Breadcrumbs

Set Up Server-Side Signatures

This guide provides step-by-step instructions for manually connecting your Microsoft 365 environment to the Crossware Email Signature server-side solution.

Manual setup is typically required if automatic setup cannot be used or if your environment requires a custom deployment.

Prerequisites

  • Global Administrator access to your Microsoft 365 tenant and Exchange Admin Center

Setup Overview

This process consists of five main steps:

  1. Create two Microsoft 365 groups.

  2. Generate a certificate from the Crossware Portal.

  3. Create two Exchange Online connectors (Inbound and Outbound).

  4. Create a transport rule in Exchange Online.

  5. Add the certificate as an accepted domain.

Create two Microsoft 365 groups

  1. Sign in to the Microsoft 365 admin center as a Global Admin.

  2. Create the following groups:

Group 1 – Users

  • Type: Distribution list

  • Name: CrosswareMailSignatureUsers

  • Purpose: Emails from members of this group will be sent to Crossware for signature processing.

image-20250727-225439.png

Group 2 – Admins

  • Type: Security group

  • Name: CrosswareMailSignatureAdmins

  • Purpose: Members can configure Crossware Email Signature.

image-20250727-225558.png

Generate a Certificate

  1. In the Crossware Portal, navigate to the Connectors and select Update Manually.

  2. Generate a unique certificate and copy the value. this will be required later for:

    Accepted domain configuration
    Inbound connector setup

image-20250727-230048.png

The certificate remains available in the portal for future use.

Create Exchange Connectors

  1. Sign in to Exchange Admin Center.

  2. Navigate to Mail flow > Connectors, then click on + Add a connector.

image-20250727-230919.png

Create Inbound Connector

Name: CrosswareInboundConnector
From: Your organisation’s email server
To: Microsoft 365

image-20250727-231239.png


Certificate: Use the unique certificate generated in Step 2.

image-20250727-231413.png

Create Outbound Connector

Name: CrosswareOutboundConnector
From: Microsoft 365
To: Your organisation’s email server

image-20250727-231647.png
image-20250727-231801.png
Smart Hosts

Use the host for your region

:warning:

These are for new deployments. Existing customers may have different details. Contact Crossware Support if unsure.

Country

Smarthost

Australia

mstrafficsmtp-aus-k1.crossware.co.nz

Canada

mstrafficsmtp-can-k1.crossware.co.nz

Europe

mstrafficsmtp-eu-k2.crossware.co.nz

France

mstrafficsmtp-france.crossware.co.nz

India

mstrafficsmtp-ind-k1.crossware.nz

Qatar

mstrafficsmtp-qat-k1.crossware.co.nz

United Arab Emirates

mstrafficsmtp-uae-k1.crossware.co

United States

mstrafficsmtp-us-k1.crossware.co.nz

Click on the + to add the smart host name.

image-20250727-232547.png

Certificate Name: *.crossware.co.nz

image-20250727-232635.png

Validate the connection with an internal email address.

image-20250727-233030.png

If validation fails, wait a few minutes and retry.

Create Transport Rule

  1. In Exchange admin center, go to Mail flow > Rules > + Add a rule.

image-20250727-233825.png

  1. Enter the Rule Name as CrosswareTransportRule.

  2. Configure:

    • Apply this rule if... → The sender is a member of CrosswareMailSignatureUsers.

    • Do the following... → Redirect the message to the connector → CrosswareOutboundConnector.

    • Except if... → The message headers includes.

      • Header name: x-cwesigprocessed

      • Value: Y

    • Match sender address in message → Envelope

image-20250728-000304.png
image-20250728-000419.png

Ensure that the Mail Flow Rule remains Disabled until you have finalised the rest of the setup.

Add the certificate as an accepted domain

  1. In Microsoft 365 admin center, go to Settings > Domains > + Add Domain.

image-20250728-001349.png

  1. Paste the certificate value generated as the Domain name.

image-20250728-001649.png

  1. Choose Add a TXT record to the domain's DNS record and click Continue

  1. Copy the TXT record value.

image-20250728-002430.png

  1. In the Crossware Portal > Connectors > Update Manually, paste the TXT value and select Add.

image-20250728-002745.png

After confirming that the TXT Value has been successfully added, as indicated by the Green Tick, you can proceed to close the dialog box.

  1. Return to the Microsoft 365 admin center and click Verify.

image-20250728-003034.png

  1. Uncheck Exchange and Exchange Online Protection, then click Continue.

image-20250728-003235.png
image-20250728-003318.png

  1. Once you've confirmed that all of the above steps have been completed correctly, you can proceed to save your certificate to Crossware.

image-20250728-003422.png
image-20250728-003440.png

Congratulations! You have completed your setup.

Crossware has a 30-minute grace period before activating your unique certificate to allow for Microsoft propagation. Please allow 30 minutes before enabling your Crossware transport rule. Mail will not route successfully before this.

During this time, you can design and assign signatures in the Crossware Portal.