Office 365 SMTP Relay Setup and Configuration

|
| TechPress-KBID-177
Home » Office 365 » Office 365 SMTP Relay Setup and Configuration

When you move all mailboxes to the office365 (“cloud”), the next thing in your task is to migrate the SMTP Relay Service. If you plan to keep your existing on premise exchange server then it can be used / utilized as a SMTP Relay server. Else, if you plan to decommission the exchange server for good, in that case you can utilize Office365 as a SMTP Relay server to relay the emails.

There are three methods which you can use to configure / utilize Office 365 SMTP Relay Service. Any of the given methods can be used to configure the SMTP Relay. However, each one is having a different set of configuration and requirements. I will show you how to configure it using all the three methods. Depending upon your requirement, select the best option and configure it for your Devices like Printers/scanners/Application Servers/Powershell or any other Scripts or Tools which you are using in your environment.

Configuration Options

Using SMTP Auth Submission Method  [For Sending an email to Internal users and External users]

Using Direct Send Method [For Sending an email to only Internal Users]

Creating a Connector in Office365 [for Sending an email to Internal and External Users without TLS]

SMTP Authenticated Submission

Requirements / Important Points:

  • Easiest to setup, No extra configuration or steps required in Office365.
  • Licensed Office365 User Mailbox is required (This will be the from address which will be used to send the emails).
  • Use this option if you want to send the emails within your organization as well as outside your organization.
  • Send the Email from any location or IP.
  • SMTP Auth must be Enabled on Organisation or Mailbox Level.
  • Device must support TLS 1.2 or above (Please check the vendor documentation to confirm this).
  • SMTP Authenticated Submission cannot be used to send bulk email or newsletters.
  • Firewall must allow Port 587 or Port 25.

Once you confirm that you are meeting the above mentioned requirements, Go ahead and configure the device to send the emails using below information.

Direct Send Method

Requirements / Important Points:

  • Static Public IP Address of your Device or Server or the Application.
  • Firewall must allow Port 25 from Client to Office365.
  • MX Endpoint of your domain.
  • No Office365 Mailbox is required.

Once you meet all the above requirements and noted down the points. You can start configuration of Direct Send SMTP Relay.

  1. You can find the MX Endpoint of your domain from office365 portal by clicking on Setup -> Domains and Click on the your company domain. This will open below page, you can copy the Point to address or value for MX record Type

2. Add Static IP Address of your Device or Server or the Application to SPF Record [Optional]

Let’s take an example: Your Office Public IP Address is 1.2.3.4 and your server or application or printer /scanner is in the office so it will use the Public IP address 1.2.3.4 to go out and communicate with office365. Therefore, include the IP Address 1.2.3.4 in your SPF Record so that your emails are not marked as SPAM.

Note: Well, this is optional but recommended step to perform, and if your emails are landing in the SPAM folder you can configure this.

v=spf1 ip4:1.2.3.4 include:spf.protection.outlook,com -all

3. If your emails are still going into the SPAM folder. Please create a SPAM Bypass rule on office365 for the email ID which you have used to send the email from. Login to Exchange online management portal ->  click mail flow -> Rule -> Create a Rule.

Creating a Connector on Office365

Requirements / Important Points:

  • Static Public IP Address of your Device or Server or the Application.
  • Firewall must allow Port 25 from Client to Office365.
  • MX Endpoint of your domain.
  • No Office365 Mailbox is required.
  • Connector will need to be created on office365 for accepting the email from the Static Public IP noted before.

Once A connector is configured then use below settings on the device to configure for SMTP Service.

Well, Mostly its a direct Send Method + A Connector on Office365 which will be required so that you can send the email to external users. Please follow below instructions to create a connector:

  • Logon to Microsoft Office365 Exchange Online Portal  with appropriate rights.
  • Click on mail flow and then connectors tab.
  • Click on Sign to create a New Connector
  • Select From: Your Organization’s email Server and To: Office365
  • Provide appropriate name to this connector e.g <companyname> SMTP Relay
  • Select the Option “By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization
  • Add the Static Public IP noted earlier.
  • Click Save to Save this connector.
  • Its [Optional] but recommended to add this Static Public IP Address to your SPF Record.
  • If your emails are still going into the SPAM folder. Please create a SPAM Bypass rule on office365 for the email ID which you have used to send the email from. Go to mail flow -> Rule -> Create a Rule.

References:

Check SMTP Auth at organization level

Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled

Check SMTP Auth at Mailbox level

Get-CASMailbox "Jatin Makhija" | fl SmtpClientAuthenticationDisabled

In my case you can see its blank, That means this setting is controlled by the corresponding SmtpClientAuthenticationDisabled parameter on the Set-TransportConfig cmdlet for the whole organization.

External Links:

SMTP Auth Client Submission

Leave a Reply