cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

SMTP relay through Office 365 from on-prem to internet

Jason Hopp
Brass Contributor

‎Jun 23 2017 08:44 AM - edited ‎Jun 23 2017 08:46 AM

‎Jun 23 2017 08:44 AM - edited ‎Jun 23 2017 08:46 AM

SMTP relay through Office 365 from on-prem to internet

Hello,

I am trying to figure out a way to send SMTP traffic to internal and external addresses from multiple programs on premise without having to setup a few hundred accounts in 365. I have several programs that send mail to internal and external addresses.

Right now we have Netscaler ACLs which regulate what can send SMTP mail. It goes to our on-prem Exchange server (currently 2013 CU12), then out the firewall devices to the internet. All internal traffic is send through the hybrid server to 365 and delivered. We have no mailboxes on prem, all are in 365.

What I want to do is send all email traffic through the hybrid to 365 and then to our mailboxes or out to the internet. All information I have found on the internet, through Technet, or the Fasttrack team we are engaged with have pointed to setting up an authentication account and running them through this account. There are some problems with this:
1) - Many of our FROM addresses need to remain as they go to our external clients (ie Invoicing, Reporting, etc.). When we run it through the authentication account, the FROM address is now whatever the authentication account is.
2) - In order to setup each account with its own authentication (so the FROM addresses stay the same), it requires a license, and this would not be feasable from a business standpoint to have almost as many licenses for FROM addresses as we have actual users.

Is there a way to keep our internal setup of anonymous SMTP access to the Netscaler, point the Netscaler to the on-prem Exchange server, then the Exchange server authenticates based on cert, and 365 sends out the email keeping the original header information (FROM and To address) as it sends to the external address?

I hope I explained it well enough. Thanks for any responses.
Jason H

Labels:
25.8K Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Jason Hopp (Brass Contributor)
Guy Yardeni

‎Jun 25 2017 01:28 PM

‎Jun 25 2017 01:28 PM

Solution

Re: SMTP relay through Office 365 from on-prem to internet

Your current setup sounds like it should work just fine based on my experience. 

 

There are three ways to relay mail through O365 - 1. directly using an authenticated account, 2. directly using an allowed IP address, 3. indirectly using the hybrid server. If you're planning to continue to use option 3 you shouldn't need an authentication account.

 

Are you running into issues with your current configuration?

1 Like
Reply
Jason Hopp

‎Jun 26 2017 06:39 AM

‎Jun 26 2017 06:39 AM

Re: SMTP relay through Office 365 from on-prem to internet

Thanks for the reply.

 

Either I have something wrong with my config or I am missing one small detail.  Here is the config:

 

1. I have run the HCW (without the Centralized mail transport option)

2. Right now I have two send connectors on prem - One that point tenant.mail.onmicrosoft.com to 365 and another that point * through out firewall on prem.

 

I have tried to change the one pointing to * to smart host - our MX record (which points to 365) or the option of 'MX records of the recipient domain'.  Neither one works for me, on my device I still get authentication needed.

 

Not sure how the connectors need to be config'd in order to point to 365 through the Hybrid.

 

Thanks,

Jason H

0 Likes
Reply
Guy Yardeni

‎Jun 26 2017 01:35 PM

‎Jun 26 2017 01:35 PM

Re: SMTP relay through Office 365 from on-prem to internet

To avoid any outages, I would create a new connector. Eventually you'll want to use a '*" address space but you can test with a specific domain for now. You should use a smarthost address for EOP (e.g. contoso-com.mail.protection.outlook.com). 

 

You would also need a receive connector that authenticates the on-prem server using either an IP address (typical and likely the same configuration as your existing receive connector) or a certificate.

 

There is additional detail provided in part 2 of this article: https://technet.microsoft.com/en-us/library/dn751020(v=exchg.150).aspx#Part2configmail

 

Guy 

1 Like
Reply
Jason Hopp

‎Jun 27 2017 07:22 AM

‎Jun 27 2017 07:22 AM

Re: SMTP relay through Office 365 from on-prem to internet

Thanks for everyone help.  The problem was I kept trying to test one mail server while keeping the other connectors live.  Disabled all connectors, point all traffice (*) to our MX record, and SMTP is working.

 

Thanks again,

Jason H

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Jason Hopp (Brass Contributor)
Guy Yardeni

‎Jun 25 2017 01:28 PM

‎Jun 25 2017 01:28 PM

Solution

Re: SMTP relay through Office 365 from on-prem to internet

Your current setup sounds like it should work just fine based on my experience. 

 

There are three ways to relay mail through O365 - 1. directly using an authenticated account, 2. directly using an allowed IP address, 3. indirectly using the hybrid server. If you're planning to continue to use option 3 you shouldn't need an authentication account.

 

Are you running into issues with your current configuration?

View solution in original post

1 Like
Reply