Skip to content
Last update: 2022-03-02

Configuring outbound routing

You must configure Sophos Gateway to handle outbound routing for Microsoft 365.

To configure routing:

  1. Sign in to Sophos Central.
  2. Click Email Security > Settings > Domain Settings/Status.
  3. Select your domain.
  4. Select Inbound and Outbound as the direction under Configure Domain.
  5. In the Outbound Gateway drop-down list, select Microsoft Office 365 and click Save.
  6. Then click Configure External Dependencies.
  7. Click Outbound Settings and copy the Outbound Relay Host address.
  8. Log in to Office 365 Admin Center.
  9. Select Admin > Exchange. The Exchange Admin Center is displayed.
  10. Select Mail Flow > Connectors and create a new Connector:

    Option Description
    From Select Office 365 from the drop-down list.
    To Select Partner Organization from the drop-down list.
  11. Click Next.

  12. Enter the following:

    Option Description
    Name Enter a name for the Connector.
    Description Optionally, enter a description for the Connector.
    Turn It On Select this option to enable the Connector.
  13. Click Next.

  14. Select Only when email messages are sent to these domains.
  15. Click the + icon to add the recipient domains that should use this connector.
  16. Enter a value of * to route all outbound emails through Sophos.
  17. Click OK and Next.
  18. Select Route Email Through These Smart Hosts.
  19. Click the + icon to add the smart hosts.
  20. To retrieve the text you need to insert into the smart host, sign in to Sophos Central.
  21. Click Email Security > Settings > Domain Settings/Status.
    1. Copy and paste the text in Outbound Relay Host. This is the text you will need to enter into the smart host webpage. For example,
    2. Paste the text into the field and click Save.
  22. Click Next.
  23. Select the following options:
    • Always use Transport Layer Security (TLS) to Secure the Connection
    • Any digital certificate, including self-signed certificates.
  24. Click Next to verify your settings.
  25. Click Next and add an email address of a recipient from a domain external to your organization.
  26. Click Validate.
  27. Once Office 365 has successfully validated your settings, click Save.

Disable or remove any other Outbound Send Connectors that were previously used. Failure to do this means your outbound email still uses these older send connectors, and is not routed through Sophos Gateway. Any send connectors used for other purposes (e.g archiving) may still be required to be enabled. If in doubt, consult Sophos Support.


It may take up to 24 hours for the changes to propagate.

Back to top