Hello All
Hope everyone is doing great , we are going to walk through the options available to send the SMTP relay emails in Microsoft - Exchange online and application or devices as well.
This article will give some clear picture about which options should we use to relay the emails from any of the applications or devices
There are three options are available - mentioned below
1. SMTP-AUTH Client Submission
2. Direct Send
3. SMTP Relay
Let us go through one by one.
SMTP-AUTH Client Submission
- This is suitable for to send emails to internal and external users from your applications.
- Modern Authentication must be enabled, like MFA and APP password
- Security Default not supported, which means the mailbox account must be enabled MFA
- Password cannot be used, instead, we need to use app password for the account
- APP password used for authentication for the applications and Devices
- TLS 1.2 must be supported
- If the application or devices are nor supported TLS 1.2 , then we must choose either direct send or SMTP Relay
- SMTP-AUTH Client Submission uses mailbox credential that is hosted in M365 to connect M365 servers , if the email address and password is not configured correctly , we cannot connect M365 servers
- Once the Authentication is successful, we can send emails to internal and external
- Relay name : SMTP.office365.com
- Communication Port : 25
Please note : APP PASSWORD is now depreciated and we need to use Oauth Authentication method to send email via SMTP.office365.com
Direct Send
- Direct Send uses the SMTP client Authentication mechanism in the tenant level or Mailbox Level
- We need to make sure SMTP client authentication is enabled in the tenant level
- Powershell command to check for tenant level
==========================================================================
Ramki:> Get-TransportConfig | fl *Smtp*
InternalSMTPServers : {}
AgentGeneratedMessageLoopDetectionInSmtpEnabled : True
SmtpClientAuthenticationDisabled : False
SmtpClientAuthenticationDisabled = False , which means, Its enabled for SMTP client authentication
==========================================================================
- We can use this option [Direct Send] , if the application or devices are not supported TLS 1.2
- It supports only to send emails to internal users, not suitable for sending emails to external users from applications or devices
- We need a public Static IP for the application or devices , that will be used to relay the emails because, we are going to connect MX record of our M365 tenant domain
How to find the MX of Domain
In this case, my domain name is cloudmonkeys.xyz
Click on Domain Name and followed by DNS Records on it
SMTP server Name for direct send : cloudmonkeys-xyz.mail.protection.outlook.com
Communication PORT : 25
- We need to PUBLISH an SPF records for that domain that will include the PUBLIC IP ADDRESS of the application or devices where it relays the emails
- if the SPF is not configured , the emails will go to junk
SMTP Relay
- We can use this options , if the applications / devices are not supported TLS 1.2
- we can use this options to send emails to internal and external users
- It needs to be use STATIC Public IP address
- This method requires, a mail flow connector in exchange online, with static Public IP or TLS Certificate
- In this method , we have to use MX records of our tenant domain
- SMTP server Name for SMTP Relay : cloudmonkeys-xyz.mail.protection.outlook.com
- Communication PORT : 25
- In SMTP Relay, authentication is performed by Microsoft 365 - exchange online connector using the static IP of our application, that we configured with in the connector
- On based on the authentication , the emails are sent to external recipients
Non Delivery Report - Error Codes on smtp.office365.com - Port 587
use the below script to send email to external users or you can use any applications, and some python scripts
Ramki: 12/28/2023 17:20:33>$cred=Get-credential -username "aisha.bhari@cloudmonkeys.xyz" -Message "Enter the password"
Ramki: 12/28/2023 17:20:40>$mailParam =@{
>> smtpserver = "smtp.office365.com"
>> Port = "587"
>> useSSL = $True
>> Credential = $Cred
>> From = "aisha.bhari@cloudmonkeys.xyz"
>> To = "rush2ramki@gmail.com"
>> Subject = "Send-MailMessage"
>> Body = "This is mail from Send-MailMessage"
>> }
Ramki: 12/28/2023 17:20:40>Send-Mailmessage @Mailparam
Send-Mailmessage : The SMTP server requires a secure connection or the client was not authenticated. The server
response was: 5.7.57 Client not authenticated to send mail. Error: 535 5.7.139 Authentication unsuccessful, basic
authentication is disabled. [MA0PR01CA0105.INDPRD01.PROD.OUTLOOK.COM 2023-12-28T11:50:52.546Z 08DC073764B53CD9]
At line:1 char:1
+ Send-Mailmessage @Mailparam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept
ion
+ FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage
As basic auth is disabled in exchange online, we cannot use this option and app password as well - we need to use OAuth method
In short using this method, you cannot send email to internal and External users, as this method needs Basic auth needs to be enabled, however its disabled now in M365
i will write a separate blog for how to send email via OAUTH
Direct Send for Internal Users Only
Ramki: 12/28/2023 17:26:07>$cred=Get-credential -username "aisha.bhari@cloudmonkeys.xyz" -Message "Enter the password"
Ramki: 12/28/2023 17:30:43>$mailParam =@{
>> smtpserver = "cloudmonkeys-xyz.mail.protection.outlook.com"
>> Port = "25"
>> useSSL = $True
>> Credential = $Cred
>> From = "aisha.bhari@cloudmonkeys.xyz"
>> To = "selvam@cloudmonkeys.xyz"
>> Subject = "Send-MailMessage"
>> Body = "This is mail from Send-MailMessage"
>> }
Ramki: 12/28/2023 17:30:43>Send-Mailmessage @Mailparam
Ramki: 12/28/2023 17:30:46>
RELAY for Internal Users and External Users
RELAY for EXTERNAL users using SMTP Relay
$cred=Get-credential -username "aisha.bhari@cloudmonkeys.xyz" -Message "Enter the password"
$mailParam =@{
smtpserver = "cloudmonkeys-xyz.mail.protection.outlook.com"
Port = "25"
useSSL = $True
Credential = $Cred
From = "aisha.bhari@cloudmonkeys.xyz"
To = "rush2ramki@hotmail.com"
Subject = "Send-MailMessage"
Body = "This is mail from Send-MailMessage"
}
Send-Mailmessage @Mailparam
Ramki: 12/27/2023 17:38:57>Send-Mailmessage @Mailparam
Send-Mailmessage : Mailbox unavailable. The server response was: 5.7.64 TenantAttribution; Relay Access Denied
[ValidationStatus of '' is EmptyCertificate] [BMXIND01FT021.eop-IND01.prod.protection.outlook.com
2023-12-27T12:08:55.256Z 08DC06D0F71517D9]
At line:1 char:1
+ Send-Mailmessage @Mailparam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept
ion
+ FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage
After Created the below connector in exchange online
SMTP Relay
Mail flow scenario
From: Your organization's email server
To: Office 365
Name
SMTP Relay
Status
On
Edit name or status
How to identify email sent from your email server
Identify incoming messages from your email server by verifying that the sending server's IP address is within these IP address ranges: 210.18.181.5, and the sender's or recipient's email address is an accepted domain for your organization.
Edit sent email identity
Ramki: 12/27/2023 18:23:59>$cred=Get-credential -username "aisha.bhari@cloudmonkeys.xyz" -Message "Enter the password"
Ramki: 12/27/2023 18:25:57>$mailParam =@{
>> smtpserver = "cloudmonkeys-xyz.mail.protection.outlook.com"
>> Port = "25"
>> useSSL = $True
>> Credential = $Cred
>> From = "aisha.bhari@cloudmonkeys.xyz"
>> To = "rush2ramki@hotmail.com"
>> Subject = "Send-MailMessage"
>> Body = "This is mail from Send-MailMessage"
>> }
Ramki: 12/27/2023 18:25:57>Send-Mailmessage @Mailparam
Ramki: 12/27/2023 18:26:00>
I hope this article is worth for messaging admins to know about the relaying emails in office365 . Happy learning 😃
Comments
Post a Comment