[SOLVED] Microsoft 365 (aka Office 365) Smart Host

[utkonos]

The outbound smart host connector from 365 to Proxmox is failing with a Relay access denied error.

All of Microsoft's IP ranges have been added as trusted networks in the following configuration location:
Configuration > Mail Proxy > Networks

Here are their ranges:
https://learn.microsoft.com/en-us/m...rls-and-ip-address-ranges?view=o365-worldwide

The inbound connector works fine and I am able to send test messages from the outside world through PMG to 365.

My hypothesis is that 365 has no concept of a port number when configuring a smart host. Therefore connections from 365 are being made to port 25 rather than 26 and relay is denied even though the domain of the sender is correct and the IP of the connection is allowed by the networks configuration.

Is there any way to work around this problem, or is outbound smart host from 365 not possible? This isn't a gigantic problem because 365 is capable of sending email on its own. Or I am also able to setup an intermediate smart host "proxy" running OpenSMTPD on a different IP that listens on 25 and is firewalled for 365 IPs and then relays to PMG port 26.

 

[utkonos]

For anyone else who is trying to figure this out: my hypothesis is correct.

Microsoft 365 (Office 365) can only send to a smart host on port 25. This means you will have to put an email proxy between PMG and 365. This is not really a big deal since you probably already have a mail server configured to serve your roaming users who connect on the submission port to perform authenticated sending of emails. All you need to do is add a port listener on that server which is firewalled to the IP ranges published by Microsoft and configure the SMTPd on that server correctly for unauthenticated relay to the PMG. If you're using OpenSMTPD on that relay it can also be locked down via the match configuration in smtpd.conf.