Ensuring mail delivery: Special - Receive Connector

Overview

In some cases, directly delivering mail to your M365 is the best way to ensure mail delivery of Hoxhunt training emails. Please discuss this option with your Hoxhunt Onboarding Manager before implementation.

Activating a Receive Connector consists of two parts:

1. Add a Receive Connector in Exchange/M365

2. Provide MX tenant records of your domains to Hoxhunt

3. Increase the amount of allowed simultaneous inbound connections (on-premise Exchange)


What is a Receive Connector?

Receive Connector is a way to establish a "pipe" between two mail servers, for example your organization and Hoxhunt. You can apply special restrictions to the connector, e.g. enforce TLS or max message size.

Please check the following articles from Microsoft for further information:

Configure mail flow using connectors in Office 365

Set up connectors for secure mail flow with a partner organization

 

Why is it needed for Hoxhunt?

To mitigate throttling

In M365, Microsoft's EOP service is monitoring email sending patterns for unusual activity. In certain situations it's possible that EOP service starts throttling (limiting) your ability to receive Hoxhunt's emails because of changes in Hoxhunt's sending patterns. Receive Connector is one way to mitigate (minimise) this issue.

To bypass third-party systems

In some scenarios Hoxhunt may need to bypass additional filtering systems (e.g. email scanners) that might affect normal mail flow to your mail server. Receive Connector is a feature that makes it possible for Hoxhunt to send simulation emails directly to your email system (e.g. O365 or on-premise Exchange). Receive Connector is always recommended for hybrid environments to minimise mail flow issues.

IMPORTANT: Although it's possible to bypass many filter systems via whitelisting, Hoxhunt strongly recommends to configure a Receive Connector. For more information on whitelisting different filter systems, please check our Knowledge base or contact your system provider.

Receive_connector_diagram.png

Figure 1: Receive Connector is configured at "OFFICE365" to let "HOXHUNT" bypass other systems in the way.

1. Add a Receive Connector in Exchange

  1. Go to Exchange Admin Center.
  2. Select Mail Flow.
  3. Select Connectors and click the "+" icon.
    Receive_connector_1.png
  4. Select “what type” of connector you need (Mail flow Scenario). Select “Partner organization” from the “From” field, and "Office 365" from the "To" field.
    Receive_connector_2.png
    NOTE: If you are configuring receive connector for an on-premise Exchange server, please select "Exchange" from the "To" field.

  5. Add a Connector and name it for example "Hoxhunt Receive Connector".
  6. Under "What do you want to do after the connector is saved?", tick "Turn it on" and "Retain internal Exchange email headers (recommended)". Then click Next.
    Receive_connector_3.png

  7. Choose “By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization” and enter the following two IP addresses:
    35.156.0.138
    37.139.12.94
    Receive_connector_4.png

  8. Tick "Reject email messages if they aren't sent over TLS" to enable SSL.
    Receive_connector_5.png

  9. Continue by clicking Next.
  10. Save the connector by clicking Save.
    Receive_connector_6.png
     
     You have now successfully configured the Receive Connector.
     
    TIP: You can also use the following Powershell command to configure Receive Connector in M365 (Exchange Online):
    New-InboundConnector -Name “Hoxhunt Receive Connector” -Enabled $true -SenderDomains * -RequireTls $true -SenderIPAddresses 35.156.0.138,37.139.12.94

2. Send all your MX tenant records to Hoxhunt (per domain)

Please check these instructions from Microsoft or these instructions from O365info.com on how to provide the MX tenant records for Hoxhunt.

Example:

Your domain is company.com

Your M365 tenant's MX record is company-com.mail.protection.outlook.com

Note: With on-premise Exchange Server, the MX record is likely derived from the server's FQDN.

 

3. Increase the amount of allowed simultaneous inbound connections (on-premise Exchange only)

After you have configured a Receive Connector for Hoxhunt in your on-premise Exchange server, it might have a default limit of only 20 simultaneous inbound connections per sender. This can sometimes create sending issues for Hoxhunt.


To see the values of these Receive connector message throttling settings in Exchange, run the following command in the Exchange Management Shell:

Get-ReceiveConnector | Format-List Name,Connection*,MaxInbound*,MessageRate*,TarpitInterval


It’s possible to increase the value via Set-ReceiveConnector cmdlet. We suggest to increase MaxInboundConnectionPerSource value to 200 or more.
Here’s a great article about the default limits for different Receive Connector types:
https://docs.microsoft.com/en-us/exchange/mail-flow/message-rate-limits?view=exchserver-2019#message-throttling-on-receive-connectors

 

 

For more information about Receive connector please contact Hoxhunt Support.

Was this article helpful?

18 out of 18 found this helpful

Have more questions? Submit a request