Sharing e-mail domain between Office 365 and Kerio Connect

Sharing e-mail domain as it described in title of this post it by Microsoft isn’t recommended solution, but possible.

It is based on principle of sharing e-mail domain between two e-mail systems. In Exchange Online it’s function “Internal Relay”, in Kerio Connect it’s function “Forwarding”.

Most of screenshots are from battlefield, so I had to blurred or repainted with ‘’ domain name.

Schema of sharing e-mail domain between two e-mail systems is here:


To properly configure it first you have to get DNS settings of your domain by Office 365, respectively address of MX record.

Customer has two domains, but primarily it is ‘’. Domain ‘another.domain’ is not relevant for us.


MX record of domain ‘’ is in our case ‘’


MX records have to be to set to published e-mail systems Exchange Online and Kerio Connect, in order lowest preference 0 for Exchange Online and higher 90 preference for Kerio Connect. Other MX records are unnecessarily, in our case it’s relict of provider’s solution to backup incoming SMTP e-mails if internet connectivity will be lost. So MX records with preference numbers 95 and 100 should be deleted.


Next step is Exchange Online configuration to set e-mail domain as ‘Internal Relay’. It provides all e-mails are delivered to recipients in Exchange Online or relayed to On Premise Kerio Connect server.



Last configuration you must create is Connector



Connector is set for following  domains:


Just type name from Priority “90” of Exchange Online MX record, in our case ‘’. It is published On Premise Kerio Connect e-mail system.



Properties of connector and accepted domain in PowerShell:



Kerio Connect must have the same configuration: forward all e-mails to Exchange Online if the recipient was not found in the e-mail domain. To do it just edit domain, on Forwarding tab enable option “If the recipient was not found in this domain, forward the message to another host” and into field “Forward To:” type name of Priority “0” of Exchange Online MX record, in our case ‘’ .


Last question that must be answered is ‘What with e-mail looping between both systems?’ If an e-mail is sent to recipient e-mail address that doesn’t exist in Exchange Online or Kerio Connect, in our case both e-mail systems will send this e-mail from one to second and then back. It is called ‘e-mail looping’ and it may be partially minimized by set Kerio Connect to deny e-mail looping.

  1. Johnny Jones left a comment on April 11, 2016 at 7:00 AM

    In Office 365 when it tries to validate the Connector to my on-premise Kerio, it says “Authentication Required”.

Leave a Comment

Your email address will not be published. Required fields are marked *