This article describes how to set up a Simple Mail Transfer Protocol (SMTP) relay in Microsoft Office 365. It describes how to set up Microsoft Exchange Online as an SMTP relay to send email messages to remote domains and to users in your Office 365 organization.
You may want to do this in scenarios in which you no longer have an on-premises messaging environment, such as Microsoft Exchange Server, and in which you have on-premises line-of-business (LOB) programs that have to send email messages to remote domains and to your migrated cloud mailboxes.
Important If you want on-premises LOB programs to send mail only to your migrated cloud mailboxes and not to remote domains (that is, domains for which you aren't authoritative in Exchange Online), you don't have to follow the steps in this article. Instead, see the following Microsoft Knowledge Base article:
To set up an SMTP relay in Office 365, you must have the following:
A user who has an Exchange Online mailbox
The SMTP set to port 587
Transport Layer Security (TLS) encryption enabled
The mailbox server name
Set up an SMTP relay in Office 365
Step 1: Obtain the SMTP server setting
To obtain the SMTP server setting, follow these steps:
Sign in to Outlook Web App.
Take one of the following actions:
In Office 365, click Settings (
Collapse this imageExpand this image
), and then click Options.
In Office 365 pre-upgrade, click Options, and then click See All Options.
Take one of the following actions:
In Office 365, in the left navigation pane, click Account, and then click Settings for POP and IMAP access.
In Office 365 pre-upgrade, in the left navigation pane, click Account, click My Account, and then, in the Account Information area, click Settings for POP, IMAP, and SMTP access.
Note the SMTP server setting information that's displayed on this page.
Step 2: Create a user who has an Exchange Online mailbox
To do this, use one of the following methods:
If you're in a hybrid deployment or if you're using directory synchronization, create the user in Active Directory, Exchange Management Shell, or either Exchange Management Console or Exchange Admin Center (depending on your version of Exchange Server). Run directory synchronization, and then activate the user by using an Exchange Online license.
Note The user must not have an on-premises mailbox.
Create the user by using the Office 365 portal or by using the Windows Azure Active Directory Module for Windows PowerShell, and then assign the user an Exchange Online license.
Step 3: Set up the Internet Information Services (IIS) SMTP relay server
To set up Internet Information Services (IIS) so that your LOB programs can use the SMTP relay, follow these steps, as appropriate for your situation.
Start Server Manager, click Features, and then click Add Features.
On the Select Features page, select the SMTP Server check box. If you're prompted, click Add Required Role Services.
Note This step automatically installs all prerequisite roles and features, including IIS (if they're not already installed).
On the Select Features page, click Next. Then, on the Web Server (IIS) page, click Next.
On the Select Role Services page, make sure that the following role services check boxes are selected, and then click Next:
The ODBC Logging check box under Health and Diagnostics
The IIS Metabase Compatibility check box in IIS 6 Management Capability under Management Tools
The IIS 6 Management Console check box in IIS 6 Management Capability under Management Tools
On the Confirm Installation Selections page, click Install.
After the SMTP Server installation is completed, click Finish.
Open IIS 6.0 Manager, right click Default SMTP Virtual Server, and then click Properties.
Click the Access tab, and then click Relay.
In the Select which computers may relay through this virtual server area, click Only the list below, and then enter the IP addresses of the on-premises LOB devices and application servers that will relay through the SMTP server.
Warning Make sure that you enter only the IP addresses of the devices and servers that you trust. This setting lets you relay mail that's coming from these sources to any destination. In effect, this makes the on-premises server that's running IIS an open relay.
On the Access tab, click Authentication, make sure that the Anonymous access check box is selected, and then click OK.
Click the Delivery tab, click Advanced, and then, under Smart host, enter the fully qualified domain name (FQDN) of the SMTP server from the "Step 1: Obtain the SMTP server setting" section.
On the Delivery tab, click Outbound Connections.
In the TCP Port box, type 587, and then click OK.
On the Delivery tab, click Outbound Security, and then follow these steps:
Click Basic Authentication.
In the User name box, type the user name of the Office 365 user that you created in the "Step 2: Create a user who has an Exchange Online mailbox" section.
In the Password box, type the password of the Office 365 user.
Select the TLS encryption check box, and then click OK.
How to support multiple email addresses
If your LOB applications send mail from email addresses that differ from the Office 365 mailbox that's used for authentication, you have to either use a mail-enabled security group or add proxy addresses to support multiple email addresses.
Note If you don't perform one of the following procedures, the LOB applications will not send mail and will return the following error message:
5.7.1 Client does not have permissions to send as this sender
Method 1: Use a mail-enabled security group
If the LOB applications send mail from email addresses that have mailboxes in Office 365, you can support multiple email addresses for relay by creating a mail-enabled distribution group and then granting it SendAs access. To do this, follow these steps:
Assign the Office 365 user that you created earlier in "Step 2: Create a user who has an Exchange Online mailbox" SendAs permissions for all users who are included in the security group that you created. To do this, follow these steps.
In Office 365, follow these steps:
In the left navigation pane of Exchange Admin Center, click Recipients, and then click Mailboxes.
Click the Office 365 user that you created earlier, and then click Manage Send As Permissions. Add all the users whom you added to the security group that you created, and then click OK.
In Office 365 pre-upgrade, follow the steps at the following Microsoft website:
If the LOB application doesn't have mailboxes in Office 365 that are associated with the email addresses that will be used for relay, the email addresses can be added as a secondary addresses to an existing mailbox. To set up proxy addresses, use one of the following procedures:
In Office 365, see the "Email Addresses" section of the following Microsoft website:
Note The domain that's associated with the email address must be a domain that was verified and accepted in Exchange Online.
Use Postfix to set up an SMTP relay in Office 365
Postfix is a third-party mail server that can be used to set up an SMTP relay for Exchange Server and Exchange Online. Currently, only specific versions of Postfix are supported to set up a relay with Exchange Online. You have to use Postfix 2.9 or a later version to set up an SMTP relay with Exchange Online.
For more information, go to the following Postfix website:
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.