Hello All,
Need some help.
We have an O365 Hybrid deployment with MX record pointed to EOP and centralised mail flow disabled. There are 2 Exchange 2013 Hybrid servers at on-premise with CAS+MBX roles installed. Autodiscover records are pointed to this Hybrid servers for client connections.
We also have a Internal SMTP server placed in DMZ used by scanners and line of business applications relying the message to one of the hybrid server.
We already have an SPF record with public IP of the SMTP server but I guess this is the wrong configuration. We are experiencing lot of Phishing/Spam emails.
Can someone please help on how the SPF, DMARC, DKIM records must look like for implementing a secure and safe email filtering? This must not filter the original messages.