Setup an SMTP open relay between an onsite Windows Server and Office 365

After migrating a client to Office 365 I needed a way of sending email from various applications and devices.  I wanted an open relay for email though an onsite Windows Server to Office 365.

There are a few ways of doing this including simply setting up a single account in Office 365 for this purpose and entering authentication details for each application/device.  However I wanted to be able to send from multiple email accounts so chose to setup an open relay.

The first step is to install IIS 6 on the server that is to be your relay server.  To do this open the server manager> Go to Add Roles and Features and select the Web Server (IIS) role and click Add Features.

Scroll down to IIS 6 Management Compatibility and select all IIS features> Click Add Features When prompted.

Click Features and select SMTP Server, click Add Features when prompted.

Click Next>Next>Next>Next and then Install.

Once the installer has finished click Close and open the Internet Information Services (IIS) 6.0 Manager.  Right click on the default SMTP virtual server and click rename.  Choose a suitable name for your relay.

The domains section tells the relay server all the email domains that you allowed to relay to.  You must specify the email domain for each domain that you wish to relay to.  Unfortunately there is no wildcard or catch all syntax for this, you must simply add each domain as follows.

Right click on Domains>Click New>Domain>Remote then click Next.

To use a wildcard for all .com domains i.e. enter *.com and click Finish.  Repeat for all domains you need to add i.e. * etc.

Right click on your relay name and click Properties.  Click the Access tab and click Authentication, select Anonymous Access only.

Click Connection and select the Only the list below radio button.  Click Add and add the devices (i.e. the photocopier for scan to email or an the server where an application needs to email from) IP addresses that will be authorised to relay.

Click the Delivery tab and click Outbound Security.  Set this to Anonymous Access.

Click the Advanced button and set the Masquerade domain to your email domain.  Enter as your Smart host.

Configure office 365
Login to office 365 and go to Admin>Admin Centers>Exchange>Mail Flow>Connectors.

Click the + symbol to add a new connector.  Select From Your Organisation’s email server and to Office 365, click Next.

Give the connector a name and click Next.

Next we need to select By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization.  Click the + symbol and enter the fixed external IP address for you SMTP relay server and click Next.  When ready click Save.

To test download the SMTP diag tool from here. (This is the same as using the telnet commands to send email).  If all is working ok you should be able to send yourself an email through Office 365 as below.  Remember you will need to open port 25 outbound on both your SMTP relay server’s software firewall and your hardware firewall.

Leave a Reply

Your email address will not be published. Required fields are marked *