Forum Discussion

JPMarathon's avatar
JPMarathon
Copper Contributor
Nov 20, 2018

SMTP relay through Office 365 from on-prem to internet problem with internal users

Hello,     I'm having challenges understanding why e-mails won't relay between internal user mailboxes using xxx.mail.protection.outlook.com from an on-premises IIS SMTP server to O365. We have a ...
office 365
VasilMichev's avatar
VasilMichev
MVP
Nov 20, 2018

So if I got this right, you have mailboxes both in ExO and in some other system on-premises? IIS SMTP relay is hardly the best tool to use in such scenarios, but without knowing the specifics we cannot give you more detailed recommendations. In any case, you can resolve this issue by adding Send As permissions for any of the accounts that already have mailboxes.

 

In a nutshell, they recently introduced some changes recently that make SMTP submitted messages behave pretty much like any other messages, thus if the mailbox already exists you will need Send As permissions to use that address. As part of those changes, you should also ensure that the sender address complies with RFC5322. More details here: https://support.microsoft.com/en-us/help/4458479/improvements-in-smtp-authenticated-submission-client-protocol

JPMarathon's avatar
JPMarathon
Copper Contributor
Nov 20, 2018
Sorry if I wasn't clear: no the mailboxes only exist in Exchange Online. The internal SMTP server is nothing more than a relay for internal e-mail to Office 365. The main reason for this is because there are internal applications that are configured to send through this SMTP server that cannot be changed. Formerly it was relaying through an internal Exchange 2010 server. However a migration from Exchange 2010 to Office 365 just occurred which prompted the update of the smart host on the internal server.

What I don't understand is why can I relay from a user@domain.com e-mail address to say a user@gmail.com address, but I can't relay from user@domain.com to user1@domain.com? This makes no sense to me.

I did test the RFC5322 compliance and that did not make any difference in the way the message was processed. That is something I had experimented with before posting this up.

Resources