Manage mail flow with mailboxes in multiple locations (Office 365 and on-prem)Manage mail flow with mailboxes in multiple locations (Office 365 and on-prem)

摘要:某些邮箱位于本地而某些邮箱位于 Office 365 中时,如何管理 Exchange 混合环境中的邮件流。Summary: How to manage mail flow in an Exchange hybrid environment, which is when some mailboxes are on-premises and some are in Office 365.

本主题涵盖以下使用 Office 365 的复杂邮件流方案:This topic covers the following complex mail flow scenarios using Office 365:

方案 1: MX 记录指向 Office 365 和 Office 365 筛选所有消息: MX 记录指向 Office 365 和 Office 365 都筛选所有邮件。Scenario 1: MX record points to Office 365 and Office 365 filters all messages: MX record points to Office 365 and Office 365 filters all messages.

方案 2: MX 记录指向 Office 365 和邮件是本地筛选: MX 记录指向 Office 365 和邮件是已筛选的内部部署。Scenario 2: MX record points to Office 365 and mail is filtered on-premises: MX record points to Office 365 and mail is filtered on-premises.

方案 3: MX 记录指向我的内部服务器: MX 记录指向我的内部服务器。Scenario 3: MX record points to my on-premises servers: MX record points to my on-premises servers.

方案 4: MX 记录指向我的本地服务器,它为您邮件提供法规遵从性解决方案和筛选器。为邮件中继到 internet 通过 Office 365 需要内部部署服务器。: MX 记录指向我的本地服务器,它为您邮件提供法规遵从性解决方案和筛选器。内部部署服务器必须中继到 Office 365 通过 Internet 的邮件。Scenario 4: MX record points to my on-premises server, which filters and provides compliance solutions for your messages. Your on-premises server needs to relay messages to the internet through Office 365.: MX record points to my on-premises server, which filters and provides compliance solutions for your messages. Your on-premises server must relay messages to the Internet through Office 365.

备注

本主题中的示例使用虚拟组织 Contoso,该组织拥有域contoso.com。Contoso 邮件服务器的 IP 地址是 131.107.21.231,它的第三方提供程序将 10.10.10.1 用作其 IP 地址。这些只是示例。必要时,您可以对这些示例进行修改,以适合您的组织的域名和面向公众的 IP 地址。Examples in this topic use the fictitious organization, Contoso, which owns the domain contoso.com. The IP address of the Contoso mail server is 131.107.21.231, and its third-party provider uses 10.10.10.1 for their IP address. These are just examples. You can adapt these examples to fit your organization's domain name and public-facing IP address where necessary.

管理部分邮箱在 Office 365 中、部分邮箱在你的组织的邮件服务器上的邮件流Manage mail flow where some mailboxes are in Office 365 and some mailboxes are on your organization's mail servers

方案 1: MX 记录指向 Office 365 和 Office 365 的筛选器的所有邮件Scenario 1: MX record points to Office 365 and Office 365 filters all messages

  • 我要将我的邮箱迁移到 Office 365,并且我希望将某些邮箱保留在我组织的邮件服务器(本地服务器)上。我想要使用 Office 365 作为我的垃圾邮件筛选解决方案,并且想要通过使用 Office 365 将邮件从我的本地服务器发送到 Internet。Office 365 将发送和接收所有邮件。I'm migrating my mailboxes to Office 365, and I want to keep some mailboxes on my organization's mail server (on-premises server). I want to use Office 365 as my spam filtering solution and want to send my messages from my on-premises server to the Internet by using Office 365. Office 365 sends and receives all messages.

需要混合邮件流设置的大多数客户应允许 Office 365 执行所有的筛选和路由操作。我们建议将 MX 记录指向 Office 365,因为这可以提供最准确的垃圾邮件筛选服务。针对这种情况,你的组织的邮件流设置如下图所示。Most customers who need a hybrid mail flow setup should allow Office 365 to perform all their filtering and routing. We recommend that you point your MX record to Office 365 because this provides for the most accurate spam filtering. For this scenario, your organization's mail flow setup looks like the following diagram.

邮件流图表,显示有关指向 Office 365 的 MX 记录以及从 Internet 转到 Office 365 再发送到内部部署服务器的邮件的情况。从内部部署服务器转到 Office 365 再传输到 Internet 的邮件。

最佳实践Best practices

  1. 在 Office 365 中添加你的自定义域。若要证明你拥有这些域,请按照添加用户和域中的说明操作。Add your custom domains in Office 365. To prove that you own the domains, follow the instructions in Add users and domains.

  2. 用户邮箱 Exchange Online 中创建移动到 Office 365 的所有用户的邮箱Create user mailboxes in Exchange Online or move all users' mailboxes to Office 365.

  3. 更新你在步骤 1 中添加的域的 DNS 记录。(不确定该怎么做?按照此页中的说明进行操作。)以下 DNS 记录控制邮件流:Update the DNS records for the domains that you added in step 1. (Not sure how to do this? Follow the instructions on this page.) The following DNS records control mail flow:

    • MX 记录: 按以下格式将 MX 记录指向 Office 365: <domainKey>-com.mail.protection.outlook.comMX record: Point your MX record to Office 365 in the following format: <domainKey>-com.mail.protection.outlook.com

      例如,如果您的域是 contoso.com,该 MX 记录应为: contoso-com.mail.protection.outlook.com.For example, if your domain is contoso.com, the MX record should be: contoso-com.mail.protection.outlook.com.

    • SPF 记录: 此应作为有效发件人,以及任何从连接到 EOP,您的内部服务器的 IP 地址列表 Office 365 和任何第三方代表您的组织的发送电子邮件。例如,如果贵组织的邮件服务器面向 Internet 的 IP 地址 is131.107.21.231,应为 contoso.com 的 SPF 记录:SPF record: This should list Office 365 as a valid sender, plus any IP addresses from your on-premises servers that connect to EOP, and any third parties that send email on behalf of your organization. For example, if your organization's mail server's Internet-facing IP address is131.107.21.231, the SPF record for contoso.com should be:

    v=spf1 ipv4: 131.107.21.231  include:spf.protection.outlook.co  m -all
    

    此外,根据第三方的要求,你必须包括第三方的域,如以下示例所示:Alternatively, depending on the third-party's requirements, you might need to include the domain from the third-party, as shown in the following example:

    v=spf1 include:spf.protection.outlook.com include:third_party_cloud_service.com -all
    
  4. 在 Exchange 管理中心 中,在以下情况下对Configure mail flow using connectors in Office 365使用连接器向导:In the Exchange admin center, use the connector wizard to Configure mail flow using connectors in Office 365 for the following scenarios:

    • 将邮件从 Office 365 发送到您组织的邮件服务器Sending messages from Office 365 to your organization's mail servers

    • 将邮件从您的本地服务器发送到 Office 365Sending messages from your on-premises servers to Office 365

      如果以下存在适用于你的组织的方案,为了支持将邮件从你的本地服务器发送到 Office 365,你必须创建一个连接器。If either of the following scenarios apply to your organization, you must create a connector to support sending mail from your on-premises servers to Office 365.

    • 你的组织有权代表你的客户端发送邮件,但你的组织对该域没有所有权。例如,contoso.com 有权通过 fabrikam.com 发送电子邮件,但后者并不属于 contoso.com。Your organization is authorized to send messages on behalf of your client, but your organization doesn't own the domain. For example, contoso.com is authorized to send email through fabrikam.com, which doesn't belong to contoso.com.

    • 你的组织通过 Office 365 将未送达报告 (NDR) 中继到 Internet。Your organization relays non-delivery reports (NDRs) to the Internet through Office 365.

      若要创建连接器,请在" Office 365 应如何识别发往电子邮件服务器的电子邮件 "屏幕上的连接器创建向导中选择第一个选项。To create the connector, choose the first option in the connector creation wizard on the How should Office 365 identify email for your email server screen.

      显示 Exchange 混合连接向导的'新建连接器'屏幕的屏幕截图

      这将允许 Office 365 使用证书识别你的电子邮件服务器。在这种情况下,证书 CN 或使用者备用名称 (SAN) 包含组织所属的域。有关更多详细信息,请参阅Identifying email from your email server。有关连接器配置的详细信息,请参阅第 2 部分:将邮件配置为从您的电子邮件服务器传递到 Office 365This enables Office 365 to identify your email server by using the certificate. In this scenario, the certificate CN or Subject Alternative Name (SAN) contains the domain that belongs to your organization. For more details, see Identifying email from your email server. For connector configuration details see, Part 2: Configure mail to flow from your email server to Office 365.

  5. 除非你的合作伙伴有特殊的要求(比如银行要求实施 TLS),否则以下方案中不需要使用连接器。You don't need connectors in the following scenarios unless one of your partners has a special requirement, such as enforcing TLS with a bank.

    • 将邮件从 Office 365 发送到合作伙伴组织Sending mail from Office 365 to a partner organization

    • 将邮件从合作伙伴组织发送到 Office 365Sending mail from a partner organization to Office 365

备注

如果您组织的邮件服务器部署了 Exchange 2013 或 Exchange 2010,我们建议您使用 Hybrid Configuration Wizard 配置 Office 365 以及您本地 Exchange 服务器上的连接器。这种情况下,您的域的 MX 记录不能指向您组织的邮件服务器。If your organization's mail server has Exchange 2013 or Exchange 2010 deployed, we recommend that you use the Hybrid Configuration Wizard to configure connectors in Office 365 as well as on your on-premises Exchange servers. For this scenario, your domain's MX record can't point to your organization's mail server.

方案 2: MX 记录指向 Office 365 和邮件是已筛选的内部部署Scenario 2: MX record points to Office 365 and mail is filtered on-premises

  • 我要将我的邮箱迁移到 Office 365,并且我希望将某些邮箱保留在我组织的邮件服务器(本地服务器)上。我想要使用我的本地环境中已有的筛选和合规性解决方案。从 Internet 发送至我的云邮箱的所有邮件,或从我的云邮箱发送至 Internet 的所有邮件都必须通过我的本地服务器进行路由。I'm migrating my mailboxes to Office 365 and I want to keep some mailboxes on my organization's mail server (on-premises server). I want to use the filtering and compliance solutions that are already in my on-premises environment. All messages that come from the Internet to my cloud mailboxes, or messages sent to the Internet from my cloud mailboxes, must route through my on-premises servers.

如果您出于业务或法规的原因在您的本地环境中筛选邮件,我们建议将您的域的 MX 记录指向 Office 365 并启用集中式的邮件传输。此安装程序提供了最佳的垃圾邮件筛选功能,并保护您组织的 IP 地址。针对这种情况,您组织的邮件流设置如下图所示。If you have business or regulatory reasons for filtering mail in your on-premises environment, we recommend pointing your domain's MX record to Office 365 and enabling centralized mail transport. This setup provides optimal spam filtering and protects your organization's IP addresses. For this scenario, your organization's mail flow setup looks like the following diagram.

邮件流图表,显示有关指向 Office 365 的 MX 记录以及内部部署服务器上发生筛选的情况。邮件从 Internet 转到 Office 365 再发送到服务器以实现合规性筛选,然后再转回到 Office 365。

最佳实践Best practices

  1. 在 Office 365 中添加你的自定义域。若要证明你拥有这些域,请按照添加用户和域中的说明操作。Add your custom domains in Office 365. To prove that you own the domains, follow the instructions in Add users and domains.

  2. 用户邮箱 Exchange Online 中创建移动到 Office 365 的所有用户的邮箱Create user mailboxes in Exchange Online or Move all users' mailboxes to Office 365.

  3. 更新你在步骤 1 中添加的域的 DNS 记录。(不确定该怎么做?按照此页中的说明进行操作。)以下 DNS 记录控制邮件流:Update the DNS records for the domains that you added in step 1. (Not sure how to do this? Follow the instructions on this page.) The following DNS records control mail flow:

    • MX 记录: 按以下格式将 MX 记录指向 Office 365: <domainKey>-com.mail.protection.outlook.comMX record: Point your MX record to Office 365 in the following format: <domainKey>-com.mail.protection.outlook.com

      例如,如果您的域是 contoso.com,该 MX 记录应为: contoso-com.mail.protection.outlook.com.For example, if your domain is contoso.com, the MX record should be: contoso-com.mail.protection.outlook.com.

    • SPF 记录: 此应作为有效发件人,以及任何从连接到 EOP,您的内部服务器的 IP 地址列表 Office 365 和任何第三方代表您的组织的发送电子邮件。例如,如果贵组织的邮件服务器面向 Internet 的 IP 地址 is131.107.21.231,应为 contoso.com 的 SPF 记录:SPF record: This should list Office 365 as a valid sender, plus any IP addresses from your on-premises servers that connect to EOP, and any third parties that send email on behalf of your organization. For example, if your organization's mail server's Internet-facing IP address is131.107.21.231, the SPF record for contoso.com should be:

    v=spf1 ipv4: 131.107.21.231  include:spf.protection.outlook.com -all
    
  4. 集中式邮件传输 (CMT) 用于本地合规性解决方案。Use Centralized Mail Transport (CMT) for on-premises compliance solutions.

    • 从 Internet 发送到 Office 365 的邮箱中的邮件首先被发送到你的本地服务器,然后再发回到 Office 365 以传递至邮箱。第 1 行表示方案 2 图中的此路径。Mail that comes from the internet to a mailbox in Office 365 first gets sent to your on-premises server and then comes back to Office 365 to be delivered to the mailbox. Line 1 represents this path in the scenario 2 diagram.

    • 从 Office 365 发出并面向 Internet 的邮件首先被发送到你的本地服务器,然后再发回到 Office 365,并传递至 Internet。第 4 行表示方案 2 图中的此路径。Mail that comes from Office 365 and is destined for the Internet is first sent to your on-premises servers, then comes back to Office 365, and is then delivered to the Internet. Line 4 represents this path in the scenario 2 diagram.

    • 若要实现此配置,创建连接器通过混合配置向导或通过 cmdlet,并启用 CMT。有关 CMT 详细信息,请参阅传输选项在 Exchange 混合部署To achieve this configuration, create connectors via the Hybrid Configuration Wizard or via cmdlets, and enable CMT. For details about CMT, see Transport Options in Exchange Hybrid Deployments.

除非你的合作伙伴有特殊的要求(比如银行要求实施 TLS),否则以下方案中不需要使用连接器。You don't need connectors in the following scenarios unless one of your partners has special requirements, such as enforcing TLS with a bank.

  • 将邮件从 Office 365 发送到合作伙伴组织Sending mail from Office 365 to a partner organization

  • 将邮件从合作伙伴组织发送到 Office 365Sending mail from a partner organization to Office 365

方案 3: MX 记录指向我的内部服务器Scenario 3: MX record points to my on-premises servers

  • 我要将我的邮箱迁移到 Office 365,并且我希望将某些邮箱保留在我组织的邮件服务器(本地服务器)上。我想要使用我的本地电子邮件环境中已有的筛选和合规性解决方案。从 Internet 发送至我的云邮箱的所有邮件,或从我的云邮箱发送至 Internet 的所有邮件都必须通过我的本地服务器进行路由。我需要将我的域的 MX 记录指向我的本地服务器。I'm migrating my mailboxes to Office 365, and I want to keep some mailboxes on my organization's mail server (on-premises server). I want to use the filtering and compliance solutions that are already in my on-premises email environment. All messages that come from the Internet to my cloud mailboxes, or messages sent to the Internet from cloud mailboxes, must route through my on-premises servers. I need to point my domain's MX record to my on-premises server.

作为方案 2 的替代方法,你可以将你的域的 MX 记录指向你组织的邮件服务器,而不是指向 Office 365。一些组织出于业务或法规的原因需要此设置,但如果你使用方案 2,则通常选择筛选会更合适。As an alternative to Scenario 2, you can point your domain's MX record to your organization's mail server instead of to Office 365. Some organizations have a business or regulatory need for this setup, but filtering typically works better if you use Scenario 2.

针对这种情况,您组织的邮件流设置如下图所示。For this scenario, your organization's mail flow setup looks like the following diagram.

显示当 MX 记录指向内部部署服务器(而非 Office 365)时的邮件流的图表。邮件从 Internet 转到您组织的服务器,然后再发送到 Office 365。邮件从 Office 365 转到内部部署服务器,再发送到 Internet

最佳实践Best practices

如果您的域的 MX 记录指向您的本地 IP 地址,请使用以下最佳做法:If the MX record for your domain needs to point to your on-premises IP address, use the following best practices:

  1. 在 Office 365 中添加你的自定义域。若要证明你拥有这些域,请按照添加用户和域中的说明操作。Add your custom domains in Office 365. To prove that you own the domains, follow the instructions in Add users and domains.

  2. 用户邮箱 Exchange Online 中创建移动到 Office 365 的所有用户的邮箱Create user mailboxes in Exchange Online or move all users' mailboxes to Office 365.

  3. 更新你在步骤 1 中添加的域的 DNS 记录。(不确定该怎么做?按照此页中的说明进行操作。)以下 DNS 记录控制邮件流:Update the DNS records for the domains that you added in step 1. (Not sure how to do this? Follow the instructions on this page.) The following DNS records control mail flow:

    • SPF 记录: 此应列表为有效的发件人的 Office 365。它还应包括从您的内部服务器连接到 EOP 的任何 IP 地址和发送电子邮件组织代表任何第三方。例如,如果贵组织的邮件服务器面向 Internet 的 IP 地址 is131.107.21.231,应为 contoso.com 的 SPF 记录:SPF record: This should list Office 365 as a valid sender. It should also include any IP addresses from your on-premises servers that connect to EOP and any third parties that send email on behalf of your organization. For example, if your organization's mail server's Internet-facing IP address is131.107.21.231, the SPF record for contoso.com should be:
    v=spf1 ipv4: 131.107.21.231  include:spf.protection.outlook.com -all
    
  4. 由于你此时不通过 Office 365 将邮件从你的本地服务器中继到 Internet,所以从技术上讲,在以下情况下不需要创建连接器。但如果在某一时刻你将你的 MX 记录更改为指向 Office 365,则将需要创建连接器,因此最好提前做好准备。在 Exchange 管理中心 中,在以下情况下使用连接器向导第 2 部分:将邮件配置为从您的电子邮件服务器传递到 Office 365,或使用Hybrid Configuration Wizard创建连接器:Because you're not relaying messages from your on-premises servers to the internet through Office 365, you don't technically need to create connectors for the following scenarios. But if at some point you change your MX record to point to Office 365, you'll need to create connectors; therefore, it's best to do it up front. In the Exchange admin center, use the connector wizard to Part 2: Configure mail to flow from your email server to Office 365 for the following scenarios, or use the Hybrid Configuration Wizard to create connectors:

    • 将邮件从 Office 365 发送到您组织的邮件服务器Sending mail from Office 365 to your organization's mail servers

    • 将邮件从您的本地服务器发送到 Office 365Sending mail from your on-premises servers to Office 365

  5. 若要确保通过 MX 将邮件发送到你组织的本地服务器,请转到您可以向合作伙伴组织发送的电子邮件应用的示例安全限制,并按照"示例 3:要求发送自合作伙伴组织域 ContosoBank.com 的所有电子邮件均发送自特定的 IP 地址范围"执行相关操作。To make sure that messages are sent to your organization's on-premises servers through MX, go to Example security restrictions you can apply to email sent from a partner organization, and follow "Example 3: Require that all email from your partner organization domain ContosoBank.com is sent from a specific IP address range."

方案 4: MX 记录指向我的本地服务器,它为您邮件提供法规遵从性解决方案和筛选器。为邮件中继到 internet 通过 Office 365 需要内部部署服务器。Scenario 4: MX record points to my on-premises server, which filters and provides compliance solutions for your messages. Your on-premises server needs to relay messages to the internet through Office 365.

  • 我要将我的邮箱迁移到 Office 365,并且我希望将某些邮箱保留在我组织的邮件服务器(本地服务器)上。我想要使用我的本地电子邮件环境中已有的筛选和合规性解决方案。从我的本地服务器发送的所有邮件都必须通过 Office 365 中继到 Internet。我需要将我的域的 MX 记录指向我的本地服务器。I'm migrating my mailboxes to Office 365, and I want to keep some mailboxes on my organization's mail server (on-premises server). I want to use the filtering and compliance solutions that are already in my on-premises email environment. All messages sent from my on-premises servers must relay through Office 365 to the internet. I need to point my domain's MX record to my on-premises server.

针对这种情况,您组织的邮件流设置如下图所示。For this scenario, your organization's mail flow setup looks like the following diagram.

带箭头的邮件流图表,显示从 Internet 发送到内部部署服务器,然后再传输到 Office 365 的邮件。也显示从内部部署服务器转到 Office 365 再传输到 Internet 的电子邮件。

最佳实践Best practices

如果您的域的 MX 记录指向您的本地 IP 地址,请使用以下最佳做法:If the MX record for your domain needs to point to your on-premises IP address, use the following best practices:

  1. 在 Office 365 中添加你的自定义域。若要证明你拥有这些域,请按照添加用户和域中的说明操作。Add your custom domains in Office 365. To prove that you own the domains, follow the instructions in Add users and domains.

  2. 用户邮箱 Exchange Online 中创建移动到 Office 365 的所有用户的邮箱Create user mailboxes in Exchange Online or move all users' mailboxes to Office 365.

  3. 更新你在步骤 1 中添加的域的 DNS 记录。(不确定该怎么做?按照此页中的说明进行操作。)以下 DNS 记录控制邮件流:Update the DNS records for the domains that you added in step 1. (Not sure how to do this? Follow the instructions on this page.) The following DNS records control mail flow:

    • MX 记录: MX 记录指向内部部署服务器采用以下格式: 邮件。<domainKey>.comMX record: Point your MX record to your on-premises server in the following format: mail.<domainKey>.com

      例如,如果您的域是 contoso.com,该 MX 记录应为: .mail.contoso.com.For example, if your domain is contoso.com, the MX record should be: .mail.contoso.com.

    • SPF 记录: 此应列表为有效的发件人的 Office 365。它还应包括从您的内部服务器连接到 EOP 的任何 IP 地址和发送电子邮件组织代表任何第三方。例如,如果贵组织的邮件服务器面向 Internet 的 IP 地址是 131.107.21.231,应当为 contoso.com 的 SPF 记录:SPF record: This should list Office 365 as a valid sender. It should also include any IP addresses from your on-premises servers that connect to EOP and any third parties that send email on behalf of your organization. For example, if your organization's mail server's Internet-facing IP address is 131.107.21.231, the SPF record for contoso.com should be:

    v=spf1 ipv4: 131.107.21.231  include:spf.protection.outlook.com -all
    
  4. 在 Exchange 管理中心 中,在以下情况下对Configure mail flow using connectors in Office 365使用连接器向导:In the Exchange admin center, use the connector wizard to Configure mail flow using connectors in Office 365 for the following scenarios:

    • 将邮件从 Office 365 发送到您组织的邮件服务器Sending mail from Office 365 to your organization's mail servers

    • 将邮件从您的本地服务器发送到 Office 365Sending mail from your on-premises servers to Office 365

      如果以下存在适用于你的组织的方案,为了支持将邮件从你的本地服务器发送到 Office 365 的方案,你需要创建一个连接器。You need to create a connector to support the scenario "Sending mail from your on-premises servers to Office 365" if any of the following scenarios apply to your organization:

    • 你的组织有权代表你的客户端发送邮件,但你的组织对该域没有所有权。例如,contoso.com 有权通过 fabrikam.com 发送电子邮件,但后者并不属于 contoso.com。Your organization is authorized to send mail on behalf of your client, but your organization doesn't own the domain. For example, contoso.com is authorized to send email through fabrikam.com, which doesn't belong to contoso.com.

    • 你的组织通过 Office 365 将未送达报告 (NDR) 中继到 Internet。Your organization relays non-delivery reports (NDRs) to the Internet through Office 365.

    • 域 contoso.com 的 MX 记录指向你的本地服务器,组织中的用户会将邮件自动转发到组织外部的电子邮件地址。例如,kate@contoso.com 已启用转发功能,所有邮件都将转到 kate@tailspintoys.com。如果 john@fabrikam.com 向 kate@contoso.com 发送了一封邮件,在邮件到达 Office 365 之前,发件人域为 fabrikam.com,收件人域为 tailspin.com。发件人域和收件人域均不属于你的组织。The MX record for your domain, contoso.com, points to your on-premises server, and users in your organization automatically forward messages to email addresses outside your organization. For example, kate@contoso.com has forwarding enabled, and all messages go to kate@tailspintoys.com. If john@fabrikam.com sends a message to kate@contoso.com, by the time the message arrives at Office 365 the sender domain is fabrikam.com and the recipient domain is tailspin.com. Neither the sender domain nor recipient domain belongs to your organization.

      若要创建连接器,请在" Office 365 应如何识别发往电子邮件服务器的电子邮件"屏幕上的连接器创建向导中选择第一个选项。To create the connector, choose the first option in the connector creation wizard on the How should Office 365 identify email for your email server screen.

      显示 Exchange 混合连接向导的'新建连接器'屏幕的屏幕截图

      这将允许 Office 365 使用证书识别你的电子邮件服务器。在这种情况下,证书 CN 或使用者备用名称 (SAN) 包含组织所属的域。有关更多详细信息,请参阅Identifying email from your email server。有关连接器配置的详细信息,请参阅第 2 部分:将邮件配置为从您的电子邮件服务器传递到 Office 365This allows Office 365 to identify your email server by using the certificate. In this scenario, the certificate CN or Subject Alternative Name (SAN) contains the domain that belongs to your organization. For more details, see Identifying email from your email server. For connector configuration details see, Part 2: Configure mail to flow from your email server to Office 365.

  5. 将连接器设置为确保与合作伙伴组织之间实现安全的邮件流 通过 MX 确保将邮件发送到您组织的本地服务器。Set up connectors for secure mail flow with a partner organization to make sure that messages are sent to your organization's on-premises servers via MX.

See alsoSee also

Exchange Online 和 Office 365 邮件流最佳做法(概述)Mail flow best practices for Exchange Online and Office 365 (overview)

使用 Office 365 管理所有邮箱和的邮件流Manage all mailboxes and mail flow using Office 365

在 Office 365 中使用第三方云服务管理邮件流Manage mail flow using a third-party cloud service with Office 365

在 Office 365 和本地通过邮箱使用第三方云服务管理邮件流Manage mail flow using a third-party cloud service with mailboxes on Office 365 and on-prem

解决 Office 365 邮件流问题Troubleshoot Office 365 mail flow

通过验证您的 Office 365 连接器测试邮件流Test mail flow by validating your Office 365 connectors