SOLVED

Inbound OnPremises connector seeing significant mail flow without TLS warning

Occasional Contributor

We have Office 365 email licenses and we use MS Office/Outlook 2019 on Microsoft Windows Servers v2019.  We do NOT have an OnPrem email server.

 

We used to use smtp.office365.com as an smtp server to send email from an ERP application (to email recipients inside our organization as well as outside our organization), but the ERP app doesn't support TLS 1.2 for emailing.  So I set up a Connector in Office 365 to be able to send email from the ERP application using our Office 365 MX record and an Office 365 SMTP relay.  

 

But the Connector Report in Office 365 is warning every day that "Inbound OnPremises connector seeing significant mail flow without TLS".  I don't understand why this is happening.  I thought using our Office 365 MX record as the SMTP server and a connector are an SMTP relay would ensure all emails would be processed with TLS 1.2.  

 

Can anyone explain what I'm missing?  I can provide more details if necessary.  I also had a thought that maybe I've covered everything and that the error is really a non-issue, but I don't know.

 

Thanks.

5 Replies

@Ginny Soyars 

 

Hi Ginny :)

 

Any luck with this?

 

I have same problem - hard to know how concerned I should be - in my case - 3rd party ERP vendor - typically says yeah it's fine! 

@LorneC555 No, I haven't made any progress on this. An MS rep private-messaged me for more information, which I provided, but he eventually said he couldn't help and I should open a formal support case with Microsoft, but I don't know how to go about doing that - plus I don't feel confident I would really get anywhere with Microsoft anyway.  So...

best response confirmed by Ginny Soyars (Occasional Contributor)
Solution
If the ERP app doesnt support TLS1.2 then no matter where you send it won't be capable of TLS1.2. The connector would pick up the traffic as it's coming from your on-premises public IP, regardless of if you use smtp.office365.com or the MX record.

Set up an IIS relay on prem, use that as your relay and send from there securely to Exchange Online

@AdminSeanMc  Thank you so much for your reply Sean, this should head us in the right direction.

Lorne

Yes, thanks for that. I will probably use this as a guide and set up the IIS relay as you suggested: https://adamtheautomator.com/iis-smtp-relay/