Update 11/13/2023: We added new information on how to know when this change is released to your organization.
Today, we are announcing an update to our requirements for SMTP relay through Exchange ...
Updated Feb 22, 2024
Version 19.0
Blog Post
Hi Carolyn_Liu ,
thanks for your immediate response.
I have few more queries:
1)"If this is the only way to authenticate the mail (relay), No, you can NOT. Each must have a unique certificate and the SAN domain must be accepted domain for that tenant".
- This would result in multiple certificates for every tenant. So if the list is big, this might be cumbersome. Can we add multiple SANs to the same certificate? so that it will cover multiple EXO tenants?
- Also if there are multiple certificates( for every EXO tenant) will Exchange internally check against every .crt file in the server to know which one the accepted domain matches? In other words, how does Exchange know the list of Certificate names or SAN names for this server? Is there an API which I can use to check?Sorry if the question is too naive.
2) "No. and soon we will add restrictions to prohibit this approach (i.e. you cannot user shared IP or certificate to config Inbound OnPremises connector for multiple tenants)"
- Are you saying multiple EXO tenants cannot add the same ips for inbound connector? May I know the reason behind this?
- when is this going to be implemented tentatively?