1. Knowledge Base
  2. MDaemon® Email Server

How do I configure MDaemon and Microsoft 365 to use the same domain name?

The following article can be followed to share users between MDaemon and Microsoft 365.

To configure Microsoft 365 to send mail for unknown local users to MDaemon.

  1. Sign into the Microsoft 365 Administrator account
  2. Go to Admin Centers \ Exchange
  3. Go to Mail Flow \ Accepted Domains.
  4. Double click the domain to modify
  5. Select the radio button for Internal Relay
  6. Click Save
  7. Go to Connectors and click the “+” button.
  8. In the From drop down select Microsoft 365
  9. In the To drop down select “Your organization’s email server”
  10. Click Next
  11. Enter a Name and a Description
  12. Click Next
  13. Select Only when email messages are sent to these domains.
  14. Click the “+” button
  15. Enter the shared domain name.
  16. Click Next
  17. Click the “+” button
  18. Enter the FQDN of the MDaemon email server.
  19. Click Next
    • This menu displays the SSL/TLS configuration to connect to the mail server.  We recommend selecting Next, but settings can be adjusted to work best in your environment.
  20. Click Next
  21. Click the “+” button
  22. Enter an email address to validate the connection.
  23. Click OK
  24. Click OK
  25. Click Validate
  26. Click Close
  27. Click Save

To configure Microsoft 365 to send outbound email to MDaemon

  1. Sign into the Microsoft 365 Administrator account
  2. Go to Admin Centers \ Exchange
  3. Go to Mail Flow \ Connectors
  4. Click the “+” button
  5. Enter a name and description then click Next
  6. Select only when email messages are set to these domains
  7. Click the “+” button
  8. Enter “*” and Click OK
  9. Click Next
  10. Select Route email through these smart hosts
  11. Click the “+” button
  12. Enter the FQDN of your MDaemon server
  13. Click Next
    • We recommend that TLS is used with the default settings.  Environments may vary and configurations can be modified here.
  14. Click Next
  15. Click Next
  16. Click “+” and Enter an address to validate the connector
  17. Click OK
  18. Click OK
  19. Click Validate
  20. Click Close
  21. Click Save

MX Records should be setup to point to MDaemon.  MDaemon will need to properly handle email for the Microsoft 365 accounts.  We recommend that you create accounts for all users of the domain in MDaemon.  Accounts for users that will be retrieving their email from Microsoft 365 should be configured to forward all mail to Microsoft 365.

For example, we have a domain test.com setup with accounts in MDaemon and in Microsoft 365.  User1@test.com retrieves their email from MDaemon, user2@test.com retrieves their email from Microsoft 365. 

MDaemon should have accounts for user1@test.com and user2@test.com.  The account for User2@test.com needs to be configured to forward all mail to the Microsoft 365 host name.  To do this open the MDaemon configuration session and go to: 

  1. Select Accounts / Account Manager
  2. Select the User2 account
  3. Click Edit to bring up the Account Editor
  4. Select Forwarding
  5. Check the box to enable forwarding
  6. Enter the forwarding address as user2@test.com
  7. In the Domain, [Host], or IP field enter test-com.mail.protection.outlook.com (The host name will need to be changed for the shared domain.)
  8. Uncheck the box to retain a local copy of forwarded mail.
  9. Click OK 

MDaemon should be configured to use the local address in the SMTP envelope when forwarding mail.

  1. Select Security / Security Manager / Sender Authentication / SPF Verification
  2. Verify Use local address in SMTP envelope when forwarding messages is enabled.

MDaemon must be configured to allow Microsoft 365 to send email as a local user without the need to authenticate. 

  1. Open MDaemon and select Security / Security Manager / Sender Authentication / SMTP Authentication
  2. Click the check box next to ...unless message is to a local account to enable the exclusion.
  3. Click Apply

When enabling the above option, the IP Shield should be utilized to prevent any other local to local messages that are not authenticating.  Adding the domain/IP pairs to the IP Shield and bypassing the IP Shield with authenticated sessions will prevent this.

  1. In MDaemon select Security / Security Manager / Sender Authentication / IP Shield
  2. Check the box to Enable IP Shield  
  3. Check the box for Do not apply IP Shield to Authenticated sessions
  4. Add Domain/IP pairs for all of the IP address ranges used by Microsoft 365
    • In most cases the domains are spf.protection.outlook.com and spfd.protection.outlook.com