How to configure email to use SMTP relay from your server to Office 365

Office365 relay:

Option 1 (recommended): Authenticate your device or application directly with an Office 365 mailbox, and send mail using SMTP client submission

If your device or application can authenticate and send email using an Office 365 mailbox account, this is the recommended method. The device or application sends mail using SMTP client submission. In the following diagram, the application or device in your organization’s network uses SMTP client submission and authenticates with a mailbox in Office 365.

IC800235

Using SMTP client submission

To send mail using SMTP client submission, each device or application must be able to authenticate with Office 365. Each device or application can have its own sender address, or all devices can use one address, such as printer@contoso.com. If you want to send email from a third-party hosted application or service, you must use SMTP client submission. In this scenario, the device or application connects directly to Office 365 using the SMTP client submission endpoint smtp.office365.com.

Features of SMTP client submission

  • SMTP client submission allows you to send email to people in your organization as well as outside your company.
  • This method bypasses most spam checks for email sent to people in your organization. This can help protect your company IP addresses from being blocked by a spam list.
  • With this method, you can send email from any location or IP address, including your (on-premises) organization’s network, or a third-party cloud hosting service, like Microsoft Azure.

Requirements for SMTP client submission

  • Authentication: You must be able to configure a user name and password to send email on the device.
  • Mailbox: You must have a licensed Office 365 mailbox to send email from.
  • Transport Layer Security (TLS): Your device must be able to use TLS version 1.0 and above.
  • Port: Port 587 (recommended) or port 25 is required and must be unblocked on your network. Some network firewalls or ISPs block ports—especially port 25.

Note:

For information about TLS, see How Exchange Online uses TLS to secure email connections in Office 365 and for detailed technical information about how Exchange Online uses TLS with cipher suite ordering, see Enhancing mail flow security for Exchange Online.

Limitations of SMTP client submission

You can only send from one email address unless your device can store login credentials for multiple Office 365 mailboxes. Office 365 imposes a limit of 30 messages sent per minute, and a limit of 10,000 recipients per day.

Set up SMTP client submission by following How to configure SMTP client submission.

Option 2: Send mail directly from your printer or application to Office 365 (direct send)

If SMTP client submission is not compatible with your business needs or with your device, consider using direct send. Direct send makes it easy to send messages to recipients in your own organization with mailboxes in Office 365.

In the following diagram, the application or device in your organization’s network uses direct send and your Office 365 mail exchange (MX) endpoint to email recipients in your organization. It’s easy to find your MX endpoint in Office 365 if you need to look it up.

IC800236

Using direct send

You can configure your device to send email direct to Office 365. However, in this case, Office 365 does not relay messages for external recipients and will only deliver to your hosted mailboxes. If your device sends an email to Office 365 that is for a recipient outside your organization, the email will be rejected.

Note:

If your device or application has the ability to act as a mail server and deliver to Office 365 as well as other mail providers, consult your device or application instructions; there are no Office 365 settings needed for this scenario.

There are several scenarios where direct send can be the best choice:

  • If the device or application is only sending email to your own Office 365 users and SMTP client submission is not an option, this is the simplest method as there is no Office 365 configuration needed.
  • You want your device or application to send from each user’s email address and do not want each user’s mailbox credentials configured to use SMTP client submission. Direct send allows each user in your organization to send email using their own address. When you use direct send, avoid using a single mailbox with Send As permissions for all your users. This method is not supported because of complexity and potential issues.
  • Your device or application does not meet the requirements of SMTP client submission, such as TLS support.
  • Office 365 does not allow you to send bulk email or newsletters via SMTP client submission. Direct send allows you to send a higher volume of messages. However, there is a risk of your email being marked as spam by Office 365. You might want to enlist the help of a bulk email provider to assist you. There are best practices for bulk email, and bulk email providers can help ensure that your domains and IP addresses are not blocked by others on the Internet.

Features of direct send

Direct send:

  • Uses Office 365 to send emails, but does not require a dedicated Office 365 mailbox.
  • Doesn’t require your device or application to have a static IP address. However, this is recommended if possible.
  • Doesn’t work with a connector; never configure a device to use a connector with direct send, this can cause problems.
  • Doesn’t require your device to support TLS.

Direct send has higher sending limits than SMTP client submission. Senders are not bound by the 30 messages per minute or 10,000 recipients per day limit.

Requirements for direct send

  • Port: Port 25 is required and must be unblocked on your network.
  • Static IP address is recommended: A static IP address is recommended so that an SPF record can be created for your domain. This helps avoid your messages being flagged as spam.

Limitations of direct send

  • Direct send cannot be used to deliver email to external recipients, for example, recipients with Yahoo or Gmail addresses.
  • Your messages will be subject to antispam checks.
  • Sent mail might be disrupted if your IP addresses are blocked by a spam list.
  • Office 365 uses throttling policies to protect the performance of the service.

Set up direct send by following How to configure direct send.

Option 3: Configure a connector to send mail using Office 365 SMTP relay

Office 365 SMTP relay uses a connector to authenticate the mail sent from your device or application. This allows Office 365 to relay those messages to your own mailboxes as well as external recipients. Office 365 SMTP relay is very similar to direct send except that it can send mail to external recipients. Due to the added complexity of configuring a connector, direct send is recommended over Office 365 SMTP relay, unless you must send email to external recipients. To send email using Office 365 SMTP relay, your device or application server must have a static IP address or address range. You can’t use SMTP relay to send email directly to Office 365 from a third-party hosted service, such as Microsoft Azure.

In the following diagram, the application or device in your organization’s network uses a connector for SMTP relay to email recipients in your organization.

IC800237

Using Office 365 SMTP relay

The Office 365 connector that you configure authenticates your device or application with Office 365 using an IP address. Your device or application can send email using any address (including ones that can’t receive mail), as long as the address uses one of your Office 365 domains. The email address doesn’t need to be associated with an actual mailbox. For example, if your domain is contoso.com, you could send from an address like do_not_reply@contoso.com.

Features of Office 365 SMTP relay

  • Office 365 SMTP relay does not require the use of a licensed Office 365 mailbox to send emails.
  • Office 365 SMTP relay has higher sending limits than SMTP client submission; senders are not bound by the 30 messages per minute or 10,000 recipients per day limits.

Requirements for Office 365 SMTP relay

  • Static IP address or address range: Most devices or applications are unable to use a certificate for authentication. To authenticate your device or application, use one or more static IP addresses that are not shared with another organization.
  • Connector: You must set up a connector in Exchange Online for email sent from your device or application.
  • Port: Port 25 is required and must not be blocked on your network or by your ISP.
  • Licensing: SMTP relay doesn’t use a specific Office 365 mailbox to send email. This is why it’s important that only licensed users send email from devices or applications configured for SMTP relay. If you have senders using devices or LOB applications who don’t have an Office 365 mailbox license, obtain and assign an Exchange Online Protection license to each unlicensed sender. This is the least expensive license that allows you to send email via Office 365.

Limitations of Office 365 SMTP relay

  • Sent mail can be disrupted if your IP addresses are blocked by a spam list.
  • Reasonable limits are imposed for sending. For more information, see Higher Risk Delivery Pool for Outbound Messages.
  • Requires static unshared IP addresses (unless a certificate is used).

Set up SMTP relay by following How to configure Office 365 SMTP relay

SMTP configure:

How to configure Internet Information Server (IIS) for relay with Office 365

Exchange Online

Applies to: Exchange Online

Topic Last Modified: 2015-02-25

When you set up a multifunction device or Line of Business (LOB) application to send email through Office 365, there are some cases where the device or application can’t connect directly to Office 365. In these cases, you need to set up Internet Information Services (IIS) to work as an intermediary. These instructions can be modified for other SMTP relays that you might have in your organization. We recommend reviewing the steps in the document How to set up a multifunction device or application to send email using Office 365 before proceeding with this procedure as there may be an available option that doesn’t require setting up an additional server to relay.

You might want to do this in the following scenarios:

  • You don’t have an on-premises messaging system any longer
  • You have line-of-business (LOB) programs or devices in an on-premises environment
  • Your LOB programs and devices have to send email messages to remote domains and to your Exchange Online mailboxes

What do you need to know before you begin?

  • Estimated time to complete: 15 minutes
  • Your on-premises domain must be added as an accepted domain in Office 365. For example, if the account you’re relaying from is bob@tailspintoys.com, you have to add tailspintoys.com as an accepted domain in Office 365.
  • Your on-premises account must also be either an Exchange Online-licensed user in Office 365 or an alternative email address of an Exchange Online-licensed user. For example, if the account that you’re relaying from is printer@tailspintoys.com and you want to relay through bob@contoso.com (an Office 365 user), you have to add printer@tailspintoys.com as an alternate email address to bob@contoso.com.
  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
Use Server Manager to set up Exchange Online as an SMTP relay

The installation steps you’ll use are different for Windows Server 2012 and Windows Server 2008. Install Internet Information Services (IIS) on Windows Server 2012

Set up Exchange Online as an SMTP Relay Using Windows Server 2012

  1. Install Internet Information Services (IIS)
    1. In Server Manager, select Add Roles.
    2. On the Before you begin page in the Add Roles Wizard, select Next.
    3. On the Select Installation Type page, select Role-based or Feature-based installation.
    4. On the Select destination server page, choose Select a server from the server pool, and select the server that will be running SMTP services. Select Next.
    5. On the Select Server Roles page, select Web Server (IIS), and then select Next. If a page that requests additional features is displayed, select Add Features and then select Next.
    6. On the Select Role Services page, make sure that Basic Authentication under Security is selected, and then select Next.
    7. On the Confirm Installation Steps page, select Install.
  2. Install SMTP
    1. Open Server Manager and select Add Roles and Features.
    2. Select Server Selection and make sure that the server that will be running the SMTP server is selected and then select Features.
    3. On the Select Features screen, choose SMTP Server. You may be prompted to install additional components. If that’s the case, select Add Required Features and select Next.
    4. Select Install. After the installation is finished, you may have to start the SMTP service by using the Services snap-in for the Microsoft Management Console (MMC).
  3. Set up SMTP
    1. Open Server Manager, select Tools, and then select Internet Information Services (IIS) 6.0.
    2. Expand the current server, right-click the SMTP Virtual Server, and then select Properties.
    3. On the General tab, select Advanced > Add.
    4. In the IP Address box, specify the address of the server that’s hosting the SMTP server.
    5. In the Port box, enter 587 and select OK.
    6. On the Access tab, do the following:
      1. Select Authentication and make sure that Anonymous Access is selected.
      2. Select Connection > Only the List Below, and then specify the IP addresses of the devices that will be connecting to the SMTP server, such as printers.
      3. Select Relay > Only the List Below, and then specify the IP address of the devices relaying through this SMTP server
    7. On the Delivery tab, select Outbound Security, and then do the following:
      1. Select Basic Authentication.
      2. Enter the credentials of the Office 365 user who you want to use to relay SMTP mail.
      3. Select TLS Encryption.
      4. Select Outbound Connections, and in the TCP Port box, enter 587 and select OK.
      5. Select Advanced and specify SMTP.office365.com as the Smart Host.
  4. Restart the IIS service and the SMTP service.

Set up Exchange Online as an SMTP Relay Using Windows Server 2008

  1. Install Internet Information Services (IIS)
    1. In Server Manager, select Add Roles.
    2. On the Before you begin page in the Add Roles Wizard, select Next.
    3. On the Select Server Roles page, select Web Server (IIS) and select Install.
    4. Select Next until you get to the Select Role Services page.
    5. In addition to what is already selected, make sure that ODBC Logging, IIS Metabase Compatibility, and IIS 6 Management Console are selected and then select Next.
    6. When you’re prompted to install IIS, select Install. You may need to restart the server after the installation is finished.
  2. Install SMTP
    1. Open Server Manager and select Add Roles and Features.
    2. On the Select Features screen, choose SMTP Server. You may be prompted to install additional components. If that’s the case, select Add Required Features and select Next.
    3. Select Install. After the installation is finished, you may have to start the SMTP service by using the Services snap-in for the Microsoft Management Console (MMC).
  3. Set up SMTP
    1. Select Start > Administrative Tools > Internet Information Services (IIS) 6.0.
    2. Expand the current server, right-click the SMTP Virtual Server, and then select Properties.
    3. On the General tab, select Advanced > Add.
    4. In the IP Address box, specify the address of the server that’s hosting the SMTP server.
    5. In the Port box, enter 587 and select OK.
    6. On the Access tab, do the following:
      1. Select Authentication and make sure that Anonymous Access is selected.
      2. Select Connection > Only the List Below, and then specify the IP addresses of the devices that will be connecting to the SMTP server, such as printers.
      3. Select Relay > Only the List Below, and then specify the IP address of the devices relaying through this SMTP server
    7. On the Delivery tab, select Outbound Security, and then do the following:
      1. Select Basic Authentication.
      2. Enter the credentials of the Office 365 user who you want to use to relay SMTP mail.
      3. Select TLS Encryption.
      4. Select Outbound Connections and in the TCP Port box, enter 587 and select OK.
      5. Select Advanced and specify SMTP.office365.com as the Smart Host.
  4. Restart the IIS service and the SMTP service.

How do you know this worked?

You can test SMTP relay services without using an separate LOB application or device.

To test SMTP relay services, use the following steps.

Create a text file using Notepad or another text editor. The file should contain the following code. Replace the source and destination email addresses with the addresses you will use to relay SMTP.

FROM: 
TO: 
SUBJECT: Test email

This is a test email sent from my SMTP server

Save the text file as Email.txt.

Copy the Email.txt file into the following folder: C:\InetPub\MailRoot\Pickup.

After a short time, the file should automatically be moved to the C:\InetPub\MailRoot\Queue folder. When the SMTP server delivers the mail, the file is automatically deleted from the local folder.

Post Author: Druu Gillogly