Allow Mail Relay through Office 365

Office 365

 

Access Granted

 
 
 
 
 
 
 
 
 
 
 
 
Office 365 allows unauthenticated mail relay to email addresses in your organization if you have a static IP address and we’ll outline the exact setup steps in this post.

Contents

Scenario and Network Setup
Whitelisting Static IP Addresses
Troubleshooting
Conclusion

Scenario and Network Setup

Most offices have at least one copier that is used to email scanned documents to employees. Recently, one of our clients could not get one of their copiers to send email through Office 365. After further investigation, it was revealed that the copier’s firmware did not provide sufficient encryption to go through Exchange Online.

To combat the encryption issues, we installed the free hMailServer (https://www.hmailserver.com/) on one of their local Windows servers. The copier was then configured to send to hMailServer which in turn sends the email to Exchange Online.

Of course there was still an authentication issue at Microsoft so the easiest solution was to permit mail relaying from the client’s static IP address.

Whitelisting Static IP Addresses

Log in as an administrator to your Office 365 account and go to the Admin section. On the left hand side pick the Exchange Admin Center.

Exchange Admin Center

Exchange Admin Center

Once the Center opens up, select the Protection section.

Exchange Protection Section

Exchange Protection Section

Select the Connection Filter at the top, then edit the default rule by highlighting Default and clicking on the pencil icon.

Exchange Connection Filter

Exchange Connection Filter

Select the Connection Filtering option on the left and then add your static IP address by clicking on the ‘plus’ icon. Then click save. That’s all there is to it!

Allowed Relay IP Address

Allowed Relay IP Address

 

Troubleshooting

In this example, emails were still not going through even after approving the static IP address. The next step was to turn on logging on hMailServer which revealed that the static IP had been blacklisted for spam. The ISP had recently been changed so whomever had the IP address before must have been doing something not so nice. Below is a relevant section of the log:

“RECEIVED: 550 5.7.606 Access denied, banned sending IP

[71.x.x.x]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655″

It’s really easy to delist the static IP. Go to https://sender.office.com/ and enter your IP and email addresses. You’ll receive this response:

Delist Portal

Delist Portal

Then check your email to prove you’re legitimate:

Email Address Validation

Email Address Validation

It will take a little while for this to go into effect.

Conclusion

If you have devices on your network that need to send email but don’t support authentication or encryption then this method will allow you to relay without either with a static IP. Good luck!

 

By |2016-09-12|Office 365|