This article explains how you can send email from devices and business applications when all of your mailboxes are in Office 365, such as a scanner, and you want to email scanned documents to yourself or someone else.
Authenticate your device or application directly with an Office 365 mailbox, and send mail using SMTP client submission:
than one method is available to set up SMTP with Office 365, this option supports most usage scenarios and it’s the easiest to set up. Choose this option when:
- You want to send email from a third-party hosted application, service, or device(such as a Printer/Scanner)
- You want to send email to people inside and outside your organization.
To configure your device or application, connect directly to Office 365 using the SMTP client submission endpoint smtp.office365.com.
Each device/application must be able to authenticate with Office 365. The email address of the account that’s used to authenticate with Office 365 will appear as the sender of messages from the device/application.
Enter the following settings directly on your device or in the application as their guide instructs (it might use different terminology than this article). As long as your scenario meets the requirements for SMTP client submission, the following settings will enable you to send email from your device or application.
Option 2 Configure a connector to send mail using Office 365 SMTP relay:
This option is more difficult to implement than the others. Only choose this option when:
- SMTP client submission (Option 1) is not compatible with your business needs or with your device
SMTP relay lets Office 365 relay emails on your behalf by using a connector that’s configured with your public IP address or TLS a certificate. Setting up a connector makes this a more complicated option.
Settings for Office 365 SMTP relay:
If you already have a connector that’s configured to deliver messages from your on-premises organization to Office 365 (for example, a hybrid environment), you probably don’t need to create a dedicated connector for Office 365 SMTP relay. If you need to create a connector, use the following settings to support this scenario:
We recommend adding an SPF record to avoid having messages flagged as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar’s DNS settings as follows:
Step-by-step configuration instructions for SMTP relay:
- Obtain the public (static) IP address that the device or application with send from. A dynamic IP address isn’t supported or allowed. You can share your static IP address with other devices and users, but don’t share the IP address with anyone outside of your company. Make a note of this IP address for later.
- Sign in to Office 365.
- Select Domains. Make sure your domain, such as contoso.com, is selected. Click Manage DNS and find the MX record. The MX record will have a POINTS TO ADDRESS value that looks similar to cohowineinc-com.mail.protection.outlook.com as depicted in the following screenshot. Make a note of the MX record POINTS TO ADDRESS value. You’ll need this later.
- Check that the domains that the application or device will send to have been verified. If the domain is not verified, emails could be lost, and you won’t be able to track them with the Exchange Online message trace tool.
- In Office 365, click Admin, and then click Exchange to go to the Exchange admin center.
- In the Exchange admin center, go to Mail flow Connectors.
- Check the list of connectors set up for your organization. If there is no connector listed from your organization’s email server to Office 365, create one:
- To start the wizard, click the plus symbol On the first screen, choose the options that are depicted in the following screenshot:
- Click Next, and give the connector a name.
- On the next screen, choose the option By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization, and add the IP address from step 1.
- Leave all the other fields with their default values, and select Save.
Easy Mail Delivery with a SMTP Smart Host
On my server I run the typical assortment of applications that is on any true developers servers. I have PHP for my blog, ASP.NET MVC for my side projects, and a couple scheduled tasks that include backups and other things. All of these applications and tasks have different places to configure their default SMTP relay, and it was really getting out of hand, but I had gotten use to changing them all when the need arose, and usually I just defaulted them to the IIS localhost, because it was easy.
I knew the downfalls of using the default localhost and the potential mail delivery problems if I didn’t properly set the DomainKey, DKIM, SPF, SenderID, Reverse PTR, and blah blah blah. But it wasn’t really worth the hassle for me to properly set all this, because I can count the number of emails sent from my server on one hand each day. And a 4 out of 5 times they were administrative emails sent to my Gmail account. But given all that it is still no excuse for poor email hygiene.
Recently I learned about an unknown “feature”, at least to me, called Smart host in the settings of the IIS localhost SMTP server. Which seems like it would solve all my problems, with very little effort, when I combined it with a Cloud Based High Deliverability SMTP Relay. This combination of the Cloud and a Smart Host would provide me the following:
- Keep all my applications pointing at the localhost SMTP built in to IIS
- Provide a higher deliverability
- Properly sign my emails with DKIM and SPF
- And setup a Reverse PTR for higher delivery to services that require it.
- And give me the wonderful benefit of analytics for my emails sent each day, analytics is like candy to developers, at least for me. Nothing better than a graph in my opinion
First things first you need to sign up for an SMTP Relay, I choose the Free SMTP Relay provided by SocketLabs Email On-Demand which is a High Deliverability Cloud-Based SMTP Relay to get the job done. Signup was easy, and they had my Cloud SMTP server verified and provisioned in less than 24 hours.
Next make sure SMTP is installed on your local Windows box. I am not going to go through this part because it varies greatly between Windows 2003 and Windows 2008 R2. But if you really need help try this site.
Now lets setup the Smart host using our SMTP Relay provided by SocketLabs. To set up a Smart host:
- In IIS Manager, right-click the SMTP virtual server, and then click Properties.
- Click the Delivery tab, and click Advanced.
- In the Smart host box, type the name of the Smart host server. In this case it is “smtp1000.socketlabs-od.com” You can type a string to represent a name or enter an IP address.
- Click OK and then click Outbound Security on the Delivery tab. And enter in your authentication credentials sent to you by SocketLabs.
Using Your Smart Host
As I indicated before, this was an easy transition, because I didn’t have to change anything in my applications or tasks. They still all point to localhost, but now instead of localhost trying to deliver the mail, it just relays the SMTP request to my Free SocketLabs account.
For the geeks like me who like a little verification that all this is working as it should be, here is the email header from a comment email I received from this blog:
DKIM-Signature: v=1; a=rsa-sha1; d=socketlabs-od.com;[email protected];s=key2443; c=relaxed/relaxed; q=dns/txt; t=1285951803; x=1288543803; h=subject:to:date:from:message-ID:mime-version:content-transfer-encoding:content-type; bh=NGN3BWusyQrG7TOAXx0uG/BBoM=; b=sI9CfJrL7qM32wEtzfjxPIkZqsxeTRp7FLRZ1n5lLd1rVgDJzMlNyVhrE8BikBih7lxrKjm3HHZOFLVzQNeVmay4KuUyge/xv1wLxTnTmDUA5jbqt5Mh9vStc4cd4x6zz3zEJTqqLbzgtFN9C6LKiSUBpb3g4m/tqwk62OlBU94= Received: from server ([18.104.22.168]) by mxsp2.email-od.com with ESMTP; Fri, 1 Oct 2010 12:50:02.0400 Received: from server ([127.0.0.1]) by server with Microsoft SMTPSVC(7.5.7600.16385); Fri, 1 Oct 2010 09:49:00.0700 Subject: [Nick Berardi’s Coder Journal] Please moderate: You’re Invited To Code Camp 2010.2 To: [email protected] Date: Fri, 1 Oct 2010 16:49:00 0000 Return-Path: [email protected] From: WordPress [email protected]
As you can see on line 7 the message was sent to my local host server, and then on line 6 relayed to the SocketLabs Email On-Demand Server.
And here is my favorite part, the emails show up on the graph.
Note: If you have never setup a localhost SMTP server on Windows before. Make sure that you grant “127.0.0.1” or “localhost” the ability to relay mail through the localhost server. Sounds odd, but this is a necessary step in my experience. To do this click the Access tab, click the Relay button, click the Add button, and then enter the IP address “127.0.0.1” in to the IP Address text box, and click OK. Then just keep clicking OK to exit out of the properties screen.
Update (2010-10-25): If you find that your SMTP Relay is being blocked by your residential service provider or GoDaddy please read my updated post on how you can get around this using alternative outbound ports in the Smart host.
In charge of Cloud Drive Desktop at @Amazon, Entrepreneur, Microsoft MVP, ASPInsider, co-founder and CTO of @CaddioApp, Father, and @SeriouslyOpen host
Configure The Mail server send connector to use the Proofpoint Essentials Smart host.
Accounts are assigned to either the US or EU locations.
You can see in the portal URL which area your account is in, for example, US1/US2/US3/US4/US5.proofpointessentials.com (US) or EU.proofpoint essentials.com (EU)
The relay destination you must use for setting up customers depends on your location. If you are not already aware of which Smart host address is assigned to your account, please get in touch with either support or your account manager.
- The relay/Smart host destination where all mail should go is one of the following two options:
- outbound-us1.ppe-hosted.com (All US users use this hostname)
- outbound-eu1.ppe-hosted.com (EU users use this one)
- You can test connectivity to Proofpoint Essentials by typing and executing the following from a command prompt on the email server of the organization: telnet [Smarthost Address] 25
- You should see a message saying Welcome to Proofpoint Essentials ESMTP Server, amongst other things. (enter quit to close the connection.) If you do not see this message, examine the outbound settings on the firewall between the server and the internet.
Enable inbound mail relay.
Proofpoint Essentials requires the inbound mail relay to be enabled before the outbound mail flow can work.
From the sidebar, navigate to Administration Account Management Domains
If the Mail Relay is not set as Active, please go through the domain verification steps and then enable the relay.
Add The correct sending server IP address to the list of Outbound servers
Proofpoint Essentials MTAs are updated every 30 minutes. Therefore new sending server details may not have been applied. (The Proofpoint Essentials system uses this as a dual form of relay authorization, with the other being that the user exists.) To verify the outbound, IP has been registered:
- Log in to the Proofpoint Essentials user interface.
- Type the customer name into the search bar (top header).
- Navigate to Administration Account Management Domains.
- Under Sending Servers, click New Sending Server.
- Enter in the IP range (We only take CIDR of /24) or IPv4 and click Save.
Proofpoint Essentials also offers SMTP Authentication in place of configuring mail server IPs from the previous section. Please note this can be used in addition to existing mail servers in the previous section as well.
PTR on sending IP
If the sending IP has no PTR record on it, this needs to be corrected at the DNS level.
- A Sending IP should have a PTR associated so recipients know this IP is being used to send email.
- If your PTR is a generic PTR given by your ISP/host, consider asking your provider to change this, so it looks more personal to the recipient servers.
Outbound Mail Scanning
- Outbound mail requires that a valid email address exist (outside of SMTP Discovery).
- See Relay Access Denied KB.
- A reseller may be able to put a filter in place.
- We highly recommend to use our False Positive reporting process.
How to configure Smart host (mail relay) services to work with CodeTwo software
You use Smart host (mail relay) services (e.g. for security, anti-virus/anti-spam protection) and you would like to configure them to work with CodeTwo Cloud services.
If you use one of the following Smart hosts: Barracuda, Proofpoint, Mimecast, Reflexion and similar solutions, then this article is for you.
If you use Proofpoint, you might be required to complete these additional steps, in addition to the basic configuration steps outlined below.
To ensure correct mail flow in your organization (see examples in Fig. 1.), double-check that after you send a message and it goes through EOP servers, it is routed directly to the CodeTwo Cloud service before it is passed to any other Smart host services. This is essential to ensure proper processing of your messages by our services. If messages are routed to other Smart hosts before they are processed by CodeTwo Email Signatures 365, you might experience the following issues:
- your signatures are missing because messages are never received by our service, or they are received in an encrypted format that we cannot process;
- your messages cannot be delivered due to a routing loop, and you receive non-delivery reports (NDRs) with the following error code: ATTR1;
- signatures are added in a wrong place in messages because the message body is modified by your Smart host(s). As a result, our service is not able to find the correct reply separators;
- your message is corrupted.
Fig. 1. The correct mail flow for Smart hosts and CodeTwo services: (a). when a Smart host delivers emails to recipients; (b). when a Smart host returns emails to Office 365 (EOP) for final delivery.
- Make sure your messages are always routed to the CodeTwo Cloud service first.
- If this is not true, you need to reconfigure your Smart host’s outbound connector so that it’s controlled by a transport rule. After that, you need to ensure correct email routing by modifying the CodeTwo transport rule. Watch the short video below that walks you through these configuration steps and read on for detailed guidelines. Your browser does not support the video tag. Video: How to configure a Smart host’s outbound connector and required transport rules in Exchange Online.
Ensuring that messages are always routed to the CodeTwo Cloud service first
After our services are deployed and fully configured in your Office 365 tenant, an additional Exchange Online outbound connector, controlled by a dedicated transport rule, is created. Such a setup is responsible for routing your mail flow through the CodeTwo services. This approach is recommended by Microsoft and guarantees that our software can intercept all your messages before they are processed by other Smart hosts.
According to Microsoft’s recommendations, if emails are redirected to a connector via a transport rule (such as the CodeTwo Exchange transport rule), then all subsequent redirections to other connectors (e.g. your Smart hosts) should also be triggered by transport rules.
In certain cases, other Smart hosts may still intercept your messages before they reach CodeTwo services. To check if your environment is configured correctly, follow these steps:
- Check if the transport rule (CodeTwo Exchange transport rule) created by our software has the highest priority: open the Exchange admin center, go to Mail flow Rules, and make sure that the rule is at the top of the rules’ list.
- If you are running a hybrid environment, check if your on-premises Exchange server routes any messages to Smart hosts. If the on-premises server is configured to relay your mail through Smart hosts, consider moving this responsibility to your Office 365 tenant. Otherwise, you might not be able to control the mail flow priority correctly.
If your environment meets the above requirements, but you still experience any issues caused by incorrect mail flow, you can analyze the headers of your messages to make sure that your emails are routed to the CodeTwo services first (before they are passed to other Smart host services). To examine message headers, you can use tools such as:
If the analysis of message headers confirms that any of the following cases is true:
- directly after leaving EOP servers, your messages are not relayed to the CodeTwo Email Signatures 365 services,
- your messages reach your Smart host(s) several times (e.g. you are getting duplicated messages),
- your messages are not delivered because of a routing loop,
then you are probably experiencing a routing glitch in Office 365. To solve the problem, you need to reconfigure all outbound connectors created by third-party Smart host services (like the ones from Mimecast, Symantec, etc.) so that these connectors are controlled via transport rules instead of being controlled automatically (autonomously). Then, you need to make a slight modification to the CodeTwo transport rule, to ensure correct message routing.
Reconfiguring a Smart host’s outbound connector
To reconfigure the outbound connector of your Smart host service so that this connector is controlled by an Exchange transport rule, you need to:
Fig. 2. The configuration of connectors in the Exchange admin center.
Fig. 3. The Edit use link.
- If there are any domains listed under Only when email messages are sent to these domains, write them down. You will need to reproduce these settings when you create a new transport rule that will be controlling this connector, as described in the next section.
- Select the first option (Only when I have a transport rule. ), as shown in Fig. 4., and click Next. Complete the wizard without making any other changes and when you reach the last step close it by clicking Save.
Fig. 4. The reconfiguration of a Smart host’s outbound connector.
If you have more outbound connectors for custom services (Smart hosts), you need to repeat the whole procedure (including the creation of the transport rule, as described further) for each connector.
From now on, your connector can be controlled only by transport rules. Therefore, you need to create a new transport rule for each of the reconfigured connectors.
Creating a transport rule to forward messages through a Smart host
To route messages through your Smart host, you need to create a new transport rule. This transport rule will forward messages to your Smart host if they meet the conditions you specify. Additionally, the rule prevents messages from looping. To create a transport rule, you need to:
- In the Exchange admin center, go to Mail flow Rules. Click the Add a rule button (Fig. 5.) and choose Create a new rule from the drop-down menu.
Fig. 5. Adding a new transport rule for the Smart host’s outbound connector.
- A new transport rule creation wizard opens. In the Set rule conditions step, name your rule and configure the following options:
- The conditions need to reflect the configuration of your Smart host’s connector. In the Apply this rule if section:
- Select The sender is external/internal and select Inside the organization. This condition is necessary because all outbound connectors should be active only for emails originating from your organization.
- Click the button to add another condition to make sure the rule is active only for recipients outside of your organization: select The recipient is external/internal and select Outside the organization. This condition is necessary because all outbound connectors should be active only for emails sent outside of your organization.
- If your connector was configured to work only when emails are sent to specific domains (see step 4 in the previous section), you need to reproduce this behavior here, by using the available conditions (such as The recipient address matches any of these text patterns [domain]).
- Select Modify the message properties set a message header. Type any name (e.g. X-AntiLoop-Smarthost) for a header and set the value to true.
- Click the button to add a new action and select Redirect the message to the following connector and select your Smart host’s outbound connector.
Click Next to go to the Review and finish step. The rule’s configuration should look as shown in Fig. 6. or similar. Click Finish to create the rule.
Fig. 6. The correct configuration of the transport rule for a Smart host.
By configuring the transport rule in such a way, your messages will not get looped even if your Smart host returns the message back to EOP. The created transport rule is configured to send a message to your Smart host service only once.
- Once created, the rule is placed at the bottom of the rules list, with the lowest priority, and disabled. Use the Move up button to place it directly below the CodeTwo Exchange transport rule. By default, the CodeTwo rule has priority 0 – in this case, your Smart host rule should have priority 1, as shown in Fig. 7., item 1 (note that you can also edit the rule and change the priority manually). Finally, select your Smart host rule and use the toggle to enable the rule (Fig. 7., item 2).
Fig. 7. Setting the priority of the Smart host transport rule and enabling it.
Modifying the CodeTwo transport rule
Finally, you need to modify the CodeTwo Exchange transport rule. This is the key step to ensure correct message routing. By completing it properly, you can be sure that the CodeTwo service and your Smart host service(s) will work as intended.
- Select the CodeTwo Exchange transport rule on the list of rules (the CodeTwo rule should be above your Smart host’s rule. see Fig. 7.) or click Edit rule settings (Fig. 8.).
Fig. 8. Editing the settings of the CodeTwo Exchange transport rule.
- Enable (select) the Stop processing more rules option, as shown in Fig. 9.
Each email getting a signature is processed by Exchange Online twice:
- For the first time: immediately after being sent. This is when the message should directly reach the CodeTwo Cloud service. Selecting the Stop processing more rules option helps achieve this as it forces the CodeTwo Exchange transport rule to be the only one to be applied, provided it has the top priority (0).
- For the second time: after leaving the CodeTwo service. This is when the message (with added signature) should next go to your Smart host service(s). Because the CodeTwo Exchange transport rule is not executed again, the Stop processing more rules option is not taken into consideration. It means that any other transport rule configured for your tenant will still be executed.
To summarize, using the Stop processing more rules option will NOT block other transport rules you’ve configured in your Exchange admin center. The CodeTwo Exchange transport rule (with the option in question) will be executed only during the first stage mentioned above. Other rules will be executed during the second stage as usual.
Fig. 9. The modification of the CodeTwo Exchange transport rule.
Your mail flow is now configured, and emails will be routed through our Cloud services and your Smart host service before they reach their recipients.
If you experience any mail flow problems when sending emails via SMTP clients (e.g. Mozilla Thunderbird), see this article.
Additional steps for Proofpoint
If you use Proofpoint as your Smart host, you might be required to manually add your unique CodeTwo domain to the list of domains in the Proofpoint management interface, e.g. to be able to properly configure the Azure Active Directory Connect sync (that lets you integrate AAD with Proofpoint). To do it, follow the steps below:
- Sign in to the Proofpoint management interface in your browser.
- Go to Account Management Domains.
- Click the NEW DOMAIN button above the domains’ list.
- In the Add Domain pane that opens, configure the options as follows (see Fig. 10.):
- For the Domain Type option, choose Relay from the drop-down menu.
- In the Domain Name and Primary Delivery Destination fields, paste your unique CodeTwo domain.
The unique CodeTwo domain is added to your Microsoft 365 tenant during the provisioning of CodeTwo Email Signatures 365. It has the following format [your unique ID].smtp.codetwo.online. and can be easily found by using these instructions.
Fig. 10. Adding your unique CodeTwo domain to the Domains list in Proofpoint.
That’s all. adding the domain to the list is all you need to do to make Proofpoint coexist with our software without any issues. No actual verification is needed, so you should not worry about the Verification Pending and Inactive statuses displayed in the Domain Status and Mail Relay columns respectively.
How to Get a Free SMTP Server
Using a good SMTP server can make all the difference between success and failure for your email campaigns. But understandably, your business may not have the budget for a large-scale SMTP server yet.
Here’s how to get a free SMTP server so you don’t have to worry about email marketing while your company is growing.
Use Google’s free SMTP server
Google has a free SMTP server available where you can relay a small number of emails. For organizations that have email blasts with a modest amount of recipients, 100 emails per day can be adequate for their marketing purposes.
You can also use this free SMTP relay server to familiarize yourself with how to set up your emails with one. By doing so, you won’t risk a paid subscription and will know how to set one up adeptly once you upgrade.
Find free trials
Although not a long-term solution, you can use free trials for SMTP servers if necessary. Not only can you take care of your urgent email campaigns, but you can also get a feel for whether or not you like that particular server.
Many SMTP service providers offer free trials lasting a week or two; all you have to do is a quick Google search to find them. The best thing about these free trials is that you’re under no obligation to commit to a subscription after the trial period is up.
You’re going to want to preserve your excellent sending reputation so you can continue to run successful email campaigns. If your domain or IP address gets blacklisted, you won’t be able to do so.
Once your organization has a decent budget, think about using a paid SMTP as a service that not only gives you more emails, but also safeguards against spoofing and phishing. Should either happen to you, it can lower your sender reputation significantly, and in turn, cause your emails to be filtered as spam.
So invest in your company’s future by upgrading to a reputable third-party SMTP relay service provider as soon as your budget can accommodate it.
Join the thousands of organizations that use DuoCircle
Find out how affordable it is for your organization today and be pleasantly surprised.