In many cases, allowing Hoxhunt to deliver emails directly to your email tenant (M365 Exchange Online, on-premise Exchange Server) is the best way to ensure most reliable mail delivery of Hoxhunt training emails.
Setting up a Receive Connector with Hoxhunt contains three steps:
- Create a Partner Receive Connector in on-premise Exchange/Exchange Online
- Make a note of the default MX record for your tenant/domains
-
Configuration in the Hoxhunt admin portal
What is a Receive Connector?
Receive Connector is a way to establish a "pipe" between two mail servers, for example Hoxhunt and your organization's Exchange Online tenant in M365.
Please check the following articles from Microsoft for further information:
Configure mail flow using connectors in Office 365
Set up connectors for secure mail flow with a partner organization
Why does Hoxhunt recommend a Receive Connector?
To bypass third-party systems
In some scenarios Hoxhunt may need to bypass additional filtering systems (e.g. email scanners) that might affect normal mail flow to your mail server. Receive Connector is a feature that makes it possible for Hoxhunt to send simulation emails directly to your email system (e.g. O365 or on-premise Exchange). Receive Connector is always recommended for hybrid environments to minimise mail flow issues.
IMPORTANT: Although it's possible to bypass many filter systems with allowlisting, Hoxhunt strongly recommends to configure a Receive Connector. Some filter vendors won't guarantee 100% deliverability for Hoxhunt training emails due to the filter system's design principles.
For more information on allowlisting different filter systems, please check our Knowledge base or contact your filter system vendor.
Figure 1: Receive Connector is configured at "OFFICE365" to let "HOXHUNT" bypass other systems in the way.
To mitigate throttling and greylisting
In M365, Microsoft's EOP service is monitoring email sending patterns for unusual activity. In certain situations EOP service may start limiting your ability to receive Hoxhunt's emails because of changes in Hoxhunt's sending patterns. Receive Connector is one way to mitigate (minimise) this issue.
Step 1. Create a Partner Receive Connector
NOTE: User interface may differ between on-premise Exchange Admin Center and M365 Exchange Admin Center. The following instructions and screenshots are based on M365 user interface.
- Go to M365 Exchange Admin Center.
- Navigate to Mail Flow > Connectors, and select + Add a connector.
- In New Connector screen, select Partner organization and click Next.
NOTE: If you are configuring receive connector for an on-premise Exchange server, please select "Exchange" from the "To" field.
- In Connector name screen, provide a name for your Hoxhunt connector.
- Under What do you want to do after the connector is saved?, tick Turn it on and click Next.
- In Authenticating sent email screen, select the second option to authenticate by sender IP address.
- Add the following IP addresses separately, and click + button to add them to the list below.
35.156.0.138
37.139.12.94 - Click Next.
- Under Security restrictions screen, use the default values (see screensho) and click Next.
- Under Review connector screen, verify the configuration is correct and click Create connector.
Step 2. Make a note of the default MX record for your tenant/domains.
1. Go to M365 Admin Center.
2. Navigate to Settings > Domains.
3. Click on your default domain.
4. Switch to DNS records tab and click on the MX record.
5. In MX Record screen, next to Expected record, locate <MX-token>
.mail.protection.outlook.com in column.
6. Make a note of the value in Points to address or value.
Example:
Your registered public domain name is company.com
-->
Your M365 tenant's MX record is company-com.mail.protection.outlook.com
Note: With on-premise Exchange Server, the MX record is likely derived from the server's FQDN. |
For more detailed instructions, please check these instructions (Microsoft) or these instructions (O365info.com).
Step 3. Configuration in the Hoxhunt admin portal.
- Navigate to the Hoxhunt admin portal -> Settings -> Email delivery
- Scroll down to locate the Custom mail routing field, input the value from step 2.6 or the on-premises exchange server and Save
Special scenarios
We have more than one tenant configured to our Hoxhunt organization. We cannot receive all training emails via single tenant / Receive Connector.
Hoxhunt is able to support separate Receive Connectors for each of your domains. Please contact Hoxhunt Support for assistance.
We require credentials for the custom connection string
Contact Hoxhunt support at support@hoxhunt.com for assistance.
We want to use something other than port 25
Contact Hoxhunt support at support@hoxhunt.com for assistance.
Increase the amount of allowed simultaneous inbound connections (on-premise Exchange only).
After you have configured a Receive Connector for Hoxhunt in your on-premise Exchange server, it might have a default limit of only 20 simultaneous inbound connections per sender. This can sometimes create sending issues for Hoxhunt.
To see the values of these Receive connector message throttling settings in Exchange, run the following command in the Exchange Management Shell:
Get-ReceiveConnector | Format-List Name,Connection*,MaxInbound*,MessageRate*,TarpitInterval
It’s possible to increase the value via Set-ReceiveConnector cmdlet. We suggest to increase MaxInboundConnectionPerSource value to 200 or more.
Here’s a great article about the default limits for different Receive Connector types:
https://docs.microsoft.com/en-us/exchange/mail-flow/message-rate-limits?view=exchserver-2019#message-throttling-on-receive-connectors
For more information about Receive connector please contact Hoxhunt Support.