Skip to Content

Letters - Email - Office 365 - SMTP work around

Estimated Reading Time: 3 Minutes
882  TDO KB February 13, 2024  Setup, Troubleshooting

Overview

Microsoft made changes to SMTP Authentication, specifically disabling OAUTH support,  that has been blocking TDOs ability to send email. TDO is working on OAUTH2 support, but we currently do not have an ETA on when that will be available. There are some configurations other offices were able to implement to work around this, but your specific configuration may need additional settings. We recommend you reach out to MS in regards to how to configure this for your environment.

Below are some potential solutions/workarounds, but TDO is not responsible on supporting/configuring these settings for you and you must work with your IT/Email provider:

One office had to make sure "Disable Modern Authentication" was disabled on the account TDO was using to send out mail:
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online

Working with one of our partner IT firms, they were able to identify a process to work around this by implementing a SMTP relay. Following the steps listed under this Microsoft Article (Option 3), they were able to get things working again. Below is a summary of those steps:

Detailed Instructions

  1. Make sure each TDO office has a static public IP address. You will need to get the public IP address for the MX Connector and the SPF record. 
  2. Access the Microsoft 365 admin center
  3. Under domains, find the MX record and note the endpoints
  4. go to Exchange Admin Center > Mail Flow > Connectors. Select old or new connectors and link the endpoint to the office's static IP address
  5. add an SPF record to the domain that looks like < v=spf1 ip4:10.5.3.2 include:spf.protection.outlook.com ~all  >. you will need to add an ip4: ip address for each office that will be sending out emails with the relay. 
  6. Then configure the new relay in TDO email settings. 

    Note: When using this workaround leave the email password field in TDO blank.

    Device or application setting Value
    Server/smart host Your MX endpoint, for example, yourdomain-com.mail.protection.outlook.com
    Port Port 25
    TLS/StartTLS Enabled
    Email address Any email address in one of your Microsoft 365 or Office 365 verified domains. This email address does not need a mailbox.

NOTE: Since Port 25 is associated with less secure traffic, some Internet Service Providers may automatically block incoming or outgoing "traffic". If your IT cannot get "MX relay" to work, we recommend having your IT manually open Port 25.

Reference

This is just a summary of the full steps shown in https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365#option-3-configure-a-connector-to-send-mail-using-microsoft-365-or-office-365-smtp-relay. For a full steps of how to setup your email, please consult that link or call Microsoft support. 

NOTE: For Windows 7 clients that are connected to Office 365, additional steps may be needed in order for emails to work correctly in TDO. For more information, please consult this article from Microsoft, found HERE.

"For Windows 7 clients that connect to Office 365, make sure that TLS 1.2 is the default secure protocol in WinHTTP in Windows. For more information see KB 3140245 - Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows"

 
Letters - Email - Office 365 - SMTP work around
Estimated Reading Time: 3 Minutes  TDO KB February 13, 2024