cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

OnPrem SMTP sending to Office 365 Encrypted

David Kamp
Brass Contributor

‎Apr 20 2018 11:52 AM

‎Apr 20 2018 11:52 AM

OnPrem SMTP sending to Office 365 Encrypted

I have Internal servers relaying on a "on premise SMTP server" this smtp server has an Office 365 Exchange Connector configured a:

From: Your organization's email server

To: Office 365

Identity: from our Public IP that the smtp server sends from.

All works Great.

Now I have been asked if we can have the message encrypted or use TLS between the smtp server and Office 365.

Can that be done? without encrypting from every account that is being relayed.

if so how?

Thank you

David

Labels:
3,658 Views
0 Likes
5 Replies
Reply
5 Replies
Vasil Michev

‎Apr 20 2018 12:55 PM

‎Apr 20 2018 12:55 PM

Re: OnPrem SMTP sending to Office 365 Encrypted

Set the connector to require TLS as detailed for example here: https://technet.microsoft.com/en-us/library/dn751021(v=exchg.150).aspx

0 Likes
Reply
Nuno Silva

‎Apr 20 2018 03:39 PM

‎Apr 20 2018 03:39 PM

Re: OnPrem SMTP sending to Office 365 Encrypted

Hi David,
By default when you run Hybrid Configuration Wizard it will configure the TLS base on you certificate by default.
0 Likes
Reply
David Kamp

‎Apr 23 2018 04:16 AM

‎Apr 23 2018 04:16 AM

Re: OnPrem SMTP sending to Office 365 Encrypted

When I edit my Connector, On the question of: How should Office 365 identify from your Mail server? I am selecting my IP Address and then do not have an Option for TLS and the summary does not indicate TLS.
0 Likes
Reply
best response confirmed by VI_Migration (Silver Contributor)
Vasil Michev

‎Apr 23 2018 10:22 AM

‎Apr 23 2018 10:22 AM

Solution

Re: OnPrem SMTP sending to Office 365 Encrypted

It's generally assumed that when you configure TLS, you would use a certificate associated with specific domain, so that the service can verify the sender. If you use the IP option, you should still be able to toggle the TLS requirement via PowerShell:

 

Get-InboundConnector Hybrid-In | Set-InboundConnector -RequireTls $true

0 Likes
Reply
David Kamp

‎Apr 24 2018 05:07 AM

‎Apr 24 2018 05:07 AM

Re: OnPrem SMTP sending to Office 365 Encrypted

I ran the command to force TLS, Now Powershell shows "RequireTls: True

This is the result log file on my smtp server does it look to be secure?

*****

2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 220+CO1NAM03FT006.mail.protection.outlook.com+Microsoft+ESMTP+MAIL+Service+ready+at+Tue,+24+Apr+2018+12:01:14++0000 94 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand EHLO smtp.XYZ.org 94 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 250-CO1NAM03FT006.mail.protection.outlook.com+Hello+[XX.XXX.XXX.XXX] 157 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand STARTTLS - 157 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 220+2.0.0+SMTP+server+ready 219 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand EHLO smtp.XYZ.org 360 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 250-CO1NAM03FT006.mail.protection.outlook.com+Hello+[XX.XXX.XXX.XXX] 407 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand MAIL FROM:<imagenow@XYZ.org>+SIZE=1110 407 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 250+2.1.0+Sender+OK 516 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand RCPT TO:<JoeBob@XYZ.com> 516 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 250+2.1.5+Recipient+OK 610 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand BDAT 1110+LAST 610 SMTP -

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by VI_Migration (Silver Contributor)
Vasil Michev

‎Apr 23 2018 10:22 AM

‎Apr 23 2018 10:22 AM

Solution

Re: OnPrem SMTP sending to Office 365 Encrypted

It's generally assumed that when you configure TLS, you would use a certificate associated with specific domain, so that the service can verify the sender. If you use the IP option, you should still be able to toggle the TLS requirement via PowerShell:

 

Get-InboundConnector Hybrid-In | Set-InboundConnector -RequireTls $true

View solution in original post

0 Likes
Reply