Skip to Content

Office 365 SMTP Work Around

Overview

Microsoft recently made a change to SMTP Authentication that has been blocking sending emails in TDO. Working with one of our partner IT firms, they were able to identify a process to work around this change. Following the steps listed under this Microsoft Article (Option 3), they were able to get things working again. Below is a summary of those steps:

Detailed Instructions

  1. Make sure each TDO office has a static public IP address. You will need to get the public IP address for the MX Connector and the SPF record. 
  2. Access the Microsoft 365 admin center
  3. Under domains, find the MX record and note the endpoints
  4. go to Exchange Admin Center > Mail Flow > Connectors. Select old or new connectors and link the endpoint to the office's static IP address
  5. add an SPF record to the domain that looks like < v=spf1 ip4:10.5.3.2 include:spf.protection.outlook.com ~all  >. you will need to add an ip4: ip address for each office that will be sending out emails with the relay. 
  6. Then configure the new relay in TDO email settings.
    Device or application setting Value
    Server/smart host Your MX endpoint, for example, yourdomain-com.mail.protection.outlook.com
    Port Port 25
    TLS/StartTLS Enabled
    Email address Any email address in one of your Microsoft 365 or Office 365 verified domains. This email address does not need a mailbox.

NOTE: Since Port 25 is associated with less secure traffic, some Internet Service Providers may automatically block incoming or outgoing "traffic". If your IT cannot get "MX relay" to work, we recommend having your IT manually open Port 25.

Reference

This is just a summary of the full steps shown in https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365#option-3-configure-a-connector-to-send-mail-using-microsoft-365-or-office-365-smtp-relay. For a full steps of how to setup your email, please consult that link or call Microsoft support. 

NOTE: For Windows 7 clients that are connected to Office 365, additional steps may be needed in order for emails to work correctly in TDO. For more information, please consult this article from Microsoft, found HERE.

"For Windows 7 clients that connect to Office 365, make sure that TLS 1.2 is the default secure protocol in WinHTTP in Windows. For more information see KB 3140245 - Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows"