2
How to set up hybrid SmarterMail / Office 365 environment?
Question asked by Jothan Sargent - 10/8/2019 at 2:25 PM
Answered
Hello,

I'm wondering how you can set up a hybrid SmarterMail / Office 365 environment where one email address is hosted at Office 365 (Exchange Online) and the others are hosted with SmarterMail? This used to work OK at our previous ISP using a different email server, but since moving to the new ISP (using SmarterMail 17 Pro) the Office 365 user gets an error when sending to the locally hosted domain.For example, let's say the domain in question is my-domain.com and bob@my-domain.com is the Office 365 email user. When email comes in to bob@my-domain.com it gets forwarded to the Office 365 email account. That works fine. When Bob emails joe@my-domain.com he gets a rejection email back "bob is not authorized to relay messages through the server that reported this error, 550 5.7.368 Remote server returned authentication required to relay". When Bob emails any domain not configured in SmarterMail the email goes through just fine.

After doing some investigation, it looks like Office 365 (Exchange Online) allows you to create a "send connector" which allows TLS authentication using a client certificate, but there doesn't appear to be anyway to make use of this in SmarterMail. Unfortunately, there is no way in Office 365 to set up a send connector using basic authentication (username/password) which is what would work for SmarterMail.

I'm wondering if anyone has an idea of how to make this work? I found the temporary solution of turning off "Require SMTP authentication", but I know that this is not a good long-term solution since it leaves the domain open to email spoofing. I've opened support tickets with my ISP and also with Microsoft, but so far haven't been able to find a workable solution.

Thanks.

8 Replies

Reply to Thread
0
Employee Replied
Employee Post Marked As Answer
Jothan,

You may find this knowledge base article helpful for this type of configuration:

0
Jothan Sargent Replied
Ben,

Thank you for your reply. I wonder if you could clarify something for me: I can see how this might be helpful to deliver email to the Office 365 user, but how would this help with the authentication problem when the Office 365 user emails an account set up in SmarterMail? That wasn't clear to me from looking at the knowledge base article.
0
Employee Replied
Employee Post
Jothan,

If the Office 365 user emails an account set up in SmarterMail, SmarterMail should take over and deliver that email to the recipient locally.
0
Pascale Guilbault Replied
Hi Jothan,

We have exactely  the same problem. Was the solution from Ben any good ? If not, can you tell me what you did to make it work if it does work now?

Merci,

Pascale
0
Jothan Sargent Replied
Hi Pascale,

Unfortunately Ben's suggested change did not work for us. What we wound up doing was white-listing the IP addresses for Office 365 (see https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges ) to bypass SMTP authentication. Then we set up SPF, DKIM, and DMARC for our domain to help prevent email spoofing.
0
Pascale Guilbault Replied
HI,

WOW, thank you for the quick respond ! We will try that.

Merci beaucoup!!
0
Paul Blank Replied
Follow-up on old thread: I have this successfully working for years now with SmarterMail and Microsoft 365 - formerly Office 365. Not using Active Directory; Windows workgroup model. Setup is somewhat involved, but not crazy. With Microsoft 365 as primary email exchanger, among several other things, you will need to register all SmarterMail users and aliases as "Contacts" with Microsoft 365, as well as set up M365-Exchange Mail Flow so that this all functions as it should. And you can still use a catch-all address; the catch-all address can either live on SM or on M365.

It's also important to have a good firewall (Sonicwall comes to mind but there are others of course) for restricting inbound access to port 25 on your LAN email server.

OK to contact me via PM if you like.
0
Employee Replied
Employee Post
Hi Paul,

Thanks for sharing your experience with this kind of configuration! We get questions about having a hybrid environment frequently, so I'm sure this information will help.

Reply to Thread