How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?

Question

Hi All,

In my existing exchange server on-premise environment, there’s a requirement for internal emails (e.g., a mail sent from jane.doe@xyz.com to john.doe@xyz.com) to be scanned by a third-party email security gateway that the company recently purchased. However, from what I understand, this might be impossible because all internal emails use the implicit Send connector named the intra-organization Send connector.

I would like to know if there is any way to edit or configure the intra-organization Send connector so that, instead of using the intra-organization Send connector, the Exchange On-Premise Server will use my custom/recently created connector. This way, all internal emails will be sent to the third-party email security gateway first, scanned, and have all policies applied before the gateway sends the scanned emails to the recipients within the same domain.

Alternatively, if there is another way to achieve my main goal—using a third-party email security gateway to scan internal emails instead of directly sending them and relying solely on the security of the Exchange Server On-Premise for internal mail protection—please let me know.

Note:

I tried creating a custom send connector to route all inter-domain messages to the mail security gateway before delivering them to the recipients. However, the Exchange server isn’t using it because, by default, it uses the implicit send connector and sends the emails directly to the recipients, as it considers inter-domain emails to be trusted.

Thank you.

Answer

Hello, @Thirza Natasha,

Welcome to the Microsoft Q&A platform!

Based on your description, I understand that you want to send internal emails to a third-party email security gateway for scanning, and then send the emails deemed safe by the gateway scanning to recipients in the same domain.

As you said, you cannot scan directly with a third-party email security gateway during the transmission of internal emails. This is because there is no need to use a third party for internal emails to be secure, and also the internal connector cannot be changed. If you wish to use the purchased third-party email security gateway, you can consider the alternatives given below.

1.Create a mail flow rule using the Send messages to a moderator template according to the settings below. The obscured portion is a transitory mailbox that temporarily receives outgoing mails, and the owner of this mailbox has the right to release them or not. User's image

2.Enable the new rule. User's image

3.The sender sends an email to a user on the same domain, the transition mailbox receives a notification of whether or not to party line this email, and the receiver receives the email only if the owner of the transition mailbox selects Approve, at which point you can use a third-party gateway to scan this mailbox. User's image

What I have provided above is just an alternative that may be able to help you, one that will take the mailbox owner's time and will have problems with mail delays. It is up to you to decide whether to take this option or not.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Thank you for your support and understanding.

Best Wishes,

Alex Zhang

Share via

How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?

1 answer

Your answer