Apr 27 2024 11:28 PM
Hi all,
I have recently moved from M365 Personal to Business. I also use Acronis True Image which needs the following SMTP settings to send notifications by email:
Server settings:
Outgoing mail server (SMTP) name
Port
Encryption
SMTP authorisation:
Username and password
Optional - Log on to incoming mail server:
POP3 server and Port
I have found various (conflicting) settings on the web (including adding Authenticated SMTP in the M365 Mail settings for the user) but none work.
Can anyone help?
Apr 27 2024 11:34 PM
Apr 28 2024 01:51 AM
SolutionApr 28 2024 09:49 AM
Apr 28 2024 11:34 PM - edited Apr 29 2024 12:16 AM
Apr 28 2024 11:34 PM - edited Apr 29 2024 12:16 AM
I work mainly with M365 Enterprise but hopefully at least some of the following is also applicable to M365 Business.
If you are sending only to email addresses in your domain and if your Internet service provider (ISP) does not block outgoing port 25 (most business-class ISPs allow it by default or upon request), then you should be able to use the same SMTP server that's configured in your MX record. You would use port 25 and no authentication. It would be like any other email server on the Internet except for the following accomodations:
If you plan on configuring other apps or devices in the future to send emails to yourself, you may want to set up a local SMTP relay to relay emails to M365. Allow it to send emails to the Internet/M365 but otherwise make sure to not allow any incoming connections to it from the Internet; you do not want to accidentally set up a public open relay. Low volume SMTP relaying is very light on resources so the server can be set up using an old computer or in a virtual machine. You can use Windows Server and IIS's SMTP server or, if licensing costs are an issue, use Linux with an open source email server.
Apr 30 2024 04:57 AM
May 03 2024 05:15 AM
May 04 2024 05:00 PM
@Mike_Stanley_MASCS It says that because it can’t verify SPF, DKIM, and/or DMARC. If the From address uses your domain name and you have an SPF record configured in DNS for your domain, you can add the external sending IP address(es) to your SPF record. Just keep in mind that you will need to update your SPF record if the IP address ever changes.
If you don’t have an SPF record or can’t update it, you may be able to update the spoofing configuration in Microsoft 365, but I haven’t had to do that myself in some time so am not sure what steps are involved. You can also try adding the From address to your Safe Senders list in Outlook but, if I recall correctly, it probably won’t help.
May 05 2024 01:48 AM
May 15 2024 05:09 PM - edited May 15 2024 05:33 PM
May 15 2024 05:09 PM - edited May 15 2024 05:33 PM
I would try either updating your SPF record or updating Microsoft 365 first. If updating just one of them doesn't work, then update the other as well. Keep in mind that DNS and Microsoft 365 changes may take up to 24 hours to take effect, although typically a couple hours is enough.
In my first paragraph, I'm referring to the SPF record that should be set in DNS for your domain. Usually, the DNS name servers for a domain are set by your domain registrar (e.g., GoDaddy) to their DNS servers. The SPF record is a TXT apex record. (An apex record is at the root of your domain. DNS editing interfaces usually use @ for the hostname to denote apex records.) If Microsoft 365 is your only email provider, the SPF record is normally set to "v=spf1 include:spf.protection.outlook.com -all". Assuming your sending IP address is an IPv4 address, you would add ip4:x.x.x.x to your SPF record somewhere between the v=spf1 and the all. For example, if your IP address is 198.51.100.65, you could update your SPF record to "v=spf1 include:spf.protection.outlook.com ip4:198.51.100.65 -all". If you have a range of IPv4 addresses that the email can come from, you would enter the range in (classless) CIDR notation. For example, if the address range is 198.51.100.65 to 198.51.100.70 with a subnet mask of 255.255.255.248, that would have 29 mask bits and the SPF record could be updated to "v=spf1 include:spf.protection.outlook.com ip4:198.51.100.64/29 -all". Keep the range as small as possible. Using the same example, if the email can only come from 198.51.100.65 or 198.51.100.66 (e.g., the machines running Acronis True Image use only those two external IPs for NAT and the other IP addresses assigned to you are unused or used for other purposes), you could set your SPF record to "v=spf1 include:spf.protection.outlook.com ip4:198.51.100.64/30 -all". If the emails come from more than one IP address and they are not in the same subnet, enter them separately. Example: "v=spf1 include:spf.protection.outlook.com ip4:198.51.100.65 ip4:203.0.113.36 -all".
A few pointers for updating your SPF record:
As for allowing the email address in Microsoft 365, you can leave the email address in the Anti-spam inbound policy but, as of September 2022, emails from senders in the allow list that are from your domain must pass email authentication checks (SPF, DKIM, and/or DMARC). Updating your SPF record may be enough but, if it's not, or if you don't want to update your SPF record, add the email address and IP address to the Tenant Allow/Block Lists page. On that page, go to the Spoofed senders tab and add a new entry as follows:
Remember to update SPF and/or the Tenant Allow/Block Lists page if your sending IP address(es) ever change or the emails stop being sent (e.g., you switch to a different backup product).
May 16 2024 05:39 AM
Apr 28 2024 01:51 AM
Solution