Overview
In some cases, directly delivering mail to your M365 is the best way to ensure mail delivery of Hoxhunt training emails. Please discuss this option with your Hoxhunt Onboarding Manager before implementation.
Activating a Receive Connector consists of two parts:
1. Add a Receive Connector in Exchange/M365
2. Provide MX tenant records of your domains to Hoxhunt
3. Increase the amount of allowed simultaneous inbound connections (on-premise Exchange)
What is a Receive Connector?
Receive Connector is a way to establish a "pipe" between two mail servers, for example your organization and Hoxhunt. You can apply special restrictions to the connector, e.g. enforce TLS or max message size.
Please check the following articles from Microsoft for further information:
Configure mail flow using connectors in Office 365
Set up connectors for secure mail flow with a partner organization
Why is it needed for Hoxhunt?
To mitigate throttling
In M365, Microsoft's EOP service is monitoring email sending patterns for unusual activity. In certain situations it's possible that EOP service starts throttling (limiting) your ability to receive Hoxhunt's emails because of changes in Hoxhunt's sending patterns. Receive Connector is one way to mitigate (minimise) this issue.
To bypass third-party systems
In some scenarios Hoxhunt may need to bypass additional filtering systems (e.g. email scanners) that might affect normal mail flow to your mail server. Receive Connector is a feature that makes it possible for Hoxhunt to send simulation emails directly to your email system (e.g. O365 or on-premise Exchange). Receive Connector is always recommended for hybrid environments to minimise mail flow issues.
IMPORTANT: Although it's possible to bypass many filter systems via whitelisting, Hoxhunt strongly recommends to configure a Receive Connector. For more information on whitelisting different filter systems, please check our Knowledge base or contact your system provider.
Figure 1: Receive Connector is configured at "OFFICE365" to let "HOXHUNT" bypass other systems in the way.
1. Add a Receive Connector in Exchange
- Go to Exchange Admin Center.
- Select Mail Flow.
- Select Connectors and click the "+" icon.
- Select “what type” of connector you need (Mail flow Scenario). Select “Partner organization” from the “From” field, and "Office 365" from the "To" field.
NOTE: If you are configuring receive connector for an on-premise Exchange server, please select "Exchange" from the "To" field. - Add a Connector and name it for example "Hoxhunt Receive Connector".
- Under "What do you want to do after the connector is saved?", tick "Turn it on" and "Retain internal Exchange email headers (recommended)". Then click Next.
- Choose “By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization” and enter the following two IP addresses:
35.156.0.138
37.139.12.94 - Tick "Reject email messages if they aren't sent over TLS" to enable SSL.
- Continue by clicking Next.
- Save the connector by clicking Save.You have now successfully configured the Receive Connector.TIP: You can also use the following Powershell command to configure Receive Connector in M365 (Exchange Online):New-InboundConnector -Name “Hoxhunt Receive Connector” -Enabled $true -SenderDomains * -RequireTls $true -SenderIPAddresses 35.156.0.138,37.139.12.94
2. Send all your MX tenant records to Hoxhunt (per domain)
Please check these instructions from Microsoft or these instructions from O365info.com on how to provide the MX tenant records for Hoxhunt.
3. Increase the amount of allowed simultaneous inbound connections (on-premise Exchange only)
After you have configured a Receive Connector for Hoxhunt in your on-premise Exchange server, it might have a default limit of only 20 simultaneous inbound connections per sender. This can sometimes create sending issues for Hoxhunt.
To see the values of these Receive connector message throttling settings in Exchange, run the following command in the Exchange Management Shell:
Get-ReceiveConnector | Format-List Name,Connection*,MaxInbound*,MessageRate*,TarpitInterval
It’s possible to increase the value via Set-ReceiveConnector cmdlet. We suggest to increase MaxInboundConnectionPerSource value to 200 or more.
Here’s a great article about the default limits for different Receive Connector types:
https://docs.microsoft.com/en-us/exchange/mail-flow/message-rate-limits?view=exchserver-2019#message-throttling-on-receive-connectors
For more information about Receive connector please contact Hoxhunt Support.