為夥伴組織的安全郵件流程設定連接器Set up connectors for secure mail flow with a partner organization

您可以建立連接器,將安全性限制套用至與夥伴組織或服務提供者的郵件交換。夥伴可以是與您生意往來的組織,例如銀行。其也可以是提供封存、反垃圾郵件及過濾服務的協力廠商雲端服務。 You can create connectors to apply security restrictions to mail exchanges with a partner organization or service provider. A partner can be an organization you do business with, such as a bank. It can also be a third-party cloud service that provides services such as archiving, anti-spam, and filtering.

您可以建立連接器,透過傳輸層安全性 (TLS) 強制加密。您也可以套用其他的安全性限制,例如指定網域名稱,或您的夥伴組織從中傳送郵件的 IP 位址範圍。You can create a connector to enforce encryption via transport layer security (TLS). You can also apply other security restrictions such as specifying domain names or IP address ranges that your partner organization sends mail from.

注意

設定連接器以與夥伴組織交換郵件是選擇性的;沒有連接器,郵件也可以進出您的夥伴組織。Setting up a connector to exchange mail with a partner organization is optional; mail flows to and from your partner organization without connectors.

如果您使用協力廠商雲端服務的電子郵件篩選並需要以進行這項工作與 Office 365 的指示,請參閱Exchange Online 與 Office 365 (概觀) 的郵件流程最佳作法If you use a third-party cloud service for email filtering and need instructions for making this work with Office 365, see Mail flow best practices for Exchange Online and Office 365 (overview).

使用連接器與夥伴組織交換郵件Using connectors to exchange email with a partner organization

根據預設,Office 365 提供的目的地伺服器也支援 TLS 傳送使用 TLS 加密的郵件。如果您合作夥伴組織支援 TLS,您只須如果您要強制執行特定安全性限制-例如,您一律要套用的 TLS 或您需要憑證驗證從您合作夥伴傳送郵件時建立的連接器您組織。By default, Office 365 sends mail using TLS encryption, provided that the destination server also supports TLS. If your partner organization supports TLS, you only need to create a connector if you want to enforce certain security restrictions - for example, you always want TLS applied, or you require certificate verification whenever mail is sent from your partner to your organization.

注意

如需 TLS,請參閱如何 Exchange Online 使用 TLS 來保護 Office 365 中的電子郵件連線和有關如何 Exchange Online 使用 TLS 與排序的編碼器套件的詳細技術資訊,請參閱 exchange Enhancing 郵件流程安全性線上For information about TLS, see How Exchange Online uses TLS to secure email connections in Office 365 and for detailed technical information about how Exchange Online uses TLS with cipher suite ordering, see Enhancing mail flow security for Exchange Online.

當您設定連接器時,檢查有電子郵件以確保其符合您指定的安全性限制。如果電子郵件不符合您指定的安全性限制、 連接器會拒絕,並將不會傳遞那些訊息。這會使您可以設定與協力廠商組織的安全通訊通道。When you set up a connector, email messages are checked to make sure they meet the security restrictions that you specify. If email messages don't meet the security restrictions that you specify, the connector will reject them, and those messages will not be delivered. This makes it possible to set up a secure communication channel with a partner organization.

您可依據自身需求來設定以下其中一項或兩項:You can set up one or both of the following depending on your requirements:

亦在本文內容中:Also in this article:

請檢閱此區段可協助您決定所需的貴公司的特定設定。Review this section to help you determine the specific settings you need for your business.

設定連接器,將安全性限制套用到從 Office 365 傳送到夥伴組織的郵件Set up a connector to apply security restrictions to mail sent from Office 365 to your partner organization

若要在 Office 365 中建立的連接器]、 [系統],然後按一下 [移至Exchange 系統管理中心Exchange 。下一步]、 [郵件流程,然後按一下 [連接器。如果任何連接器已經存在於您的組織,您可以看到它們此處所列。To create a connector in Office 365, click Admin, then click Exchange to go to the Exchange Admin Center. Next, click mail flow, and click connectors. If any connectors already exist for your organization, you can see them listed here.

範例

設定新的連接器之前,請檢查您的組織已以下列出任何連接器。例如,如果您已設定的協力廠商組織的連接器,您會看到它所列。請確定您不用於單一組織夥伴 ; 建立重複的連接器在這種情況下,可能會造成錯誤,並可能未傳送您的信箱。Before you set up a new connector, check any connectors that are already listed here for your organization. For example, if you already have a connector set up for a partner organization, you'll see it listed. Make sure you don't create duplicate connectors for a single organizational partner; when this happens, it can cause errors, and your mail might not be delivered.

若要啟動精靈],按一下加號符號+。在第一個畫面中,選擇所描繪的選項下列螢幕擷取畫面中:To start the wizard, click the plus symbol +. On the first screen, choose the options that are depicted in the following screenshot:

Office 365 到夥伴組織連接器選項

按 [下一步],並遵循精靈中的指示。如果需要詳細資訊,請按一下 [說明] 或 [深入了解] 連結。精靈會引導您完成設定。結束時,請確定您的連接器通過驗證。如果連接器未通過驗證,請參閱About fixing connector validation errors來協助解決問題。 Click Next, and follow the instructions in the wizard. Click the Help or Learn More links if you need more information. The wizard will guide you through setup. At the end, make sure your connector validates. If the connector does not validate, see About fixing connector validation errors for help resolving issues.

如果您想要建立安全通道與協力廠商組織中兩個方向設定連接器的限制的郵件流程從夥伴組織至 Office 365。If you want to create a secure channel with your partner organization in both directions, set up a connector that restricts mail flow from your partner organization to Office 365.

設定連接器,將安全性限制套用到從夥伴組織傳送到 Office 365 的郵件Set up a connector to apply security restrictions to mail sent from your partner organization to Office 365

您可以設定要套用安全性限制合作夥伴組織傳送給您的電子郵件的連接器。若要啟動精靈],按一下加號符號+。在第一個畫面中,選擇下列選項:You can set up a connector to apply security restrictions to email that your partner organization sends to you. To start the wizard, click the plus symbol +. On the first screen, choose the following options:

從夥伴組織到 Office 365 的連接器

按 [下一步],並遵循精靈中的指示。如果需要詳細資訊,請按一下 [說明] 或 [深入了解] 連結。精靈會引導您完成設定。結束時,請儲存您的連接器。 Click Next, and follow the instructions in the wizard. Click the Help or Learn More links if you need more information. The wizard will guide you through setup. At the end, save your connector.

要求夥伴組織傳送測試電子郵件。確定夥伴組織傳送的電子郵件將套用連接器。例如,如果您已對從特定夥伴網域傳送的郵件指定安全性限制,請確定他們從該網域傳送測試郵件。檢查是否已傳遞測試電子郵件,來確認連接器正常運作。 Ask your partner organization to send a test email. Make sure the email your partner organization sends will cause the connector to be applied. For example, if you specified security restrictions for mail sent from a specific partner domain, make sure they send test mail from that domain. Check that the test email is delivered to confirm that the connector works correctly.

變更 Office 365 用於郵件流程的連接器時會發生什麼事Change a connector that Office 365 is using for mail flow

若要變更連接器設定,請選取您要編輯的連接器,接著選取如以下螢幕擷取畫面所顯示的編輯圖示。To change settings for a connector, select the connector you want to edit and then select the edit icon as shown in the following screen shot.

顯示已選取連接器並反白顯示編輯 (鉛筆) 圖示的螢幕擷取畫面。

[連接器] 精靈隨即開啟,並對現有的連接器設定的變更。時變更連接器設定後,Office 365 會繼續使用現有的連接器設定郵件流程。如果將變更儲存至連接器,則會啟動 Office 365 使用新的設定。The connector wizard opens, and you can make changes to the existing connector settings. While you change the connector settings, Office 365 continues to use the existing connector settings for mail flow. When you save changes to the connector, Office 365 starts using the new settings.

您可以套用到從夥伴組織傳送之電子郵件的範例安全性限制Example security restrictions you can apply to email sent from a partner organization

檢閱這些連接器範例,來協助您決定是否要將安全性限制套用到夥伴組織傳送的電子郵件,並了解哪些設定將符合您的商務需求。Review these connector examples to help you decide whether you want to apply security restrictions to email sent by a partner organization, and understand what settings will meet your business needs:

建立夥伴組織連接器Create a partner organization connector

若要在 Office 365 中建立的連接器,請按一下系統,然後按一下 [ Exchange移至Exchange 系統管理中心。下一步]、 [郵件流程,然後按一下 [連接器。如果任何連接器已經存在於您的組織,您可以看到它們此處所列。To create a connector in Office 365, click Admin, and then click Exchange to go to the Exchange Admin Center. Next, click mail flow, and click connectors. If any connectors already exist for your organization, you can see them listed here.

若要啟動精靈],按一下加號符號+。若要建立您收到來自協力廠商組織的電子郵件的連接器,請使用下列螢幕擷取畫面所示的選項:To start the wizard, click the plus symbol +. To create a connector for email you receive from a partner organization, use the options depicted in the following screenshot:

從夥伴組織到 Office 365 的連接器

一旦您選擇此郵件流程案例,您可以設定會套用至協力廠商組織傳送給您的電子郵件的安全性限制的連接器。有一些安全性限制,您可能需要詢問協力廠商組織以取得完成某些設定的資訊。尋找最符合您的需求可協助您設定協力廠商連接器的範例。Once you choose this mail flow scenario, you can set up a connector that will apply security restrictions to email that your partner organization sends to you. For some security restrictions, you might need to talk to your partner organization to obtain information to complete some settings. Look for the examples that best meet your needs to help you set up your partner connector.

注意

從夥伴組織傳送的任何電子郵件,若不符合您指定的安全性限制,將不會傳遞。Any email sent from your partner organization that does not meet security restrictions that you specify will not be delivered.

範例 1: 需要使用傳輸層安全性 (TLS) 加密電子郵件寄件者您合作夥伴組織的網域 contosobank.comExample 1: Require that email sent from your partner organization domain contosobank.com is encrypted using transport layer security (TLS)

為達成此目的,指定您合作夥伴組織的網域名稱來識別該夥伴,來自郵件,然後選擇傳輸層安全性 (TLS) 加密當您建立您的協力廠商至 Office 365 連接器。在安裝期間使用這些選項:To do this, specify your partner organization domain name to identify mail from that partner, and then choose transport layer security (TLS) encryption when you create your Partner to Office 365 connector. Use these options during setup:

選擇使用寄件者的網域

使用此畫面輸入合作夥伴組織的網域名稱,這樣連接器可以識別您協力廠商所傳送的郵件:Use this screen to enter your partner organization's domain name(s) so the connector can identify mail sent by your partner:

新增夥伴組織網域名稱

選擇此設定,要求對來自 ContosoBank.com 的所有電子郵件使用 TLS 進行加密:Choose this setting to require encryption for all email from ContosoBank.com using TLS:

選擇 TLS 加密來自夥伴組織的電子郵件

當您選擇這些設定時,來自夥伴組織網域 ContosoBank.com 的所有電子郵件必須使用 TLS 進行加密。未加密的任何郵件都遭到拒絕。When you choose these settings, all email from your partner organization's domain, ContosoBank.com, must be encrypted using TLS. Any mail that is not encrypted will be rejected.

範例 2:要求從夥伴組織網域 ContosoBank.com 傳送的電子郵件進行加密,並使用其網域憑證Example 2: Require that email sent from your partner organization domain ContosoBank.com is encrypted and uses their domain certificate

為達成此目的,使用顯示在範例 1 中的所有設定。此外,新增您合作夥伴組織用來連線與 Office 365 的憑證網域名稱。使用此選項,在安裝程序:To do this, use all the settings shown in Example 1. Also, add the certificate domain name that your partner organization uses to connect with Office 365. Use this option during setup:

輸入您的夥伴組織的憑證名稱

當您設定這些限制時,來自夥伴組織網域的所有郵件必須使用 TLS 進行加密,並搭配您指定的憑證名稱從伺服器傳送。任何不符合這些條件的電子郵件將遭到拒絕。When you set these restrictions, all mail from your partner organization domain must be encrypted using TLS, and sent from a server with the certificate name you specify. Any email that does not meet these conditions will be rejected.

範例 3︰需要所有從特定 IP 位址範圍傳送的電子郵件Example 3: Require that all email is sent from a specific IP address range

這封電子郵件可能是來自夥伴組織,例如 ContosoBank.com,或來自您的內部部署環境。例如,您的網域 contoso.com 的 MX 記錄指向內部部署,且您希望傳送至 contoso.com 的所有電子郵件都只來自您的內部部署 IP 位址。這可協助防止詐騙,並可確保您可以強制執行所有郵件的規範原則。This email could be from a partner organization, such as ContosoBank.com, or from your on-premises environment. For instance, the MX record for your domain, contoso.com, points to on-premises, and you want all email sent to contoso.com to come from your on-premises IP addresses only. This helps prevent spoofing and makes sure your compliance policies can be enforced for all messages.

若要執行這項操作,指定夥伴組織的網域名稱來識別來自該夥伴的郵件,然後限制您從中接受郵件的 IP 位址。使用 IP 位址可使連接器更加特定,因為它會識別夥伴組織從中傳送郵件的單一位址或位址範圍。輸入範例 1 所述的夥伴網域,然後在設定期間使用下列選項: To do this, specify your partner organization domain name to identify mail from that partner, and then restrict the IP addresses that you accept mail from. Using an IP address makes the connector more specific because it identifies a single address or an address range that your partner organization sends mail from. Enter your partner domain as described in Example 1, then use this option during setup:

輸入您的夥伴組織的 IP 位址範圍

當設定這些限制時,從夥伴組織網域 ContosoBank.com 或從您的內部部署環境傳送的所有電子郵件,必須從您指定的 IP 位址或位址範圍傳送出去。任何不符合這些條件的郵件將遭到拒絕。When you set these restrictions, all email sent from your partner organization domain, ContosoBank.com, or from your on-premises environment must be sent from the IP address or an address range you specify. Any mail that does not meet these conditions will be rejected.

範例 4: 需要從網際網路傳送至組織的所有電子郵件傳送來自特定 IP 位址 (第三方電子郵件服務案例)Example 4: Require that all email sent to your organization from the Internet is sent from a specific IP address (third-party email service scenario)

郵件流向從協力廠商電子郵件服務沒有連接器的 Office 365 運作。但在此案例中您可以選擇性地使用連接器來限制貴組織的所有郵件傳遞。如果您使用此範例中所述的設定,將會套用至所有的電子郵件傳送給您的組織。當所有電子郵件傳送給您的組織而言從單一的協力廠商電子郵件服務時,您可以限制所有郵件傳遞; (選用) 使用連接器將詳述僅郵件寄件者的單一 IP 位址或位址範圍。Mail flow from a third-party email service to Office 365 works without a connector. However, in this scenario you can optionally use a connector to restrict all mail delivery to your organization. If you use the settings described in this example, they will apply to all email sent to your organization . When all email sent to your organization comes from a single third-party email service, you can optionally use a connector to restrict all mail delivery; only mail sent from a single IP address or address range will be delivered.

注意

確定您識別協力廠商電子郵件服務從中傳送郵件之 IP 位址的完整範圍。如果您遺漏一個 IP 位址,或在您不知情的情況下加入一個,則有些郵件將不會傳遞到貴組織。 Make sure you identify the full range of IP addresses that your third-party email service sends mail from. If you miss an IP address, or if one gets added without your knowledge, some mail will not be delivered to your organization.

若要限制所有傳送到貴組織的郵件來自特定 IP 位址或位址範圍,請在設定期間使用下列選項: To restrict all mail sent to your organization from a specific IP address or address range, use these options during setup:

選擇使用寄件者的網域

輸入"*」 來設定套用至所有寄件者網域

輸入您的夥伴組織的 IP 位址範圍

當您設定這些限制時,所有傳送到貴組織的郵件必須從特定 IP 位址範圍傳送出去。不是源自這個 IP 位址範圍的任何網際網路郵件將遭到拒絕。When you set these restrictions, all mail sent to your organization must be sent from a specific IP address range. Any Internet mail that does not originate from this IP address range will be rejected.

範例 5:要求從夥伴組織 IP 位址或位址範圍傳送的所有郵件使用 TLS 進行加密Example 5: Require that all mail sent from your partner organization IP address or address range is encrypted using TLS

若要依 IP 位址識別夥伴組織,請在設定期間使用下列選項: To identify your partner organization by IP address, use these options during setup:

選擇 IP 位址來識別您的夥伴組織

輸入您的夥伴組織的 IP 位址

使用下列設定來加入 TLS 加密的需求: Add the requirement for TLS encryption by using this setting:

選擇 TLS 加密來自夥伴組織的電子郵件

當您設定這些限制時,來自夥伴組織從您指定的 IP 位址或位址範圍傳送的所有郵件,必須使用 TLS 來傳送。任何不符合此限制的郵件將遭到拒絕。When you set these restrictions, all mail from your partner organization sent from the IP address or address range you specify must be sent using TLS. Any mail that does not meet this restriction will be rejected.

另請參閱See also

使用 Office 365 中的連接器設定郵件流程Configure mail flow using connectors in Office 365

郵件流程的最佳作法 Exchange Online 與 Office 365 (概觀)Mail flow best practices for Exchange Online and Office 365 (overview)

關於驗證錯誤修正連接器About fixing connector validation errors

我在相同的案例上使用多個連接器時,會發生什麼事?What happens when I have multiple connectors for the same scenario?