Smarthost & Office365 - New Cert Based Auth required Dan
Smarthost & Office365 - New Cert Based Auth required Synametrics Support
Smarthost & Office365 - New Cert Based Auth required Dan
Smarthost & Office365 - New Cert Based Auth required Synametrics Support
| From: | Dan |
|---|---|
| Date: | 12/18/17 3:53 AM |
| Topic: | Smarthost & Office365 - New Cert Based Auth required |
| Type: | General Discussions |
| Post a follow up | |
|
Hi, I have had Xeams in place for a while to allow relaying from our internal network to our Office 365 account with IP based authentication, that is allowing any emails from a known static public IP through our account. Office 365 has now done away with that and requires the "connecting server" (Xeams) to present a certificate with a known common name to the "receiving server" (Office 365). Read more here if needed: https://support.microsoft.com/kb/3169958 How can this be configured with Xeams? Thanks in advance, Dan |
|
| Top |
| From: | Synametrics Support |
|---|---|
| Date: | 12/21/17 11:15 AM |
| Topic: | Smarthost & Office365 - New Cert Based Auth required |
| Type: | General Discussions |
| Post a follow up | |
|
Dan, The MS article requires you pointed out says one of the two conditions must be met: 1 - Sender domain must be a local domain OR 2 - Use a certificate Is there a reason why you can't use the first option? Although I have to research this further, I assume by a certificate they mean using STARTTLS with a valid certificate for the domain you're trying to send from. Are you using STARTTLS in Xeams with a valid cert?
|
|
| Top |
| From: | Dan |
|---|---|
| Date: | 1/1/18 11:39 AM |
| Topic: | Smarthost & Office365 - New Cert Based Auth required |
| Type: | General Discussions |
| Post a follow up | |
|
Thanks for the reply. Option #1 is not always applicable. My instance of Xeams is used for filtering spam before relaying to the intended address, which may or may not be owned by my organization. It's used for a web hosting relay server. Each customer who hosts with me may host their email systems elsewhere, so their domain would not be part of my "owned" domains. My understanding of STARTTLS is that the downstream server would host the SSL cert, not my Xeams instance. Can Xeams be configured with a cert for use with STARTTLS? And if yes, how to configure that? |
|
| Top |
| From: | Synametrics Support |
|---|---|
| Date: | 1/2/18 9:49 AM |
| Topic: | Smarthost & Office365 - New Cert Based Auth required |
| Type: | General Discussions |
| Post a follow up | |
|
Dan, I am going to answer your second question first. STARTTLS requires an SSL cert and therefore, it will alway be there. However, I have a feeling option# 2 on Microsoft's site is only applicable if you're trying to relay from another Exchange server. If this assumption is correct, the only option you have is option# 1. I want to understand your deployment scenario a bit better before going any further. Could you please confirm the following network diagram is correct?
Consider the following as an example email: From: john@OneOfYourClient.com John is hosting www.oneofyourclient.com on your network. His web server sends emails to someone at gmail.com when they sign up for some service. John's email is not hosted by you. Instead, it is hosted by Microsoft's Office 365. Is this scenario correct? If it is correct, why are you trying to relay the messages via Office 365? When not let Xeams send this message directly to gmail.com?
|
|
| Top |