Many small businesses have printers that will scan to e-mail, phone systems that will send e-mail status updates, and really a number of other e-mail enabled devices. When converting to a cloud based e-mail system, like Office 365, sometimes these devices cannot be configured to send e-mail over encrypted links to the cloud. Office 365 required an SMTP connection that supports TLS encryption and many legacy devices or applications don’t support this.
The solution is to install an onsite SMTP relay that supports an encrypted connection. Fortuneately, Windows Server supports an SMTP relay for Office 365.
Determine Office 365 SMTP Server Settings
Before you can configure the relay, you must know the exact mail server addresses to use in Office 365. To determine those, follow these steps:
- Login in to the Microsoft Online Services Portal.
- Click on Outlook
- Click Options (upper right corner)
- Click on About
- There will be a section titled External SMTP setting that looks like:
The important information is:
- Server name: pod51010.outlook.com (your’s may be different)
- Port: 587
- Encryption method: TLS
You will use this information when configuring the SMTP Relay below.
Install and Configure Windows Server 2008 SMTP Relay
Now it’s time to install and configure the SMTP relay component inside of Windows Server 2008. The instructions below assume you already have a working serrver and we’re simply adding this role to it.
The steps for configuring a Windows Server 2008 SMTP relay for Office 365 are:
- Add the SMTP Server feature. (Start->Administrative Tools->Server Manager->Features->Add Features->SMTP Server). In some versions of Windows Server the SMTP Server function is included with the Web Server (IIS) role. For that case, make sure to include the IIS Management Console and IIS 6 Management Console features.
- If this server doesn’t have a certificate already installed, you will need to install one. Office 365 requires TLS encryption and for this server to use TLS, it must have a certificate installed. In order to do this the Web Server (IIS) role and IIS Management Console must be installed. To create the self-signed certificate: (Start->Administrative Tools->Internet Information Services (IIS) Manager->Select Host->Server Certificates->Create Self-Signed Certificate)
- Enable SMTP Server. (Server Manager->Features-> Enable SMTP Server)
- Now it’s time to actually configure the SMTP Relay for Office 365. Start->Administrative Tools->Internet Information Services (IIS) 6.0 Manager.
- Click on the ‘+’ next to your host name.
- Right-click on the [SMTP Virtual Server…] and select Properties. It’s now time to step through each of the tabs to configure the SMTP relay.
- General Tab: The IP address should be set to (All Unassigned).<
- Access Tab: Click Authentication… and select the Anonymous access check box.
- Access Tab: Click Connection… Select ‘All Except the list below’ and leave the list below blank. This allows any device inside your firewall to access this relay.
- Access Tab: Click Relay… Select ‘All Except the list below’ and leave the list below blank. This allows any device inside your firewall to access this relay.
- Messages Tab: No changes. The default works well.
- Delivery Tab: Click Outbound Security… Select Basic authentication and enter the username and password that is used to send e-mail to the external server (Office 365 in this case). The user name must be a fully qualified (ex: email@example.com) valid Office 365 user licensed for Exchange. Check TLS encryption.
- Delivery Tab: Click Outbound connections… Set the TCP port to 587.
- Delivery Tab: Click Advanced Delivery and set the Fully-qualified domain name box to the name of the local server that is acting as the relay (ex: myserver1). Set the Smart host the full-qualified name of the Office 365 SMTP Server (ex. pod51010.outlook.com) that you determined if the first section. Make sure the “Attempt direct…” box is unchecked.
- LDAP Routing and Security Tabs: No changes to these areas.
- Now there has to be a remote domain setup with the Office 365 domain name in it. Click the ‘+’ next to the [SMTP Virtual Server…] item
- Right-click on Domains and select New-Domain which will launch a Wizard.
- Select Remote and Next.
- Enter the name of the Office 365 vanity domain (ex: mycompany.com)
- Now this remote domain will be setup very similarly to the overall SMTP server. Right-click on the new domain name and select Properties.
- Select Forward all mail to smart host and enter the same Office 365 SMTP Server as above (ex. Pod51010.outlook.com)
- Click on Outbound Security and configure the same as above. Select Basic authentication and enter the username and password that is used to send e-mail to the external server (Office 365 in this case). The user name must be a fully qualified (ex: firstname.lastname@example.org) valid Office 365 user licensed for Exchange. Check TLS encryption.
You’re done configuring the SMTP Relay within Windows Server 2008 to work with Office 365.
Configure device or application to use the new SMTP Relay.
It is very important to properly configure the device / application to use the new Office 365 SMTP Relay. Generally, they should be setup for anonymous access with no username / password. Simply use the name of the local server as the SMTP gateway name.
Applications and devices ask for various settings and aren’t always consistent. To explain this, it’s easiest to give a specific example. One ConfigureOffice365 customer uses BackupExec as their backup solution for their servers. That backup software can send status updates via e-mail (a very common small business scenario).
The following screenshot configures BackupAssist to work with the Office 365 SMTP relay configured above. The configuration information used is:
- The name of the server with the SMTP Relay installed is: WS2008
- Domain name for the network: mydomain.lan
- Fully qualified server name is then: WS2008.mydomain.lan
- E-mail account to send-emails from: email@example.com. Note that this must be the same username used in step 12 above when configuring the SMTP Relay Outbound Security.
- Connection type: Plan SMTP – The SMTP relay above is setup inside the company’s network, so the security assumes anyone with access to the relay can send e-mail through the gateway. Therefore, the connection requires no authentication (username or password). BackupAssist calls this Plain SMTP.
Below is a screen shot of it’s configuration screen:
There is huge variety of options for configuring application, printer, scanner, and other device’s e-mail reporting options. Here is another example which is confguring a Dell MFP Laser 3115cn printer / scanner to send e-mail. The configuration uses the same configuration information as the BackupAssist example above:
Notice the Primary SMTP Gateway is our server name (WS2008 in this example). It’s also critical that the reply address be the same address used when configuring the gateway. For the E-Mail Send Authentication field you’ll just have to trust that *Invalid wasn’t the first option tried, however, it’s the only option that worked. For a little context the following screenshot shows the other options available, but didn’t work for this application.
you a flavor for your device or application configuration screens. They do a vary a great deal, but there is nothing like a clear, complete, proven example to help out!
If you have a question about a specific application or device, feel free to use the feedback button to send us a direct e-mail (include your e-mail address in the body, as we don’t want to require them to give feedback). It will likely turn into an exchange that asks for a screen shot of the configuration screen.
As usual, feedback is always appreciated.