SOLVED

External client SMTP Relay with group alias in From address field -- fails to send

Copper Contributor

Here is the situation:

 

1. Using an inventory system that handles our packing and shipping lists

     a. System emails copies of shipment records to clients using SMTP relay

             i. System is set to use TLS on port 587 with server "smtp.office365.com"

     b. SMTP relay is successful when using my personal account as the username and password along

         with my name and my email address in the From Name and From Address fields

     c. SMTP relay fails when I change the From Name and From Address fields to our shared group

         name "Shipping" and address "shipping@xxx.com" with error "535 5.7.3 Authentication

         unsuccessful"

2. Our Outlook365 group is set up so that all members receive external mail to shipping@xxx.com and

     all members have the rights to send an email anywhere externally as shipping@xxx.com from within

     Outlook365.  The problem happens when using an external client that is not Outlook.

3. The exact status message I get after changing the From Name to "Shipping" and the From Address to "Shipping@xxx.com" is this:

     Sending the email to the following server failed:

     smtp.outlook.com:587

     535 5.7.3 Authentication unsuccessful

     [SN4PR0501CA0149.namprd05.prod.outlook.com]

 

I'm doing this on behalf of our IT admin -- I am the inventory system admin and the IT admin has exhausted everything he can to adjust Outlook 365 settings.  I've made many searches worded different ways and found similar but differing problems.  This one seems unique. 

 

Is there a solution for this?

5 Replies
best response confirmed by TheCoreSquirrel (Copper Contributor)
Solution

Hi @TheCoreSquirrel,

 

Based on your scenario the best option is to implement "Option 3" on the following article https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-dev...

 

For best security, please implement on your firewall that only your inventory system can contact Office 365 in port 25 or required servers. 

 

Best regards,

Nuno Árias Silva

@Nuno Silva 

 

Thanks very much, I will pass this along to our IT Admin and reply with the results; this sounds right to me though, so I hope it'll work.

I have also had success applying a password to the account associated with the O365, security group, and shared mailboxes in these types of scenarios. This allows the account to authenticate to do the SMTP .

I provided the information to our IT admin and between the two of us we were able to determine the best option for our org. 

 

We decided on using the option 3 in the technical article link above for using a connector to the Outlook SMTP relay.  The article states it is a more complicated option but it turned out to be pretty easy to implement.  As long as you can work with SPF and MX record settings it's really no big deal.

 

Tested it and works like a charm so long as its from our domain.  Thanks for the solution!

Hi @TheCoreSquirrel,

 

I'm glad that the option 3 has worked to this scenario.

 

Best regards,

 

Nuno Árias Silva

My blog about Microsot Technologies: http://www.nuno-silva.net/Blog

Office 365 Essentials Book - https://www.nuno-silva.net/book-office-365-essentials

1 best response

Accepted Solutions
best response confirmed by TheCoreSquirrel (Copper Contributor)
Solution

Hi @TheCoreSquirrel,

 

Based on your scenario the best option is to implement "Option 3" on the following article https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-dev...

 

For best security, please implement on your firewall that only your inventory system can contact Office 365 in port 25 or required servers. 

 

Best regards,

Nuno Árias Silva

View solution in original post