Office365 Direct Send without Relay

DustinB3403

Trying to figure out why I can't send email directly from my applications and other devices in the organization (for the purposes of being able to scan from a printer and send the scan as an email attachment.

Running a few powershell scripts I see the issue. . . we don't have a dns for office 365

Resolve-DnsName -name domain.com -type MX

Name                                     Type   TTL   Section    NameExchange                              Preference                               
----                                     ----   ---   -------    ------------                              ----------                               
domain.com                    MX     1200  Answer     srv1.domain.com               10                                       
domain.com                    MX     1200  Answer     srv2.domain.com               10                                       

Name       : srv1.domain.com
QueryType  : A
TTL        : 1200
Section    : Additional
IP4Address : 192.168.2.12


Name       : srv2.domain.com
QueryType  : A
TTL        : 1200
Section    : Additional
IP4Address : 192.168.2.13

Srv1 and Srv2 are setup as mail relays, but they are going away in the future. Anyone have any recommendations on how to address this?

DustinB3403

Would adding a new connector in office 365 be able to address this?

DustinB3403

Checking against office 365

Resolve-DnsName -name domain.onmicrosoft.com -type MX

Name                                     Type   TTL   Section    NameExchange                              Preference                               
----                                     ----   ---   -------    ------------                              ----------                               
domain.onmicrosoft.com        MX     3600  Answer     domain.mail.protection.outlook 0                                        
																 .com

NerdyDad

I typically put that name exchange in any of the devices and email gets out.

<domain>.mail.protection.outlook.com with whatever your domain is.

DustinB3403

@NerdyDad I'll give it a try.

DustinB3403

Doesn't seem to work, what else should I look at?

NerdyDad

That is typically all that I need to do. I'm sure you already have the right port open on your firewall pointing to O365.

My environment doesn't require authentication. Does yours?

Also, make sure that you check O365 ports for protocol traffic on the devices that you are trying to connect.

coliver

What I've done in the past is setup a local relay. Something that only accepts traffic from the various devices and relays it out to O365. You can use Postfix and Microsoft's SMTP server to do this.

NerdyDad

@coliver said in Office365 Direct Send without Relay:

What I've done in the past is setup a local relay. Something that only accepts traffic from the various devices and relays it out to O365. You can use Postfix and Microsoft's SMTP server to do this.

I've heard of this being done. Either with the old on-prem exchange server being turned into a relay or building out a new relay entirely. I'm not an Exchange expert by any means so I cannot speak as to how to do it. I just know that it can be done.

coliver

@NerdyDad said in Office365 Direct Send without Relay:

@coliver said in Office365 Direct Send without Relay:

What I've done in the past is setup a local relay. Something that only accepts traffic from the various devices and relays it out to O365. You can use Postfix and Microsoft's SMTP server to do this.

I've heard of this being done. Either with the old on-prem exchange server being turned into a relay or building out a new relay entirely. I'm not an Exchange expert by any means so I cannot speak as to how to do it. I just know that it can be done.

Here are the different options you can use. Some of them are limited to only send to users on your domain.

https://support.office.com/en-us/article/How-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4?ui=en-US&rs=en-US&ad=US

JaredBusch

For only basic email traffic needs like scan to email, just setup a connector in Office 365.

Exchange Online has various rate limits though. So if you think you will be even close to them, use postfix locally to send out and just add your local WAN IP to your SPF record.

DustinB3403

I got it sorted, separate spam filter relay is what was needed.

Dashrender

@JaredBusch said in Office365 Direct Send without Relay:

For only basic email traffic needs like scan to email, just setup a connector in Office 365.

Exchange Online has various rate limits though. So if you think you will be even close to them, use postfix locally to send out and just add your local WAN IP to your SPF record.

Why wouldn't your local relay still relay everything through Hosted Exchange in O365? or would that be rate limited as well?

JaredBusch

@Dashrender said in Office365 Direct Send without Relay:

@JaredBusch said in Office365 Direct Send without Relay:

For only basic email traffic needs like scan to email, just setup a connector in Office 365.

Exchange Online has various rate limits though. So if you think you will be even close to them, use postfix locally to send out and just add your local WAN IP to your SPF record.

Why wouldn't your local relay still relay everything through Hosted Exchange in O365? or would that be rate limited as well?

Exchange Online has limits. it does not matter from where the email originate. The software was actually setup to authenticate and send email directly with and Exchange Online account during testing.

This quickly hit the rate limits as the client was sending out large amounts of price notifications to users that has signed up for such.

So this site had a local CentOS 7 box setup and Postfix was configured to send mail out. The SPF record was updated and then a connector was also setup to make sure nothing was blocked for no reason.