Description
In this step, all connectors with security restrictions set to "reject" mail should be paused or removed so that mail flows properly in Shield. Leaving any "reject" connectors in place will result in bounced emails.
NOTE: We understand that there are certain use cases where third-party "reject" connectors must be used in tandem with Shield. These third-party "reject" connectors and any associated transport rules must be paused during this step of Shield Activation. Use caution when enabling any "reject" connectors once Shield is activated.
Applies to:
Office 365 (O365), Exchange Online
Removing "Reject" Connectors
Once you have completed Step 2 of Shield Activation, it's time to pause or remove "reject" connectors. From within the Exchange Admin Console, go to Mail Flow, then Connectors, and review all of the listed connectors. Figure 1 shows how to remove Mailprotector's Inbound CloudFilter "reject" connector. If you're unsure about a connector's need, please pause its use instead of deleting it.
Fig. 1
Figure 2 explains that any "reject" connectors left in place will result in bounced emails. Please ensure that any "reject" connectors are paused or deleted during this step, and be very cautious about enabling them after it is complete.
Select an address in the drop-down menu of the Test mail flow field and click Test. Figure 3 shows the test in progress, which can take several minutes.
Fig. 2
Fig. 3
Once the test is complete and successful (Figure 4), you are ready to click Next and proceed to Step 4 - DomainKeys Identified Mail (DKIM).
Fig. 4
If you receive this error, please ensure you removed all reject connectors from the M365 tenant:
If you need assistance with this step, please contact the Partner Success team.
Comments