Forum Discussion

bjackson15's avatar
bjackson15
Copper Contributor
Dec 18, 2018

IIS Relay to O365 with Modern Authentication enabled

I turned on Modern Authentication on our tenant this weekend in preparation for MFA, since then I can no longer relay email from copiers, etc. through the IIS relay with authentication, I do have it working with a connector (IP) and no authentication but it doesn't seem to be as reliable in mail actually getting delivered (hitting spam filters).

We do use ADFS also but nothing was changed there yet.

I followed this document when setting it up and I've done the same on a test server with no luck.

https://docs.microsoft.com/en-us/Exchange/mail-flow-best-practices/how-to-configure-iis-for-relay-with-office-365

I can use Thunderbird with the same credentials and the messages are sent as expected.

 

IIS SMTP logs:

2018-12-18 16:01:14 172.25.124.134 [172.25.124.134] SMTPSVC1 TEST-SRV2016A <relayIP> 0 EHLO - +[<localIP>] 250 0 203 21 0 SMTP - - - -
2018-12-18 16:01:14 172.25.124.134 [172.25.124.134] SMTPSVC1 TEST-SRV2016A <relayIP> 0 MAIL - +FROM:<bjackson@<domain>.com> 250 0 44 54 0 SMTP - - - -
2018-12-18 16:01:14 172.25.124.134 [172.25.124.134] SMTPSVC1 TEST-SRV2016A <relayIP> 0 RCPT - +TO:<bjackson@<domain>.com> 250 0 32 29 0 SMTP - - - -
2018-12-18 16:01:14 172.25.124.134 [172.25.124.134] SMTPSVC1 TEST-SRV2016A <relayIP> 0 DATA - +<23bae685-2c48-fcac-f9f8-4e9953f3f0ca@<domain>.com> 250 0 133 423 0 SMTP - - - -
2018-12-18 16:01:14 172.25.124.134 [172.25.124.134] SMTPSVC1 TEST-SRV2016A <relayIP> 0 QUIT - [<localIP>] 240 78 73 4 0 SMTP - - - -

 

I'm at a loss what to try next, any ideas?

  • bjackson15's avatar
    bjackson15
    Copper Contributor

    I think I finally have it working. I created an In Cloud user with the .onmicrosoft.com address, assigned an exchange license, and setup the send as delegation for the accounts sending as, and it works as it did before I enabled Modern Authentication.

    • Eric LE CORRE's avatar
      Eric LE CORRE
      Brass Contributor
      So, you say it is possible to you IIS Relay with modern authentification, it works ?

Resources