SMTP Relay

-

 

📬 What is Relay in Exchange?

SMTP Relay in Exchange (on-prem or Exchange Online) is the process of allowing internal systems or devices (like printers, apps, or mail servers) to send emails via your Exchange server — either within your domain or externally.

It’s a way to let unauthenticated devices or apps send mail using your mail server without needing a full mailbox or login.

📡 Why Do You Need SMTP Relay?

  • Applications that generate alerts (e.g., monitoring tools)

  • Multi-function printers/scanners that email documents

  • Devices that cannot authenticate using modern protocols

  • Web services that send notification emails

🧩 Types of SMTP Relay in Exchange

TypeDescriptionUse Case
Internal RelaySends mail within your organization (accepted domains)Internal apps, device alerts
External RelaySends mail to external domains (outside your org)Newsletters, app-generated email to customers
Anonymous RelayAllows unauthenticated clients to send mail through ExchangeDevices like printers or scanners
Authenticated RelayRequires valid credentials to relaySecure app-to-email server connections

🛠️ How SMTP Relay Works in Exchange

  1. A device (e.g., a printer or app) sends an email via SMTP to the Exchange server.

  2. Exchange receives the message.

  3. If configured correctly, Exchange relays that message either internally or to the internet.

  4. Exchange then routes and delivers the email to the recipient.

🧱 SMTP Relay in Exchange On-Prem (2016/2019)

To Enable SMTP Relay:

  • Create a Receive Connector with:

    • Port: Usually 25

    • Remote IP ranges: Only allow specific IPs (e.g., printers, apps)

    • Authentication: Allow anonymous (if needed)

    • Permission group: Enable "Anonymous Users"

⚠️ Important: Only allow relay from trusted IPs to prevent misuse (spam relay attacks).

☁️ SMTP Relay in Exchange Online (Microsoft 365)

You can set up relay in 3 ways:

MethodDescriptionAuth Needed
Direct SendSend email directly from device to Exchange Online❌ No login needed
SMTP Client Submission (SMTP Auth)Use port 587 + TLS + credentials✅ Yes
Microsoft 365 SMTP RelayUse a connector in Exchange Online + trusted IP❌ No login, but IP must be whitelisted

✉️ Common SMTP Relay Ports

PortUsage
25Standard SMTP relay (used for internal and external relay)
587SMTP submission with authentication and encryption
465Deprecated (used for SMTPS, but not commonly in Exchange)

❗ Common Issues with SMTP Relay

IssueCauseFix
❌ Relay access deniedThe IP is not authorized to relayAdd IP to allowed list in Receive Connector
❌ Authentication requiredApp/device doesn’t support loginUse anonymous relay or allow relay by IP
❌ TLS/Port issuesWrong port or encryption settingUse correct port (25 or 587), enable STARTTLS
❌ SPF/DKIM failureSending domain not authorizedAdd sending IP to SPF record in DNS
❌ Mail goes to spamNo proper headers or authUse correct headers, consider authenticated relay or DKIM/DMARC setup

✅ Best Practices

  • Only allow trusted IP addresses to use relay.

  • Use authenticated relay where possible for security.

  • Monitor relay usage to avoid abuse (spam or spoofing).

  • For Microsoft 365, use SMTP Relay Connector with static IPs and authentication.

🧪 Real-Life Example

You have a network printer that scans and emails documents. It doesn’t support login or TLS. You create a Receive Connector in Exchange on-prem that allows anonymous relay from the printer’s IP. The printer can now send scanned docs via email to users inside and outside the company.

Popular posts from this blog

Autodiscover

-
  "Autodiscovery" (or  Autodiscover , more precisely in Microsoft terms) is a service that automatically configures email clients, mainly Outlook, to connect to mailboxes without users having to enter all the settings manually. 💡  What is Autodiscover? Autodiscover  is a Microsoft Exchange service that provides configuration information to email clients (like Outlook or mobile devices) so they can set themselves up with minimal user input. 🔧  What Does Autodiscover Do? When a user enters just their  email address and password , Autodiscover helps the client automatically find: Mail server addresses (Exchange or Microsoft 365) Mailbox settings Calendar and contact URLs Offline address book (OAB) settings Outlook Anywhere settings Unified Messaging (if used) Internal and external URLs 🧠  How It Works (Simplified Flow): User opens Outlook and enters their email address + password. Outlook sends a request to the  Autodiscover service : Tries a few ...
Read more

Azure Active Directory (Azure AD)

-
  Azure Active Directory (Azure AD)  is Microsoft’s  cloud-based identity and access management service , which is the cloud counterpart to the traditional  on-premises Active Directory (AD) . While  Active Directory (AD)  is designed for managing users, groups, and devices within an organization's  internal network ,  Azure AD  extends this functionality to manage identities across cloud-based resources, applications, and services. Azure AD helps organizations manage user access to cloud services (like  Office 365 ,  Azure services ,  third-party apps , etc.) and provides features like  Single Sign-On (SSO) ,  Multi-Factor Authentication (MFA) , and more — all while maintaining security and compliance in the cloud. Key Differences Between Active Directory (AD) and Azure Active Directory (Azure AD): Deployment Location : AD  is  on-premises , running in an organization's internal network. Azure AD  is...
Read more

Active Directory (AD)

-
   Active Directory (AD)  is a  directory service  developed by Microsoft to manage and organize a network's resources, such as users, computers, printers, and other devices. It’s a central component in managing permissions, security, and access control across the entire network. AD allows admins to control who can access what within the network and apply policies and settings consistently. Here’s a more detailed breakdown of  Active Directory : Key Features of Active Directory: Directory Service : It acts as a  centralized database  for storing and managing directory information (like users, computers, groups, and resources). It uses  LDAP (Lightweight Directory Access Protocol)  for communication between client machines and the server. User Authentication and Authorization : Active Directory ensures  only authorized users  and  computers  can access the network resources. It enforces  user policies  (like ...
Read more