Smartermail + Office 365 Split Domain
Question asked by Paul Blank - August 17 at 11:37 AM
Unanswered
Hello. Is there anyone who's currently using SmarterMail in a split-domain configuration with Office 365?
 
I am setting this up with SM V15 for a client in a test environment, and am having trouble getting the Office 365 -> SmarterMail connector working.
 
The validation keeps failing with some kind of NDR. Surprisingly, the Microsoft engineers have no clue about what to do, but say they are still looking into it.  Below is the entire text of the failure message from Office 365.
 
(see my post below; looks as if this is now solved; the failure text is quite cryptic, and wasn't much help) 
 
**********************************************
 
Timestamp:8/17/2018 5:44:45 PM
EventId:RECEIVE
Source:SMTP
MessageSubject:Test email for connector validation
MessageId:<116c4316-a2e4-490c-8ade-b8e409a1ea04@BYAPR01MB4120.prod.exchangelabs.com>
Recipients:bluesm@test-domain.com
RecipientCount:1
RecipientStatus:
SourceContext:08D603CDAE01E641;2018-08-17T17:44:45.552Z;0
Sender:O365ConnectorValidation@test-domain.com
EventData:InboundTlsDetails: TLS=SP_PROT_TLS1_2_SERVER TLSCipher=CALG_AES_256 TLSKeyLength=256 TLSKeyExAlg=CALG_ECDH_EPHEM, MessageValue:MediumHigh, Replication:SN6PR01MB4128, FirstForestHop:BYAPR01MB4120.prod.exchangelabs.com, DeliveryPriority:Normal, OriginalFromAddress:<>, AccountForest:NAMPR01A010.PROD.OUTLOOK.COM

Timestamp:8/17/2018 5:44:45 PM
EventId:RECIPIENTINFO
Source:RESOLVER
MessageSubject:Test email for connector validation
MessageId:<116c4316-a2e4-490c-8ade-b8e409a1ea04@BYAPR01MB4120.prod.exchangelabs.com>
Recipients:bluesm@test-domain.com
RecipientCount:1
RecipientStatus:NotFound.OneOff.Resolver.CreateRecipientItems.10
SourceContext:
Sender:O365ConnectorValidation@test-domain.com
EventData:SenderVerdict:NotFound.OneOff.Sender.10, DeliveryPriority:Normal, OriginalFromAddress:<>, AccountForest:NAMPR01A010.PROD.OUTLOOK.COM

Timestamp:8/17/2018 5:44:45 PM
EventId:BADMAIL
Source:DSN
MessageSubject:Test email for connector validation
MessageId:<116c4316-a2e4-490c-8ade-b8e409a1ea04@BYAPR01MB4120.prod.exchangelabs.com>
Recipients:bluesm@test-domain.com
RecipientCount:1
RecipientStatus:
SourceContext:
Sender:O365ConnectorValidation@test-domain.com
EventData:BadmailReason:Suppress NDR of a rejected or expired DSN, DeliveryPriority:Normal, OriginalFromAddress:<>, AccountForest:NAMPR01A010.PROD.OUTLOOK.COM

Timestamp:8/17/2018 5:44:45 PM
EventId:AGENTINFO
Source:AGENT
MessageSubject:Test email for connector validation
MessageId:<116c4316-a2e4-490c-8ade-b8e409a1ea04@BYAPR01MB4120.prod.exchangelabs.com>
Recipients:bluesm@test-domain.com
RecipientCount:1
RecipientStatus:
SourceContext:CatHandleFail
Sender:O365ConnectorValidation@test-domain.com
EventData:AMA:EV|engine=A|v=0|sig=201808171514|name=|file=|hash=|phash=, AMA:EV|engine=S|v=0|sig=20180817.006|name=|file=|hash=|phash=, AMA:EV|engine=M|v=0|sig=1.273.1568.0|name=|file=|hash=|phash=, SDA:SDG|MID=2400886727234|MN=BYAPR01MB4120, DeliveryPriority:Normal, OriginalFromAddress:<>, AccountForest:NAMPR01A010.PROD.OUTLOOK.COM

Timestamp:8/17/2018 5:44:45 PM
EventId:FAIL
Source:ROUTING
MessageSubject:Test email for connector validation
MessageId:<116c4316-a2e4-490c-8ade-b8e409a1ea04@BYAPR01MB4120.prod.exchangelabs.com>
Recipients:bluesm@test-domain.com
RecipientCount:1
RecipientStatus:[{LED=550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient bluesm@test-domain.com not found by SMTP address lookup};{MSG=};{FQDN=};{IP=};{LRT=}]
SourceContext:
Sender:O365ConnectorValidation@test-domain.com
EventData:ToEntity:Unknown, FromEntity:Unknown, DeliveryPriority:Normal, OriginalFromAddress:<>, AccountForest:NAMPR01A010.PROD.OUTLOOK.COM
 

6 Replies

Reply to Thread
0
Nathan Y Replied
We are using it for a number of customers without any issues. The key to passing the test, certainly for us, is to either disable greylisting for the domain or put the EOL IPs in the greylisting exception list.
 
0
Nathan Y Replied
Also, have you ticked the 'Deliver locally if user exists' option in the domain config? It is easily overlooked but without it you create a mail loop. It feels like an option that should be enabled by default when you change the 'Domain Location' option from 'Local'
0
Paul Blank Replied
I am not using the SM antispam services at all, so I don't believe I need any greylisting changes.

You do mean EOP, not EOL, correct? I tried these and had no luck, but at the moment the domain is fully open to port 25 - and NOT an open-relay in any event. It is just a test domain, so I'm not worried about spam.

And yes, those "Deliver Locally" box is ticked.

Are you using TLS in the Office 365 - > SM connector?
0
Nathan Y Replied
Yes, we have TLS enabled with a valid certificate issued by a CA
1
Paul Blank Replied
This seems to be fixed now. The Microsoft doc I was using didn't mention a setting in "accepted domains" under mail flow. The O365 -> SM server connector won't work without this. 
 
Also, you can set the connector to NOT use TLS if you prefer. At one point, Microsoft made it seem that TLS was mandatory here. 
 
Good idea in any case to lock down SMTP access to your SM SERVER at the firewall, only allowing access by EOP IPs. 
0
Paul Blank Replied
BTW that setting in Accepted Domains is .. change domain to "Internal Relay"

Reply to Thread