Home Blog Best Practices To Configure SMTP Relay Emails (Tested)

Best Practices To Configure SMTP Relay Emails (Tested)

 2022/02/07   Microsoft Cloud Solutions   3644 visit(s)  7 min to read




Many people do not yet realize that SMTP Virtual server reached the end of support in 2015. But when they migrate to Office 365, they begin to notice that SMTP does not work, and even if it works, tons of problems requiring troubleshooting will arise.

As you already know, SMTP server component feature was built on IIS 6. At this point, you shall relay email to Office 365.

How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft Docs

If you have Exchange On-prem, you can still use your connectors by creating receive connector front-end and adding the serves or clients you need.

The following are links for end of support:

The following are tested methods with 2 Products. Every scenario has its own requirements and features. The following table describes all options including Gmail.

Tested Products


SMTP client submission

Direct send

SMTP relay

Google SMTP













Send to recipients in your domain(s)





Relay to internet via Microsoft 365 or Office 365 Yes No. Direct delivery only. Yes
Bypasses antispam Yes, if the mail is destined for one of your Microsoft 365 or Office 365 mailboxes. No. Suspicious emails might be filtered. We recommend a custom Sender Policy Framework (SPF) record. No. Suspicious emails might be filtered. We recommend a custom SPF record. yes
Supports mail sent from applications hosted by a third party Yes Yes. We recommend updating your SPF record to allow the third party to send as your domain. No Yes
Saves to Sent Items folder Yes No No Yes
Open network port Port 587 or port 25 Port 25 Port 25 587
Device or application server must support TLS Required Optional Optional Required
Requires authentication Microsoft 365 or Office 365 username and password required None One or more static IP addresses. Your printer or the server running your LOB app must have a static IP address to use for authentication with Microsoft 365 or Office 365. yes, username and password

Starting with the first tested method

Option 1: Authenticate your device or application directly with a Microsoft 365 or Office 365 mailbox, and send email using:

SMTP AUTH client submission (tested)

This option is very easy, but there’s too many details when configuring a lot of things.

So, the first requirement as per the following note is only authentication. We also have 3 other perquisites.

The following prerequisites is only the authentication requirements

Prerequisites in this note Only

  1. No security defaults this can be checked from Azure portal
  2. SMTP auth is enabled and this shall be checked from Office 365 portal
  3. SMTP AUTH is disabled for any tenants created after January 2020
  4. Check SMTP globally and you can enable it per the user

Other prerequisites

Mailbox license, port 587 preferred and DNS use smtp.office365.com


As you can see, you can send in and out and Bypass spam checks

You have lot of homework to do before this method

Script for checking on enabling the authentication per mailbox

  • Check SMTP AUTH on all tenant if true then it is disabled if false then it is working (false means working)

  • Check SMTP auth for the required mailbox if null then inheriting from tenant and we need to make it false.

<# enable SMTP for devices first method requires SMTP basic enabled
You must also verify that SMTP AUTH is enabled for the mailbox being used.  enabled per-mailbox.


# Set-TransportConfig -SmtpClientAuthenticationDisabled $true
#true means disabled  false means enabled
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
#The value $null indicates the setting for the mailbox is controlled by the global setting on the organization.
<#from GUI

Open the Microsoft 365 admin center and go to Users > Active users.

Select the user, and in the flyout that appears, click Mail.

In the Email apps section, click Manage email apps.

Verify the Authenticated SMTP setting: unchecked = disabled, checked = enabled.

When you're finished, click Save changes.#>
get-CASMailbox -Identity "username@domain.com" | Format-List -property smtp*

#Set-CASMailbox -Identity " username@domain.com" -SmtpClientAuthenticationDisabled $false

This means it is disabled for the tenant

Let’s check for the required sender user

get-CASMailbox -Identity "username@domain.com" | Format-List -property smtp*

null means same as tenant now I will set it to false for this mailbox

Set-CASMailbox -Identity username@domain.com -SmtpClientAuthenticationDisabled $false

Test it on VEEAM

SMTP Settings

SMTP Settings - Veeam Backup for Microsoft Office 365 Guide

Configuring and testing

First method SMTP AUTH client submission.

Second working scenario configure Gmail scenario


Received on public emails and Microsoft emails

Appears in the sent items

If you received the following error

Then go to:


make this on


Appears in sent

We hope we’ve managed to help you out. For more information or if you have any questions, feel free to get in touch with us.

Karim Zaki,


Search the Blog

Subscribe Blog



IT & Cyber-Security Solutions

Best-in-class cyber security solutions to ...


Microsoft Cloud Solutions

Explore Ctelecoms extensive selection of ...


Datacenter Solutions

Solve issues, streamline operations, promote ...


Cloud Backup & Disaster Recovery Solutions

Keep your data, apps, emails and operations ...


Computing & Hyper-converged Infrastructure Solutions

Take your IT infrastructure to the next level ...


Unified Communications & Networking Solutions

Ensure you are securely connected with all ...


Meraki Networking Solutions

Quickly deploy a reliable, secure, cloud-managed ...