One of my two primary mail-in-a-box domains has thrown me a curved ball which would likely mean I can’t use it for that domain. I’m hoping there is a way around it.
The issue is that for this one domain I have one mailbox set up on Microsoft 365 and my Mail-in-a-Box server takes care of all the other mailboxes on that domain. I’ve had this setup running for many years using a different server setup and it worked great. The setup involves setting up incoming and outgoing connectors on Microsoft 365’s Exchange admin panel which then also checks the domain’s DNS records to be as they require it.
The main issue is that under those conditions the Mail-in-a-Box server is no longer listed as the MX record for the domain. Instead, MX points to a name on outlook.com that is specific to your account. Using either external or custom DNS ai can (and did) set up the Max record they demand, but now Mail-in-a-Box’s status check for that fails and I get a mail to that effect in my inbox every morning.
The issue will become even bigger if my proposal to implement hidden primary DNS goes forward because then Mail-in-a-Box would simply overwrite my modified MX record which would break the Microsoft solution.
Is there a way I can tell Mail-in-a-Box in some local config file (which won’t get overwritten) to ease up on a specific status check or some other workaround that will keep both Mail-in-a-Box and Microsoft 365 happy?
If it can’t be done I won’t be able to use Mail-in-a-Box for the same domain as I have the Microsoft 365 mailbox on and run a different server just for that one domain. Not ideal, so I’m really hoping there is a solution.
I haven’t seen this proposal, but am not certain why you’d think that this would happen? Assuming that you set the MX record to the desired value, it would be that value.
What you are describing is known as “split delivery” and is actually not very well supported. I am sure that by now you have discovered that your users on MiaB cannot email the one mailbox on M365. I have to wonder why you are subjecting yourself to that pain, rather than exclusively hosting your domain’s email with your MiaB?
Probably doable yes, but you’d have to customize every single update of MiaB for your use case … not likely ideal.
I just tested amd confirmed that other users on that domain can indeed send email to the mailbox on M365. I believe the enabler is an alias defined on the MiaB side that forwards mail for the mailbox that’s actually on M365 to its user@organisation.onmicrosoft.com form which is the actual mailbox on M365. I got this advice from a well-written Microsoft how-to article years ago that has since dissappeared because Microsoft has revised their stance about such split domains. They now favour switching an entire organisation over to the custom domain name and refer to the case where only some mailboxes are on M365 as a “piplot setup”. All the same settings are still there and it works, they just stopped publishing material that made it easy for people to implement.
I obviously ask myself the same question all the time. The original reason was to have one main mailbox that I’m not responsible for myself but buy as a service from a reputable provider that’s paid good money to keep it in perfect working order. Initially that was Rackspace but they’ve succumbed to pressures from Microsoft et al to abandon their own hosted exchancge implementation in favour of becoming a reselling tennant on Microsoft’s infrastructure.
The other big consideration is that I use Outlook and the whole Office suite even on Mac and iPhone and the native for Outlook is Exchange. Seeing that I wanted this one special email that just keeps working as well as the professionals can make it work, it was only natural to choose for that email to be hosted on Exchange. For the most part it has worked out very well for me for many years now. That email address has been reliable and got way less spam than any of my other mailboxes, in part because I simplt don’t reveal that address to anyone I don’t already trust. For that I have disposable mailboxes which ties the name to the party I am giving it to so that if they were to be stupid enough not to scrub their name(s) from what they sell to others then I receive mail telling me exactly who leaked my address. To date it’s worked perfectly. Only one company was that stupid and I caught them out.
But yes, it is a valid question whether to keep that address on M365 or not. The services I’ve provided myself have been quite reliable themselves but I feel some separation anxiety at the thought of running Outlook without the default account being an Exchange hosted account. I am not willing to run Exchange Server or any other Microsoft server or OS myself ever again. Been there, done that for my own and other companies for many years and in the end I chose life instead.
Would it though? When MiaB controls DNS it doesn’t ask seem to ask questions about what you want the MX record to be. It simply makes the MX reord what it wants it to be. If you use External DNS you can override that (though it complains) and if you use Custom DNS it results in two MX records, which it also would complain about. The objective in short of the Blind Master proposal is to allow MiaB to control DNS as tightly as when it’s published as primary, but not actually announcing ns1/2.box… to the outside world. That would as far as this MX issue is concerned be the same as adding second MX record as Custom DNS entry but it would not prevent MbaB from adding the one it wants and as a result for both MiaB and M365 to complain about it.
I could, if I wanted to guarantee that when actual issues develop on the box I will be ignoring those as well. I’m on board with the apparent general approach of MiaB whereby it is as “fool proof” to set up and keep up as can it can be made which includes the emails being sent only when there is a problem or a change. After a life-time spent looking after systems of all sizes and descriptions I have a sincere appreciation for something that’s “set and forget” in the sense that it monitors itself and only let’s you know to intervene when there is a need for human intervention. Habitually ignoring it when it tells you something is wrong is the exact recipe for undoing all of that hard work, which is why I am reluctant to consider that a real alternative.
Indeed, I’m well aware. As I hinted at right at the top of my post that MiaB is probably not suitable for running one end of a domain shared with M365. But, since it is such a nice product which ticks so many important boxes for me I thought it’s worth a shot to try see if there is a way I can have my cake and eat it. Seems not.