O365 – Mail Relay

It took some time to gather the settings for mail relay when we implemented Office 365 in our environment.  It’s pretty straightforward, but since I had to research several sites to get the information, I’m writing this article to combine the data for easy reference.

An SMTP relay is required to route e-mails from on-premises applications, scanners (print-to-PDF) or multi-function devices to either internal or external recipients.

Mail Relay Options

Using Exchange Online in Office 365 for mail relay can be accomplished in three ways:

1.    SMTP Client Submission
Here you configure the devices or applications to authenticate with an Office 365 mailbox and use Simple Mail Transfer Protocol (SMTP) client submission.  In this scenario, the device or application uses an e-mail account to send e-mail to recipients, just like an e-mail client.  E-mail can be sent to both external and internal recipients.
2.    Direct Send
With Direct Send you configure your devices or applications to send e-mail directly to recipients in your organization.  This scenario does not support external recipients.  When you set up your device or application, configure it to point to your mailboxes in Office 365 using your mail exchange (MX) endpoint record.
3.    Office 365 SMTP Relay
For this configuration you must configure an Exchange Online connector for your devices or applications to send email to Office 365.  Office 365 can then relay e-mail to both your organization mailboxes and to external recipients.  This requires an on-premises SMTP relay server.

In our environment, we did not have a previous Exchange on-premises setup.  Therefore we were unable to utilize option 3.  However, our programs and devices were able to use options 1 and 2 sufficiently.

Mail Relay Configurations

SMTP Client Submission:
SMTP Server:  smtp.office365.com
Port:  587
SSL/TLS:  required
Authorization:  Exchange Online mailbox credentials
Send Secure:  include Confidential in Subject
Recipients:  Internal/External

Direct Send:
SMTP Server:  <domain>-com.mail.protection.outlook.com
Port: 25
SSL/TLS:  not required
Authorization:  not required
Send Secure:  include Confidential in Subject
Recipients:  Internal only

Sample Mail Relay Send Commands

Replace the domain names with your own.

Send-MailMessage -From "anyone@anyone.com" -To "mailbox@doman.com" -Subject "Test Direct Send E-mail" -Body "Test SMTP Direct Send Relay" -SmtpServer domain-com.mail.protection.outlook.com -Port 25
Send-MailMessage -From "anyone@anyone.com" -To "mailbox@domain.com" -Subject "Confidential Test Direct Send E-mail" -Body "Test SMTP Direct Send Secure Relay" -SmtpServer domain-com.mail.protection.outlook.com -Port 25
$msolcred = mailbox@domain.com
Send-MailMessage -From "mailbox@domain.com" -To "recipient@gmail.com" -Subject "Test E-mail" -Body "Test SMTP Client Submission Relay Service" -SmtpServer smtp.office365.com -Credential $msolcred -UseSsl -Port 587
$msolcred = mailbox@domain.com
Send-MailMessage -From "mailbox@domain.com" -To "recipient@gmail.com" -Subject "Confidential Test E-mail" -Body "Test SMTP Client Submission Relay Service Secure" -SmtpServer smtp.office365.com -Credential $msolcred -UseSsl -Port 587