We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Office 365 Journaling

  • Last updated on

This article applies to Barracuda Message Archiver firmware version 5.0 and higher, and Microsoft Office 365 Enterprise cloud-based mail service, live@edu.

Hybrid Deployment

Warning! Hybrid deployment can cause duplicate mails in some environments. This is an issue with Hybrid deployment and not with your Barracuda Message Archiver. Contact your Sales or Support representative for more information. If you are using a hybrid Microsoft Exchange Server / Office 365 deployment, where some mailboxes are located on a physical server and some mailboxes are hosted by Office 365, to properly deploy your configuration, you must journal directly to the physical Barracuda Message Archiver from your Exchange Server.

Use the following articles to set up journaling based on the version of Exchange Server running in your environment:

Step 1. Ensure Public Access to Port 25 on the Barracuda Message Archiver

To Journal mail directly from Office 365 to your Barracuda Message Archiver, you must have a public IP address and port 25 open and NATed to the Barracuda Message Archiver. Additionally, you can optionally have a public DNS record. You can test this by attempting to telnet to the Barracuda Message Archiver on port 25. You can expect one of three outcomes:

  1. If the Barracuda Message Archiver is not accessible, either due to port 25 being blocked or incorrectly configured on the firewall, the attempt to telnet simply hangs at Trying [IP address]. In this case, troubleshoot your network settings:
    telnet_port_25_blocked.png 
  2. If the Barracuda Message Archiver is accessible and you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to No, telnet establishes a connection to the Barracuda Message Archiver:
    telnet_port_25_open_all.png
  3. If the Barracuda Message Archiver is accessible, you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to Yes, and you are attempting to telnet from an IP address not listed in the Trusted SMTP Servers section, telnet establishes a connection and the connection is immediately closed.
    telnet_port_25_openO365.png

Step 2. Add Exchange Online Protection IP Addresses to the Trusted SMTP Servers List

Microsoft Publishes a list of IP addresses used by Exchange Online Protection. This list is broken up by region, and, according to Microsoft, rarely changes. See the TechNet article Exchange Online Protection IP addresses for further details.

  1. Log in to the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
  2. Click Bulk Edit.
  3. Go to the TechNet article Exchange Online Protection IP addresses, and scroll to the section IP Ranges by region.
  4. Copy and paste the IP addresses based on your region, and click Save.

Step 3. Configure SMTP Forwarding Settings

Because this configuration requires the Barracuda Message Archiver to be public-facing, Barracuda strongly recommends that you configure the Barracuda Message Archiver to only accept mail from the list of Trusted SMTP Servers. If you are also receiving mail from sources other than Office 365, such as an on-premise Exchange server, make sure you add those IP addresses to the list of Trusted SMTP Servers before setting the Barracuda Message Archiver to Allow Only Trusted Hosts.

To configure SMTP forwarding settings:

1. Log in to the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
2. In the SMTP Forwarding Settings section, set Allow Only Trusted Hosts to Yes.
3. Click Save.

Step 4. Configure Local Domains

  1. Log in to the Barracuda Message Archiver as the administrator, and go to the Basic > IP Configuration page.
  2. In the Local Domains section, add all of your mail-enabled domains including your onmicrosoft.com domain, as well as your non-routable domain, for example, bma.int.
  3. Click Add after each domain entry, and then click Save.

Step 5. Configure SMTP Over TLS/SSL (Optional)

  1. Log in to the Barracuda Message Archiver as the administrator, and go to the Advanced > SMTP Configuration page.
  2. In the SMTP Over TLS/SSL section, set Enable SMTP over TLS/SSL to Yes.
  3. Click Save.

Step 6. Create a Remote Domain

  1. Log in to the Exchange admin center (EAC), and click mail flow > remote domains:
    365_02.png
  2.  Click the + symbol, and in the new remote domain dialog box, configure the following options:
    1. Name – Type Barracuda Message Archiver
    2. Remote Domain – Type BMA.int or any non-routable domain
    3. Out of Office automatic reply types – Select None

    4. Automatic replies – Select Allow automatic forwarding
    5. Message reporting – Clear all options
    6. Use rich-text format – Select Never
    7. MIME Character Set – Select None
    8. Non-MIME Character Set – Select None
      CreateRemoteDomain.png
  3. Click Save.

Step 7. Create a Send Connector for the Remote Domain

  1. Log in to EAC, and click mail flow > connectors.
  2. Click the + symbol. In the Select your mail flow scenario page, configure the following options:
    1. From – Select Office 365
    2. To – Select Your organization's email server
      SelectMailFlow.png 
  3. Click Next. In the New connector page, Configure the following options:
    1. Name – Type Barracuda Message Archiver
    2. What do you want to do after connector is saved – Select both Turn it on and Retain internal Exchange email headers (recommended):
      NewConnector.png
  4. Click Next. In the New Connector page, select Only when email message are sent to these domains.
  5. Click the + symbol. Enter the non-routable domain configured inStep 6 (for example, bma.int), and click OK:
    AddDomain.png 
  6. Click Next. In the New connector page, click the + symbol. Type your public FQDN or IP Address assigned to your Message Archiver. For example, archiver.getcuda.com. Click Save:
    GetCuda.png
  7. Click Next. In the New connector page, select Always use Transport Layer Security (TLS) and Any digital certificate, including self-signed certificates:

    Note that this step is optional and only applies if you enabled SMTP Over TLS/SSL in Step 5.

    If you previously configured a certificate from a trusted certificate authority, select the Issued by a trusted certificate authority (CA) option.

    Certificate.png

  8. Click Next. Verify your settings in the summary page, and click Next.
  9. Click the + symbol in the Validate this connector page, type test@[non-routable domain], and click OK:
    Validate.png 
  10. Click Validate.
  11. In the New connector validation results page, verify the connector Status displays as Succeeded, and click Finish.

Step 8. Create a Non-Delivery Report Recipient

Before creating journal rules, specify a journal recipient for non-delivery reports (NDRs) to reduce the risk of losing journal reports:
ndr_warning.png 

 To create an NDR recipient,

  1. Log in to the EAC, and click compliance management > journal rules.
  2. If an NDR email recipient is not already specified, click Select address to the right of Send undeliverable journal reports to field.
  3. Browse to and select a recipient from the address book.
  4. You can search for a recipient by typing all or part of a display name, and then clicking the Search icon, or click on either the Display Name or E-Mail Address heading to sort the list.
  5. Click OK once you select a recipient, and in the NDRs for undeliverable journal reports window, click Save.

    When creating the journaling rule, depending on your Office 365 configuration, you may be required to send the journaling report to an external email address. For more information, refer to the Microsoft Office 365 community discussion board: http://community.office365.com/en-us/f/158/t/162118.aspx

Step 9. Configure Journaling

  1. Log in to the EAC, and click compliance management > journal rules.
  2. Click the + symbol. In the new journal rule dialog box, configure the following options:
    1. Send journal reports to – Type journal@ [non-routable domain]. For example, type: journal@bma.int
    2. Name – Type Barracuda Message Archiver
    3. If the message is sent to or received from – Select Apply to all messages
    4. Journal the following messages – Select All messages
      ConfigJournaling_update.png
  3. Click Save.
Last updated on