Solved

Office 365 SMTP relay issues

Posted on 2014-02-06
2
992 Views
Last Modified: 2014-02-26
Dear all,

After several attempts I have created a virtual SMTP relay on a Windows 2012 server to act as relay between our MFDs, LOB apps etc. and Office 365.  This is all due to TLS encryption being necessary.

The main issue I have at the moment, is more of a head scratcher than anything else.  I have had to create a user/mailbox in our Exchange Admin Portal for our SMTP relay to use.  If I created an account in our Active Directory forest no email went anywhere, the account did not work.  This was born out by advice from Microsoft.

For the sake of argument I called the account IT @blah.com, with a display name of ‘IT Department’.  All email alerts from SCOM or from our MFDs are all addressed from ‘IT Department’.  However, I need to be able do something like this:

1. Alerts from SCOM arrive in a mail box from ‘IT Department’
2. Scans from MFDs to arrive from ‘Printer Name’ (e.g. Finance Printer).

The list can go on and on.   The problem is that I can only setup one account to authenticate as if I use  ‘Anonymous Access’ it fails. See attached screenshot).

How can I set Office 365 up so that I can relay SMTP email for different purposes without having to create multiple SMTP relays and accounts in EAP?  I don't want all SMTP relayed email to come from 'IT Department' for example.

Any help please?
SMTP.png
0
Comment
Question by:rookie_b
2 Comments
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 39840033
I know that some documentation says that you have to use TLS to relay with Office 365, but I found that wasn't the case.  What I have done:
-- on the SMTP virtual server
-is allowed to relay for specific IPs
-authentication is set to anonymous (both for the Access tab, and Delivery > Outbound Authentication)
-created a remote domain for our domain name, and set to forward to smarhost with the name set to the name of the MX record as indicated by O365 (like "example-com.mail.protection.outlook.com")
-- in O365
-configured a connector (under Exchange Admin Center > mail flow > connectors > Inbound Connector)
Connector Type = “partner”
Connection Security = “Opportunistic TLS”
Domain Restrictions = “None”
Scope
      Domains = “*”
      IP Addresses = your public IP

With your SMTP virtual server configured that way, email sent to other domains will be routed by DNS (not going through O365), while email sent to addresses at your domain will be sent directly to O365.  From what I've seen, configuring the connector on the O365 side isn't strictly necessary, but basically whitelists email coming from the IP.

With this setup, the "from" email addresses are whatever I configure and doesn't have to line up with any accounts.
0
 

Author Closing Comment

by:rookie_b
ID: 39888380
This got us on the right track.

Thanks!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question