send mail using Office 365 SMTP relay through CRM system

D_wathi
D_wathi used Ask the Experts™
on
Dear Experts

We are using offfice 365 SMTP relay to send mails to the external users through the CRM application, i,e option 3 on the following URL
https://support.office.com/en-us/article/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-365-69f58e99-c550-4274-ad18-c805d654b4c4 , this CRM system is allowed only to talk with <domain>.mail.protection.outlook.com on port 25 and 587 and rest of the access to the internet is blocked, not access for this CRM system to http/https to the external network.
1. we observed the CRM system workflow triggers the emails to the external network users only when the port 80 is opened for the CRM system at the gateway/firewall level,  we noticed the CRM system gets connected to internet and connects to crl.globalsign.com  and from here it is connecting to office365 smtp and emails are delivered.
2. when we disable access to external network i,e port 80 http blocked for CRM system at gateway/firewall then emails does not flow no packets flow found hence no mails are sent.
3. When only allowed CRM system can talk to crl.globalsign.com  then emails are getting triggered.
can you please help me understand how this office365 is working when it is configured to the CRM system. is it essential that CRM system to be allowed to talk to crl.globalsign.com . please suggest.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
MaheshArchitect
Distinguished Expert 2018

Commented:
all you need to do is, DNS configured on CRM system should be able to resolve correct public IP of O365 MX you are pointing and then CRM system can establish connection

crl.globalsign.com is required so that globalsign certificate installed on CRM server should be able to reach to that URL to download CRL and validate own certificate against that CRL, its not related to your relay

Author

Commented:
thanks for the reply, if we allow access to the CRM system to the external site crl.globalsign.com and block rest all then emails are getting delivered via office 365 relay but if stop access for CRM system to reach URL crl.globalsign.com then emails are not getting delivered. for the emails to deliver from CRM system it should go through with smtp server with smtp port , please sugest
Architect
Distinguished Expert 2018
Commented:
check from your server if you are able to telnet O365 MX fqdn and public IP both on tcp 25, if that works, close global sign port or any other ports and check if still you are able to telnet MX with fqdn and public IP on TCP 25, if not then somewhere your firewall rules have problem
because smtp and http are totally different protocols and relay requires only 25
One more thing, ensure that your crm is set for smtp port only

Author

Commented:
thanks for the reply, able to telnet <ourdomain>.mail.protection.outlook.com  with port 25 from CRM system also used telnet to test smtp connection gets established able to send and receive mails through commands MAIL FROM and RCPT TO we can see the packet flow but from CRM system emails are not going out with properly configured smtp details but the account is without authentication ( no password)
MaheshArchitect
Distinguished Expert 2018
Commented:
CRM system emails are not going out with properly configured smtp details but the account is without authentication ( no password)

this is not clear

since you must be having inbound connector created in O365 from onpremise network with specified IP, u need to ensure that CRM server public IP is added as trusted IP in O365 inbound connector, no other authentication is required

u need to check that with complete restricted internet access u can telnet O365 mx on tcp 25 and if u can send emails then

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial