May 10 2021 09:32 AM - edited May 10 2021 09:35 AM
Hello all,
Is it possible to setup SMTP Relay on Exchange 2016 to allow authentication from applications outside of our network?
For example, let's say we have an ERP software that's installed on a server that is located on a new site that is outside of our network. The server in question isn't joined to our domain yet (recently acquired company).
They no longer have an Exchange server. Can our Exchange server be used as their SMTP server to send out invoices? I know this would work with Exchange Online/Office 365 as it allows you to enable SMTP AUTH for specific mailboxes. But I'm not so sure if this would work with an on-premise Exchange server.
PS. I tried creating an SMTP Relay on our on-premise Exchange and whitelisted the site's IP Address. We're trying to authenticate using our webmail address. We get error 10060.
Any help would be appreciated.
Thanks.
May 10 2021 10:30 AM
Your on-premises Exchange Server provides the ability to accept authenticated SMTP messages by default. When you take your ERP software solution as an example, you can follow these steps for the external application:
In this example, I identify the ERP application as an SMTP client that wants to deliver an email message, and not as a server. Therefore, I use the Client Frontend connector on TCP 587 instead of the Default Frontend connector on TCP 25.
Whitelisting a remote IP address poses a risk for using the Exchange server as an open relay by IP spoofing.
Links
May 10 2021 01:10 PM
@Thomas Stensitzki Sounds good, Thomas. Thank you very much for your advice. I will revisit those settings and give that a try as per your instructions.
Cheers :)
Oct 04 2021 06:05 AM
@Thomas Stensitzki - is a SMTP Client Auth possible w/AD-only user? There should be no mailbox on the Exchange.
As seen: smtp - AD User Authentication to Exchange 2016 - Server Fault
Read you!
hRy
Oct 05 2021 09:41 AM
Hello @hbilke,
That is a good question. I haven't tried this approach.
Exchange Online requires a valid sender address from your tenant. The allowed sender for the used email address is either the mailbox user itself or a user that has send-as permission for the sender address.
Exchange Online allows only for EXO licensed users as send-as or send-on-behalf users. Therefore, I assume that the answer to your question is no.
-Thomas