Open-Xchange

Mail server variant for Open-Xchange, OX App Suite and OX Mail. Smart host and mailfilter Sieve rules.

Prerequisite: Step 1, Domain & DNS Setup is complete and all four DNS checks are green.
What happens here: The OX MTA, the Postfix stack under Open-Xchange, is configured to use Conbool as its smart host. Inbound connections from Conbool are allowed. Loop protection and spam classification run via mailfilter Sieve rules. In the Setup Assistant, the Manual configuration mode is chosen.
Effort: 30 to 60 minutes.

Step A. Outbound Smart Host in OX

Navigation: OX server administration → Mail server configuration, or directly in the Postfix configuration.

Field	Value
Smart host or relay host	`mail.conbool.com`
Port	25
Authentication	None, identification via TLS certificate and sender domain
TLS	Required
TLS certificate name	`mail.conbool.com`
MX lookup for smart host	Disabled
Scope	All hosted domains, optionally specific domains of the OX installation

Step B. Allow Inbound Connections from Conbool

So that Conbool may deliver mail to OX, the Conbool IP addresses are added as a trusted relay source.

Receiving MTA: Make port 25 for SMTP reachable from the Conbool IP addresses. Conbool provides the IP list.
Recipient whitelist: Accept only the domains hosted in OX, i.e. standard recipient restrictions.
TLS: Require for inbound connections from Conbool.
Certificate validation: Allow TLS certificate name mail.conbool.com.

Firewall: Port 25 (SMTP) must be open from the Conbool IP addresses to the OX MTA. If running behind a load balancer, maintain the whitelist there as well.

Step C. Loop Protection and Spam in `mailfilter` Sieve Rules

OX has no central transport rule engine like Exchange. The logic is implemented via mailfilter Sieve rules per tenant or global, or via Postfix header checks.

Loop protection. Messages with X-Conbool-<YourDomain>: true (e.g. X-Conbool-example-com: true) must not be sent through Conbool again. Deliver directly via the regular MX.
Spam classification. Messages with X-Conbool-Flag: YES go to the Spam folder. Sieve action fileinto "Spam" or marker X-Spam-Flag: YES.
Calendaring and empty Return-Path. Calendaring messages and Return-Path: <> are excluded from smart-host routing.

If an OX-internal connector module or a third-party mail-routing plugin is used, apply the conditions above as exceptions in its rule set.

Done When

Back in the Setup Assistant at the Mail Server step. Enter the relay host of the OX inbound MTA, for example mx-internal.yourcompany.com, then click Test Connection. Status "SMTP reachable" means the connection is established.

Continue with the connection test and completion.

Step A. Outbound Smart Host in OX

Navigation: OX server administration → Mail server configuration, or directly in the Postfix configuration.

Field

Value

Smart host or relay host

mail.conbool.com

Port

Authentication

None, identification via TLS certificate and sender domain

TLS

Required

TLS certificate name

mail.conbool.com

MX lookup for smart host

Disabled

Scope

All hosted domains, optionally specific domains of the OX installation

Step B. Allow Inbound Connections from Conbool

So that Conbool may deliver mail to OX, the Conbool IP addresses are added as a trusted relay source.

Receiving MTA: Make port 25 for SMTP reachable from the Conbool IP addresses. Conbool provides the IP list.

Recipient whitelist: Accept only the domains hosted in OX, i.e. standard recipient restrictions.

TLS: Require for inbound connections from Conbool.

Certificate validation: Allow TLS certificate name mail.conbool.com.

Firewall: Port 25 (SMTP) must be open from the Conbool IP addresses to the OX MTA. If running behind a load balancer, maintain the whitelist there as well.

Step C. Loop Protection and Spam in mailfilter Sieve Rules

OX has no central transport rule engine like Exchange. The logic is implemented via mailfilter Sieve rules per tenant or global, or via Postfix header checks.

Loop protection. Messages with X-Conbool-<YourDomain>: true (e.g. X-Conbool-example-com: true) must not be sent through Conbool again. Deliver directly via the regular MX.

Spam classification. Messages with X-Conbool-Flag: YES go to the Spam folder. Sieve action fileinto "Spam" or marker X-Spam-Flag: YES.

Calendaring and empty Return-Path. Calendaring messages and Return-Path: <> are excluded from smart-host routing.

If an OX-internal connector module or a third-party mail-routing plugin is used, apply the conditions above as exceptions in its rule set.

Open-Xchange

Mail server variant for Open-Xchange, OX App Suite and OX Mail. Smart host and mailfilter Sieve rules.

Step A. Outbound Smart Host in OX

Step B. Allow Inbound Connections from Conbool

Step C. Loop Protection and Spam in mailfilter Sieve Rules

Done When

Open-Xchange

Mail server variant for Open-Xchange, OX App Suite and OX Mail. Smart host and mailfilter Sieve rules.

Step A. Outbound Smart Host in OX

Step B. Allow Inbound Connections from Conbool

Step C. Loop Protection and Spam in mailfilter Sieve Rules

Done When

Step C. Loop Protection and Spam in `mailfilter` Sieve Rules

Step C. Loop Protection and Spam in `mailfilter` Sieve Rules