This article applies to Barracuda Message Archiver firmware version 5.0 and higher, and Microsoft Office 365 Enterprise cloud-based mail service, live@edu.
See also:
- Office 365 Message Encryption to enable journal report decryption
Step 1. Ensure Public Access to Port 25 on the Barracuda Message Archiver
To journal mail directly from Office 365 to your Barracuda Message Archiver, you must have a public IP address and port 25 open and NATed to the Barracuda Message Archiver. Additionally, you can optionally have a public DNS record. You can test this by attempting to telnet to the Barracuda Message Archiver on port 25. You can expect one of three outcomes:
- If the Barracuda Message Archiver is not accessible, either due to port 25 being blocked or incorrectly configured on the firewall, the attempt to telnet simply hangs at Trying [IP address]. In this case, troubleshoot your network settings:
- If the Barracuda Message Archiver is accessible and you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to No, telnet establishes a connection to the Barracuda Message Archiver:
- If the Barracuda Message Archiver is accessible, you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to Yes, and you are attempting to telnet from an IP address not listed in the Trusted SMTP Servers section, telnet establishes a connection and the connection is immediately closed.
Step 2. Add Office 365 Endpoints to the Trusted SMTP Servers List
Microsoft publishes a list of IP addresses used for Office 365 endpoints. The endpoints are grouped into four service areas:
- Exchange Online
- SharePoint Online and OneDrive for Business
- Skype for Business Online and Microsoft Teams
- Microsoft 365 Common and Office Online.
See the TechNet article Office 365 URLs and IP address ranges for further details. Note: For Office 365 Germany endpoints, see the TechNet article Office 365 Germany endpoints .
- Log in to the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
- Click Bulk Edit.
- Go to the TechNet article Office 365 URLs and IP address ranges. Copy and paste the IP addresses based on your Office 365 endpoints.
- Click Save .
Step 3. Configure SMTP Forwarding Settings
To configure SMTP forwarding settings:
- Log in to the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
- In the SMTP Forwarding Settings section, set Allow Only Trusted Hosts to Yes.
- Click Save.
Step 4. Configure Local Domains
- Log in to the Barracuda Message Archiver as the administrator, and go to the Basic > IP Configuration page.
- In the Local Domains section, add all of your mail-enabled domains including your onmicrosoft.com domain, as well as your non-routable domain, for example, bma.int.
- Click Add after each domain entry, and then click Save.
Step 5. Configure SMTP Over TLS/SSL (Optional)
- Log in to the Barracuda Message Archiver as the administrator, and go to the Advanced > SMTP Configuration page.
- In the SMTP Over TLS/SSL section, set Enable SMTP over TLS/SSL to Yes.
- Click Save.
Step 6. Create a Remote Domain
- Log in to the Exchange admin center (EAC), and click mail flow > remote domains:
- Click the + symbol, and in the new remote domain dialog box, configure the following options:
- Name – Type Barracuda Message Archiver
- Remote Domain – Type BMA.int or any non-routable domain
Out of Office automatic reply types – Select None
- Automatic replies – Select Allow automatic forwarding
- Message reporting – Clear all options
- Use rich-text format – Select Never
- MIME Character Set – Select None
- Non-MIME Character Set – Select None
- Click Save.
Step 7. Create a Send Connector for the Remote Domain
- Log in to EAC, and click mail flow > connectors.
- Click the + symbol. In the Select your mail flow scenario page, configure the following options:
- From – Select Office 365
- To – Select Your organization's email server
- Click Next. In the New connector page, Configure the following options:
- Name – Type Barracuda Message Archiver
- What do you want to do after connector is saved – Select both Turn it on and Retain internal Exchange email headers (recommended):
Ensure the Turn it on check box is selected, otherwise the connector will fail to validate and will not send a test message.
- Click Next. In the New Connector page, select Only when email message are sent to these domains.
- Click the + symbol. Enter the non-routable domain configured in Step 6 (for example, bma.int), and click OK:
- Click Next. In the New connector page, click the + symbol. Type your public FQDN or IP Address assigned to your Message Archiver. For example, archiver.getcuda.com. Click Save:
Click Next. In the New connector page, select Always use Transport Layer Security (TLS) and Any digital certificate, including self-signed certificates:
- Click Next. Verify your settings in the summary page, and click Next.
- Click the + symbol in the Validate this connector page, type test@[non-routable domain] , and click OK:
- Click Validate.
- In the New connector validation results page, verify the connector Status displays as Succeeded, and click Finish.
Step 8. Create a Non-Delivery Report Recipient
Before creating journal rules, specify a journal recipient for non-delivery reports (NDRs) to reduce the risk of losing journal reports:
To create an NDR recipient:
- Log in to the EAC, and click compliance management > journal rules.
- If an NDR email recipient is not already specified, click Select address to the right of Send undeliverable journal reports to field.
- Browse to and select a recipient from the address book.
- You can search for a recipient by typing all or part of a display name, and then clicking the Search icon, or click on either the Display Name or E-Mail Address heading to sort the list.
Click OK once you select a recipient, and in the NDRs for undeliverable journal reports window, click Save.
Step 9. Configure Journaling
- Log in to the EAC, and click compliance management > journal rules.
- Click the + symbol. In the new journal rule dialog box, configure the following options:
- Send journal reports to – Type journal@ [ non-routable domain] . For example, type: journal@bma.int
- Name – Type Barracuda Message Archiver
- If the message is sent to or received from – Select Apply to all messages
- Journal the following messages – Select All messages
- Click Save.