An often forgotten task in any migration to Exchange Online is the use of SMTP from Multifunction devices (MFDs) and Line of Business (LOB) Applications to be able to send emails. Many times an existing Exchange Server maintains this capability since your most likely to keep on on-premises for administration.
If there is a requirement to use SMTP for MFDs and LOBs and there is no on-premises Exchange server for that function, there are three options:
- SMTP submission
- Direct Send
- SMTP Relay Server
This option requires a licensed Office 365 account. You can send from anywhere to internal and external recipients just like any other user. This method also bypasses most spam checks. Each MFD and LOB application will need to be manually reconfigured with the Office 365 SMTP address (smtp.office365.com) and the username/password of the licensed account. You only send from a single email address unless the devices are able to store multiple accounts and passwords. The method uses port 587 or 25 and is required to be open from the network to Office 365 for each device/app. TLS 1.2 and above must be used. Messages are limited to 30 per minute and 10,000 recipients per day. Also, only 3 simultaneous connections are allowed at one time.
This option does not require a licensed account; however, you can only send to internal recipients within Office 365. Each MFD and LOB will need to be manually reconfigured with your Exchange Online MX endpoint as the server or smart host. Messages sent using this method will be subjected to spam checks therefore it is recommended to add each MFD or LOB IP address to your SPF records. Not doing so may cause these emails to be delivered to a recipient’s junk email folder. Port 25 is used and is required to be opened from the network to Office 365 for each device/app. TLS is not required. Standard message throttling rates apply.
SMTP Relay Server
Uses a SMTP Relay server, such as IIS. Depending on the quantity of emails sent, this potentially can be collocated on an existing IIS server or another role such as AAD Connect (DirSync). This requires a licensed account. You can send to internal and external recipients just like any other user. Does not require individual authentication on each MFD or LOB app. You can configure a single Office 365 account with as many SMTP addresses as required in order to send from any address using a single account. If using single DNS entry for devices and apps, such as SMTP.domain.com, a mere DNS change can account for the cutover to the SMTP server, else each device needs repointed to SMTP server. Port 587 is used and is only required to be opened from the server to Office 365. No individual device or application requires direct connection to Office 365.
With the variety of options, no single SMTP option is a one size fits all solution. Per Microsoft, SMTP Submission is the recommended option for simplicity and security combined. However, some devices and applications may not support TLS. There may be some devices that are only intended to send email to internal recipients, which would make Direct Send an ideal fit. Having an SMTP Relay server provides a central administration point for greater control over email relay. This can also be beneficial if a certain device or application has no direct internet access and can only communicate to the internal network. Thankfully, you are not restricted to using only one option. All options can be used in any combination to meet the needs of the entire organization. With proper planning, transitioning all devices and applications over to Office 365 SMTP services can be a smooth and painless process.