send mail using Office 365 SMTP relay through CRM system

Dear Experts

We are using offfice 365 SMTP relay to send mails to the external users through the CRM application, i,e option 3 on the following URL
https://support.office.com/en-us/article/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-365-69f58e99-c550-4274-ad18-c805d654b4c4 , this CRM system is allowed only to talk with <domain>.mail.protection.outlook.com on port 25 and 587 and rest of the access to the internet is blocked, not access for this CRM system to http/https to the external network.
1. we observed the CRM system workflow triggers the emails to the external network users only when the port 80 is opened for the CRM system at the gateway/firewall level,  we noticed the CRM system gets connected to internet and connects to crl.globalsign.com  and from here it is connecting to office365 smtp and emails are delivered.
2. when we disable access to external network i,e port 80 http blocked for CRM system at gateway/firewall then emails does not flow no packets flow found hence no mails are sent.
3. When only allowed CRM system can talk to crl.globalsign.com  then emails are getting triggered.
can you please help me understand how this office365 is working when it is configured to the CRM system. is it essential that CRM system to be allowed to talk to crl.globalsign.com . please suggest.
D_wathiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
all you need to do is, DNS configured on CRM system should be able to resolve correct public IP of O365 MX you are pointing and then CRM system can establish connection

crl.globalsign.com is required so that globalsign certificate installed on CRM server should be able to reach to that URL to download CRL and validate own certificate against that CRL, its not related to your relay
0
D_wathiAuthor Commented:
thanks for the reply, if we allow access to the CRM system to the external site crl.globalsign.com and block rest all then emails are getting delivered via office 365 relay but if stop access for CRM system to reach URL crl.globalsign.com then emails are not getting delivered. for the emails to deliver from CRM system it should go through with smtp server with smtp port , please sugest
0
MaheshArchitectCommented:
check from your server if you are able to telnet O365 MX fqdn and public IP both on tcp 25, if that works, close global sign port or any other ports and check if still you are able to telnet MX with fqdn and public IP on TCP 25, if not then somewhere your firewall rules have problem
because smtp and http are totally different protocols and relay requires only 25
One more thing, ensure that your crm is set for smtp port only
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
D_wathiAuthor Commented:
thanks for the reply, able to telnet <ourdomain>.mail.protection.outlook.com  with port 25 from CRM system also used telnet to test smtp connection gets established able to send and receive mails through commands MAIL FROM and RCPT TO we can see the packet flow but from CRM system emails are not going out with properly configured smtp details but the account is without authentication ( no password)
0
MaheshArchitectCommented:
CRM system emails are not going out with properly configured smtp details but the account is without authentication ( no password)

this is not clear

since you must be having inbound connector created in O365 from onpremise network with specified IP, u need to ensure that CRM server public IP is added as trusted IP in O365 inbound connector, no other authentication is required

u need to check that with complete restricted internet access u can telnet O365 mx on tcp 25 and if u can send emails then
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SugarCRM

From novice to tech pro — start learning today.