[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1210
  • Last Modified:

Office 365 SMTP relay issues

Dear all,

After several attempts I have created a virtual SMTP relay on a Windows 2012 server to act as relay between our MFDs, LOB apps etc. and Office 365.  This is all due to TLS encryption being necessary.

The main issue I have at the moment, is more of a head scratcher than anything else.  I have had to create a user/mailbox in our Exchange Admin Portal for our SMTP relay to use.  If I created an account in our Active Directory forest no email went anywhere, the account did not work.  This was born out by advice from Microsoft.

For the sake of argument I called the account IT @blah.com, with a display name of ‘IT Department’.  All email alerts from SCOM or from our MFDs are all addressed from ‘IT Department’.  However, I need to be able do something like this:

1. Alerts from SCOM arrive in a mail box from ‘IT Department’
2. Scans from MFDs to arrive from ‘Printer Name’ (e.g. Finance Printer).

The list can go on and on.   The problem is that I can only setup one account to authenticate as if I use  ‘Anonymous Access’ it fails. See attached screenshot).

How can I set Office 365 up so that I can relay SMTP email for different purposes without having to create multiple SMTP relays and accounts in EAP?  I don't want all SMTP relayed email to come from 'IT Department' for example.

Any help please?
SMTP.png
0
rookie_b
Asked:
rookie_b
1 Solution
 
footechCommented:
I know that some documentation says that you have to use TLS to relay with Office 365, but I found that wasn't the case.  What I have done:
-- on the SMTP virtual server
-is allowed to relay for specific IPs
-authentication is set to anonymous (both for the Access tab, and Delivery > Outbound Authentication)
-created a remote domain for our domain name, and set to forward to smarhost with the name set to the name of the MX record as indicated by O365 (like "example-com.mail.protection.outlook.com")
-- in O365
-configured a connector (under Exchange Admin Center > mail flow > connectors > Inbound Connector)
Connector Type = “partner”
Connection Security = “Opportunistic TLS”
Domain Restrictions = “None”
Scope
      Domains = “*”
      IP Addresses = your public IP

With your SMTP virtual server configured that way, email sent to other domains will be routed by DNS (not going through O365), while email sent to addresses at your domain will be sent directly to O365.  From what I've seen, configuring the connector on the O365 side isn't strictly necessary, but basically whitelists email coming from the IP.

With this setup, the "from" email addresses are whatever I configure and doesn't have to line up with any accounts.
0
 
rookie_bAuthor Commented:
This got us on the right track.

Thanks!
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now