cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SMTP Relay configuration in full hybrid environment

Mike_Heidrick
Copper Contributor

‎Oct 05 2022 01:56 PM

‎Oct 05 2022 01:56 PM

SMTP Relay configuration in full hybrid environment

Hello, I have a question regarding the configuration of the SMTP Relay in Full Hybrid environment. My infrastructure is full hybrid with a 2016 exchange server on premise. We also utilize a Barrauda Cloud gateway so all incoming mail flows to the Barracuda, then to the on-prem 2016 Exchange server and then from the 2016 Exchange to Exchange online.
Most of my mailboxes (and soon to be all) have been migrated to Exchange online. SMTP relay is currently being provided on the on-prem server for internal and external email, but we want to minimize the footprint of the on-prem server to a management platform only for security conserns and use M365 smtp relay.
Currently my public dns record for autodiscovery points to the exchange onprem server (Alias CNAME is exchange.domainname). MX records must point to the Barracuda network.
When trying to folllow setup for M365 SMTP relay the M365 admin center is questioning my MX and CNAME records beacuse they are not what it expects.
I don't use public folders. Is smtp relay to the online Exchange server possible in my environment? How do I configure this?

Labels:
8,344 Views
1 Like
5 Replies
Reply
5 Replies
Andres Gorzelany

‎Oct 05 2022 02:24 PM

‎Oct 05 2022 02:24 PM

Re: SMTP Relay configuration in full hybrid environment

Hello

Where exactly are you receiving this complaint? while creating the connector?

Confirm please you are using Option 3 here https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-de...
1 Like
Reply
Mike_Heidrick

‎Oct 06 2022 01:08 PM

‎Oct 06 2022 01:08 PM

Re: SMTP Relay configuration in full hybrid environment

Yes when creating/viewing the connector in the Admin Center it is complaining about the DNS record. It always expects to see yourdomain-com.mail.protection.outlook.com but our MX records contain the smarthost data instead. I expect M365 has no way to detect a defense gateway in front of thier services. Our autodiscover record is also not what is expected it is looking for autodiscover.outlook.com and we are still pointed at our domain.
0 Likes
Reply
Andres Gorzelany

‎Oct 06 2022 01:24 PM

‎Oct 06 2022 01:24 PM

Re: SMTP Relay configuration in full hybrid environment

Can you describe what options did you choose to create the connector? or add a screenshot, hiding any private info.
0 Likes
Reply
Mike_Heidrick

‎Oct 07 2022 04:58 AM

‎Oct 07 2022 04:58 AM

Re: SMTP Relay configuration in full hybrid environment

Current testing has been primary using the existing hybrid connectors for sending from on-prem to Exchange online. That connector is certificate based. I have created a new connector that uses the IP option where our external IP('s) for our firewall are listed. I will test this way and see how I get along my understanding is the IP method would be better for eliminating the possiblity for scanned email to be flagged as spam. The question still remains what do I list for the server address if I am setting up a copier for a scan to email function? I assume yourdomain-com.mail.protection.outlook.com is still appropiate though it does not match the MX record. What rules should be created to make sure the scanning device uses the desired connector?
0 Likes
Reply
Andres Gorzelany

‎Oct 07 2022 07:54 AM

‎Oct 07 2022 07:54 AM

Re: SMTP Relay configuration in full hybrid environment

You should be able to set yourdomain-com.mail.protection.outlook.com in your device as destination to send your email.
Is the device using a static IP Address? did you update your SPF record to add it?
0 Likes
Reply