- Two Minute Drill: The Eventcreate command – “…Eventcreate is a command line tool that enables an administrator to create a custom event ID and message in a specified event log.”
- Blog Post: Windows AV Exclusion List – List of all the anti-virus exclusions you would need to configure. This is just what I’ve been looking for.
After I setup the SMTP relay server to send emails to BPOS, the next challenge to address was how could I allow multiple email addresses to send to BPOS that weren’t real mailboxes. For example, I have firewall logs sent from firewall@domain.com, but it isn’t a real mailbox.
The solution was much easier than I thought.
In your SMTP relay account, you just have to add it as an alternate email address. Make sure you add the alternate email addresses under this account!
To verify it, take a look at your SMTP relay logs.
If you send a test email from an email that isn’t added as an alternate email address, this is what you’re going to see:
MAIL - FROM:<firewall@demouser.org>
550+5.7.1+Client+does+not+have+permissions+to+send+as+this+sender
Log in to your admin site for BPOS. Find the account that you have setup as your relay account, and add the email address as an alternate email on the admin site as shown below.
Once you have added the email address, resend your test email and check your logs. You should now see this:
MAIL - FROM:<firewall@demouser.org>
250+2.1.0+Sender+OK
That’s all there is to it. Now all you have to do is add the email addresses for the rest of your “fake” senders.
If I have missed anything or you have some comments, please leave a comment.
When we made the move to Microsoft’s BPOS, we were left with a situation where some of our appliances were not able to make secure connections to the BPOS servers in order to send secure mail. The Microsoft Online Services (MOS) had a blog entry that explains how to setup SMTP relay to Exchange Online for your devices, but it makes an assumption that you can change the port on your appliance and/or software. We had ones that wouldn’t allow us to do that.
We talked to the support team about setting up a local SMTP relay that we could use to send messages to locally and in turn would send messages to Exchange Online securely. Unfortunately, they weren’t able to help much. They had some instructions on how to set it up, which was the blog post above, but nothing detailed.
I decided to use IIS’s SMTP Relay since it was something that was free and looked to be fairly simple to use.
Here is how I set it up. I’m making the assumption that you’ve already installed IIS and the SMTP service as shown below.
1) Go to the properties of the SMTP Virtual Server. Select the IP address of the server, and then click Advanced. In the Advanced section, verify the port that you want to use. In this case, I chose to use port 25.
2) Select the Access tab. Click on Connection inside the Connection Control section and select the nodes you would like to have access to the SMTP Relay. Next click Relay under the Relay Restrictions section and select the nodes you want to relay through the server. In this example, I only chose this single server the ability to relay messages.
3) Select the Delivery tab. Click the Outbound Security option. Select the Basic Authentication radio button and the TLS encryption option as well. Under basic authentication, enter the username/password (I left the username blank intentionally) of the mailbox that is going to be the account that is going to send out the email. IMPORTANT: This user must be an Exchange Online user, so you will use a license on this account. Once you have entered the information, hit OK. Select the Outbound Connections button. Change the TCP port to 587 and hit OK. And finally, select the Advanced button and enter in smtp.mail.microsoftonline.com into the smart host field. (Thanks Jeff for the reminder.)
NOTE: If you attempt to send as a user that is not an actual Exchange Online account, you will see the following message inside the logs. The logs are located here if you used the default values: C:WINDOWSsystem32LogFilesSMTPSVC1.
550+5.7.1+Client+does+not+have+permissions+to+send+as+this+sender
Otherwise you should see this entry in the log file.
250+2.1.0+Sender+OK
At this point, you can send a test email via the SMTP relay server to a recipient. I used a free command line utility called SendEmail. It has enough options to get the job done.
Once you send the email, check the logs to make sure that everything went through OK. When I enabled logging, I selected quite a few options because I’m not very familiar with IIS and didn’t know what I needed to record. I cleaned up the logs a little, but not enough. However, it’s enough for you to see what’s going on below.
EHLO - +tnssync1.tnslab.org 250 0 197 24 0 SMTP -
MAIL - +FROM:<trusteduser@senddomain.com> 250 0 41 28 0 SMTP -
RCPT - +TO:<user@recdomain.com> 250 0 33 30 0 SMTP -
DATA - +<792785.64453125-sendEmail@tnssync1> 250 0 120 720 16 SMTP -
QUIT - tnssync1.tnslab.org 240 31 68 4 0 SMTP -
220+smtp.mail.microsoftonline.com+Microsoft+ESMTP+MAIL+Service+ready+at+Sun,+9+May+2010+11:10:58+-0700 0 0 102 0 188 SMTP -
EHLO - tnssync1.tnslab.org 0 0 4 0 188 SMTP -
250-smtp.mail.microsoftonline.com+Hello+[75.228.236.136] 0 0 56 0 656 SMTP -
STARTTLS - - 0 0 8 0 656 SMTP -
220+2.0.0+SMTP+server+ready 0 0 27 0 1031 SMTP -
EHLO - tnssync1.tnslab.org 0 0 4 0 2281 SMTP -
250-smtp.mail.microsoftonline.com+Hello+[75.228.236.136] 0 0 56 0 2750 SMTP -
AUTH - - 0 0 4 0 2750 SMTP -
334+UGFzc3dvcmQ6 0 0 16 0 3063 SMTP -
235+2.7.0+Authentication+successful 0 0 35 0 3391 SMTP -
FROM:<trusteduser@senddomain.com>+SIZE=982 0 0 4 0 3391 SMTP -
250+2.1.0+Sender+OK 0 0 19 0 3531 SMTP -
RCPT - TO:<user@recdomain.com> 0 0 4 0 3531 SMTP -
250+2.1.5+Recipient+OK 0 0 22 0 3656 SMTP -
BDAT - 982+LAST 0 0 4 0 3656 SMTP -
250+2.6.0+<792785.64453125-sendEmail@tnssync1>+Queued+mail+for+delivery 0 0 71 0 4266 SMTP -
QUIT - - 0 0 4 0 4266 SMTP -
221+2.0.0+Service+closing+transmission+channel 0 0 46 0 4406 SMTP -
As you can see, the message sent out to Exchange Online via TLS. To verify it even further, look at the header information in the email that you received. In the header you should see the following line:
Received: from tnssync1.tnslab.org (75.228.236.136) by
smtp.mail.microsoftonline.com (10.32.16.41) with Microsoft SMTP Server (TLS)
At this point, your server is setup to send messages to Exchange Online securely.
If you have any additional input or if I missed anything, please email me and let me know.
- Another One Bites The Dust? – I was actually looking forward to see both of these products.
- OpsMgr 2007 R2 CU2 rollup hotfix ships – and my experience installing it
- System Center Operations Manager Useful System Users and Roles Tables
- Webinar: Partner Solution: BPOS Administration Applications – We’re in the process of implementing the Password Sync product. I’m planning on writing about my experience soon.
- Webinar: Partner Solution: BPOS Administration Applications – “This webinar takes place on: Tuesday, May 4th, 2010, at 11:00 AM PDT “
- Microsoft Office Web Applications and http://docs.com
- Virtual Machine Servicing Tool 3.0 – Now in Beta Release
- Exchange Server 2007 Performance on VMware vSphere 4
- Microsoft Exchange Server 2010: Best Practices White Paper
- Check out the new Windows Live Messenger!
- Hyper-V Best Practice Analyzer now available
- Yet another major browser hits Android as Skyfire 2.0 beta launches
- Office and email on Windows Phone 7
- Virtualization and SAN Basics for DBAs Webcast Today
- Use Office 2010 to map a local drive letter to your free 25GB Live SkyDrive
- Is your Hyper-V configuration running according to “Best Practices”? Now you’ll know!
- T-Mobile Drops 5GB Cap, Ushers in a New Mobile Broadband Future – “…here’s a catch: go past that limit, and download speeds will slow.” I guess it’s a start.
Recent Comments