Connect Application - Preparing for Inbound Email

Updated

Customers currently using the Connect Application are advised to complete their onboarding setup as soon as possible, as the Connect Application is scheduled to be discontinued on the 31st of January, 2024.

This article provides information on preparing inbound email flow using the Mimecast Connect Application, including steps for Microsoft 365, On-Premise/Hybrid, and Google Workspace environments, ensuring proper configuration and routing. If you're using the Connect Process, see the Connect Process Guides page.

Preparing for Inbound Email

You'll need to prepare Microsoft Exchange to accept inbound emails that have been routed through us. Before preparing your inbound email, you must validate your domains. See Connect Application - Validating Domains.

You can prepare your inbound email, by using the following steps

  1. Log in to the Mimecast Connect Application.
  2. Navigate to Gateway | Prepare for Inbound Email.
  3. Click on Start.
  4. Configure your Microsoft Exchange to accept inbound emails through us. The process for doing this depends on the Exchange type. Full details are provided in the sections below.

Before inbound email can be routed through us, you must modify your MX records. This step designates us as the mail service responsible for accepting email on your behalf. See Connect Application - Updating Your MX Records.

Microsoft 365

This guide describes the correct navigation through the Classic Exchange Admin Center (Classic EAC). Administrators can choose to use either the Classic EAC or the new Exchange Admin Center (new EAC) however, features and routing will differ from that described in this guide when using the new EAC. For more information, please see Microsoft's documentation.

You can prepare Microsoft 365 to accept inbound mail that has been routed through Mimecast, by using the following steps:

  1. Configure Microsoft 365 to accept inbound email from us, by setting the IP addresses displayed in the application as a trusted source.

See the Bypassing Spam Checks section of Configuring Inbound Delivery Routing for Microsoft 365.

  1. Determine your Microsoft 365 inbound mail flow hostname:
  •  
    • Log on to the Microsoft 365 Admin Center.
    • Click on the Settings | Domains menu item.
    • Select your Domain.
    • Click on the DNS records tab and copy the MX record.
    • Make a note of the Hostname displayed.
  1. Click the Next button to proceed.
  2. Enter your Microsoft 365 inbound mail flow hostname in the Hostname field.
  3. Click the Verify Route button.
  4. Enter a valid Internal Email Address so we can verify your inbound route.
  5. Click on Test. A green tick displays if the route is successful.
  6. When you're ready, click Finish. A summary page of your inbound email connection displays.

If you've created an Everyone To Internal delivery route policy using the Administration Console, an option is presented to use it rather than create a new one.

On Premise / Hybrid / Hosted Exchange

To prepare Microsoft Exchange to accept inbound email that has been routed through Mimecast, read the Connect Application - Preparing for Inbound Email for On-Premise / Hybrid Exchanges page.

Google Workspace

Follow the tasks below to prepare Google Workspace to accept inbound mail that has been routed through Mimecast.

If you receive hard bounces from Google Workspace, see the Connect Application - Troubleshooting Google Workspace Inbound Email page for a way forward.

Adding Mimecast to Your Email Allowlist

You can bypass spam scanning by adding our IP ranges to your email allow list, by using the following steps:

  1. Log on to the Google Admin Console.
  2. Navigate to the Apps | Google Workspace | Gmail | Spam, Phishing and Malware | Email Whitelist menu item.
  3. Highlight your top-level Domain in the Organizations section.
  4. Navigate to your Email Whitelist.

  5. Add the Mimecast Data Center IP for your Mimecast account region, separating the entries with commas. Our Inbound IP Ranges display in the Connect Application. See Mimecast Data Centers and URLs.

    You also need to whitelist Google Workspace IPs if an internal route has been created. This is because emails will be delivered directly through Google’s servers, and without whitelisting, they may be rejected since they originate from Google IPs.

  6. Click on the Save button.

View the Allowlist IP Addresses in Gmail page in the Google help for further details.
Google Workspace will not sanitize input from IP ranges added on the Inbound Gateway settings. Check entries for leading and trailing spaces.

Adding Mimecast to Your Inbound Gateway

To secure your mail flow, add our IP ranges to your inbound gateway:

image.png

  1. Navigate to Apps | Google Workspace | Gmail | Spam, Phishing and Malware | Inbound Gateway
  2. Click on the Configure button.
  3. Use the Add button to enter the Mimecast Data Center IP for your Mimecast account region. Our Inbound IP Ranges display in the Connect Application. See Mimecast Data Centers and URLs.
  4. Select the Require TLS for Connections From the Email Gateways Listed Above option. Ensure the other two options are left unchecked.
  5. Click Save to save the configuration.

View the Set up an inbound mail gateway page of Google Help for further details.

Setting the Inbound Delivery Route

After Mimecast is added to your email whitelist and inbound gateway, you'll need to set the Inbound Delivery Route in the Connect Application, by using the following steps:

  1. Log in to the Mimecast Connect Application.
  2. Click on the Next button to proceed to the Inbound Delivery Route step.
  3. Click the Verify Route button. The Test Inbound Host dialog displays.
  4. Enter a valid internal email address, so we can verify your inbound route.
  5. Click on Test. A green tick displays if the route is successful.
  6. When you're ready, click Finish. A summary page of your inbound email connection is displayed.

Troubleshooting Inbound Delivery

If you find that incoming messages from reputable providers are hard bounced by Google Workspace after being processed by the inbound Mimecast filters, the following error message is displayed in Mimecast: 

5.7.1 Unauthenticated email from stripe.com is not accepted due to domain’s DMARC policy. Please contact the administrator of stripe.com domain if this was a legitimate mail. Please visit https://support.google.com/mail/answer/2451690 to learn about the DMARC initiative. a3si5756714wrp.253 – gsmtp 

Related to

Was this article helpful?
1 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.