This article applies to Barracuda Message Archiver firmware version 5.0 and higher, and Microsoft Office 365 Enterprise cloud-based mail service, live@edu.
Step 1. Ensure Public Access to Port 25 on the Barracuda Message Archiver
To journal mail directly from Office 365 to your Barracuda Message Archiver, you must have a public IP address and port 25 open and NATed to the Barracuda Message Archiver. Additionally, you can optionally have a public DNS record. You can test this by attempting to telnet to the Barracuda Message Archiver on port 25. You can expect one of three outcomes:
- If the Barracuda Message Archiver is not accessible, either due to port 25 being blocked or incorrectly configured on the firewall, the attempt to telnet simply hangs at Trying [IP address]. In this case, troubleshoot your network settings:
- If the Barracuda Message Archiver is accessible and you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to No, telnet establishes a connection to the Barracuda Message Archiver:
- If the Barracuda Message Archiver is accessible, you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to Yes, and you are attempting to telnet from an IP address not listed in the Trusted SMTP Servers section, telnet establishes a connection and the connection is immediately closed.
Step 2. Add Office 365 Endpoints to the Trusted SMTP Servers List
Microsoft publishes a list of IP addresses used for Office 365 endpoints. The endpoints are grouped into four service areas:
- Exchange Online
- SharePoint Online and OneDrive for Business
- Skype for Business Online and Microsoft Teams
- Microsoft 365 Common and Office Online.
See the TechNet article Office 365 URLs and IP address ranges for further details. Note: For Office 365 Germany endpoints, see the TechNet article Office 365 Germany endpoints .
- Log in to the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
- Click Bulk Edit.
- Go to the TechNet article Office 365 URLs and IP address ranges. Copy and paste the IP addresses based on your Office 365 endpoints.
- Click Save.
Step 3. Configure SMTP Forwarding Settings
To configure SMTP forwarding settings:
- Log in to the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
- In the SMTP Forwarding Settings section, set Allow Only Trusted Hosts to Yes.
- Click Save.
Step 4. Configure Local Domains
- Log in to the Barracuda Message Archiver as the administrator, and go to the Basic > IP Configuration page.
- In the Local Domains section, add all of your mail-enabled domains including your onmicrosoft.com domain, as well as your non-routable domain, for example, bma.int.
- Click Add after each domain entry, and then click Save.
Step 5. Configure SMTP Over TLS/SSL (Optional)
- Log in to the Barracuda Message Archiver as the administrator, and go to the Advanced > SMTP Configuration page.
- In the SMTP Over TLS/SSL section, set Enable SMTP over TLS/SSL to Yes.
- Click Save.
Step 6. Create a Remote Domain
- Log in to the Exchange admin center (EAC), and click mail flow > remote domains:
- Click the + symbol, and in the new remote domain dialog box, configure the following options:
- Name – Type Barracuda Message Archiver
- Remote Domain – Type BMA.int or any non-routable domain
Out of Office automatic reply types – Select None
- Automatic replies – Select Allow automatic forwarding
- Message reporting – Clear all options
- Use rich-text format – Select Never
- MIME Character Set – Select None
- Non-MIME Character Set – Select None
- Click Save.
Step 7. Create a Send Connector for the Remote Domain
- Log in to EAC, and click mail flow > connectors.
- Click the + symbol. In the Select your mail flow scenario page, configure the following options:
- From – Select Office 365
- To – Select Your organization's email server
- Click Next. In the New connector page, Configure the following options:
- Name – Type Barracuda Message Archiver
- What do you want to do after connector is saved – Select both Turn it on and Retain internal Exchange email headers (recommended):
Ensure the Turn it on check box is selected, otherwise the connector will fail to validate and will not send a test message.
- Click Next. In the New Connector page, select Only when email message are sent to these domains.
- Click the + symbol. Enter the non-routable domain configured in Step 6 (for example, bma.int), and click OK:
- Click Next. In the New connector page, click the + symbol. Type your public FQDN or IP Address assigned to your Message Archiver. For example, archiver.getcuda.com. Click Save:
Click Next. In the New connector page, select Always use Transport Layer Security (TLS) and Any digital certificate, including self-signed certificates:
- Click Next. Verify your settings in the summary page, and click Next.
- Click the + symbol in the Validate this connector page, type test@[non-routable domain] , and click OK:
- Click Validate.
- In the New connector validation results page, verify the connector Status displays as Succeeded, and click Finish.
Step 8. Create a Non-Delivery Report Recipient
Before creating journal rules, specify a journal recipient for non-delivery reports (NDRs) to reduce the risk of losing journal reports:
To create an NDR recipient:
- Log in to the EAC, and click compliance management > journal rules.
- If an NDR email recipient is not already specified, click Select address to the right of Send undeliverable journal reports to field.
- Browse to and select a recipient from the address book.
- You can search for a recipient by typing all or part of a display name, and then clicking the Search icon, or click on either the Display Name or E-Mail Address heading to sort the list.
Click OK once you select a recipient, and in the NDRs for undeliverable journal reports window, click Save.
Step 9. Configure Journaling
- Log in to the EAC, and click compliance management > journal rules.
- Click the + symbol. In the new journal rule dialog box, configure the following options:
- Send journal reports to – Type journal@ [non-routable domain] . For example, type: journal@bma.int
- Name – Type Barracuda Message Archiver
- If the message is sent to or received from – Select Apply to all messages
- Journal the following messages – Select All messages
- Click Save.