – Type Barracuda Message Archiver
- Remote Domain – Type BMA.int or any non-routable domain
Out of Office automatic reply types – Select None
- Automatic replies – Select Allow automatic forwarding
- Message reporting – Clear all options
- Use rich-text format – Select Never
- MIME Character Set – Select None
- Non-MIME Character Set – Select None
- Click Save.
Step 7. Create a Send Connector for the Remote Domain
- Log into EAC, and click mail flow > connectors.
- Click the + symbol. In the Select your mail flow scenario page, configure the following options:
- From – Select Office 365
- To – Select Your organization's email server
- Click Next. In the New connector page, Configure the following options:
- Name – Type Barracuda Message Archiver
- What do you want to do after connector is saved – Select both Turn it on and Retain internal Exchange email headers (recommended):
Ensure the Turn it on check box is selected, otherwise the connector will fail to validate and will not send a test message.
- Click Next. In the New Connector page, select Only when email message are sent to these domains.
- Click the + symbol. Enter the non-routable domain configured in Step 6 (for example, bma.int), and click OK:
- Click Next. In the New connector page, click the + symbol. Type your public FQDN or IP Address assigned to your Message Archiver. For example, archiver.getcuda.com. Click Save:
Click Next. In the New connector page, select Always use Transport Layer Security (TLS) and Any digital certificate, including self-signed certificates:
- Click Next. Verify your settings in the summary page, and click Next.
- Click the + symbol in the Validate this connector page, type test@[non-routable domain] , and click OK:
- Click Validate.
- In the New connector validation results page, verify the connector Status displays as Succeeded, and click Finish.
Step 8. Create a Non-Delivery Report Recipient
Before creating journal rules, specify a journal recipient for non-delivery reports (NDRs) to reduce the risk of losing journal reports:
To create an NDR recipient:
- Log into the Microsoft Purview compliance portal, navigate to Solutions > Data lifecycle management > Exchange (legacy).
- Click the Settings icon.
In Send undeliverable journal reports to, enter the email address of a valid user account. Note that the mailbox must be a mail user, mail contact, or external user, not an Exchange Online Mailbox.
Click Save.
Step 9. Configure Journaling
- Log into the Microsoft Purview compliance portal, navigate to Solutions > Data lifecycle management > Exchange (legacy) > Journal rules, and then select + New rule.
- On the Define journal rule settings page, provide a name for the journal rule and then configure the following options:
- Send journal reports to – Type journal@[non-routable domain]. For example, type:
journal@bma.int
Journal rule name – Type Barracuda Message Archiver
Journal messages sent or received from – Select Apply to all Messages.
Type of message to journal – Select All Messages.
- Send journal reports to – Type journal@[non-routable domain]. For example, type:
Select Next, review the settings, and then click Submit to create the journal rule.