# Sendeweg - Relay Encryption
# Generiert aus: sendeweg-relay-encryption.txt
# Quelle: SecuMail MS365-Integration FAQ
#
# WICHTIG: Vor Ausfuehrung in Produktivumgebung
# bitte in einer Testumgebung validieren.
#
# Voraussetzung: Connect-ExchangeOnline

#==========================================================
# KONFIGURATION
#==========================================================

# --- Schritt 1: Outbound Connector anlegen ---
New-OutboundConnector `
-Name "SecuMail Encryption Outbound" `
-ConnectorType Partner `
-SmartHosts "enc.secumail.de" `
-TlsSettings EncryptionOnly `
-UseMXRecord $false `
-RouteAllMessagesViaOnPremises $false `
-IsTransportRuleScoped $true `
-Enabled $true

# --- Schritt 2: Transport Rule für ausgehende Mails ---
New-TransportRule `
-Name "Route ausgehend über SecuMail Encryption" `
-FromScope InOrganization `
-SentToScope NotInOrganization `
-RouteMessageOutboundConnector "SecuMail Encryption Outbound" `
-Enabled $true

# --- Schritt 3: TLS für den Sendeweg ---
Set-OutboundConnector `
-Identity "SecuMail Encryption Outbound" `
-TlsSettings DomainValidation `
-TlsDomain "*.secumail.de"

# --- Schritt 4: DNS - SPF-Record prüfen ---
nslookup -type=TXT ihredomain.de

#==========================================================
# PRUEFUNG
#==========================================================

# --- Schritt 1: Outbound Connector anlegen ---
Get-OutboundConnector -Identity "SecuMail Encryption Outbound" | Format-List Name, ConnectorType, SmartHosts, TlsSettings, UseMXRecord, IsTransportRuleScoped, Enabled

# --- Schritt 2: Transport Rule für ausgehende Mails ---
Get-TransportRule -Identity "Route ausgehend über SecuMail Encryption" | Format-List Name, State, FromScope, SentToScope, RouteMessageOutboundConnector

# --- Schritt 3: TLS für den Sendeweg ---
Get-OutboundConnector -Identity "SecuMail Encryption Outbound" | Format-List Name, TlsSettings, TlsDomain