We've successfully setup Mailflow for our MS365 domain. We used the "copy existing MS365 Domains and Policies" and confirmed.
Mailflow seems to be working correctly after testing. All looking good. However I am curious what to do with the existing DNS settings that we've configured at our 3rd party DNS hosting for the old situation.
What happens to existing created records that are still pointing to the SOphos Hydra servers?
- MX
- SPF
DO these servers need to be removed and MX reverted back to the initlal MS365 DNS from Microsoft?
I have a hard time finding out if anything in DNS config is neccesary to revert or not.
DNS MX records should all point to M365 and SPF should be updated as well to v=spf1 include:spf.protection.outlook.com -all and of course any other records you need in your specific SPF record.
Thanks for the quick answer Tom. It would be my exact thoughts but thanks for clarifying.
Now, is it by design that this appears in the "Message history": What we see are both entries for Gateway and Mailflow. Email is being delivered fine, no duplicates in mailbox.
The only messages you should see showing gateway are those that are still using the old mx record for delivery. Once everything has been switched to MFR you should delete the gateway section in Central Email settings so that only MFR exists. I imagine some servers might still be pointing to the old mx record or have it cached.
Ok, i completely deleted the gateway from the Domain/Status section. Still showing some Gateway entries.
those are likely servers that have cached the old mx and or are configured directly pointing to the old record. They should clear up over time, if not you will need to investigate and if they are servers/applications under your control change the mail host or smarthost entry. If they are from external senders they will update cache over the next couple days, although it should be sooner propagation can take up to 72 hours for some DNS providers.
Another thing i have noticed are the "old" connectors in Exchange admin Center which were created during initial old style Sophos Email setup with the gateway configured.
I'm not sure this was in de documentation but they should be disabled and/or removed i would say:
Correct we can't automatically remove them because it could potentially break something for other domains that may not have moved to MFR yet. I see you have them turn off so outside of being visible there is no harm in leaving them there for a time period.
All is OK now.
All messages are now using MAILFLOW.
Thanks for the assistance Tom!
I get a warning that I need to deactivate my gateway connection, yet when I go to my global domain settings under mailflow connection I just see the ability to disconnect that. Is this the same thing as disconnecting my gateway? If it is why is it called 2 different things? I just don't want to disconnect the wrong thing and have email go down for 250 people.
Well this worked out about as well as I expected.