After done about 60+ Office 365 migrations, I’ve noticed that almost all customers have Applications, Multi function printers or other devices that send some kind of email to end-users or suppliers/Customers.
These devices normally use the SMTP-Protocol.
In this scenario I would like to allow SMTP traffic to my internet provider so that an application in my test environment is able to send notification messages. In this environment I use pfSense. For this to work, you have to create a port forwarding rule on the LAN interface forwarding traffic to any IP with port 587. This really does eliminate so much of the hassle with using an Office 365 SMTP account to send email. I really think that the app password is kind of hack, it's just another password that can be cracked! We are using Mailjet.
To make sure that the emails is sent secure, Microsoft recommend to Authenticate the Application or Device which is going to send email.
I always recommend the customers to create one or several specific Office 365 Accounts with a Exchange Online license.This way you can set password never expire and choose a complex password with 16 characters.
Configure the Application or Device with the following settings:
SMTP Server: smtp.office365.com
Encryption/TLS: YES
Port: 587
And of course, make sure to enter the specific account under username and password.
Pfsense Office 365 Smtp Setup
Can I test the SMTP connection?
Of course you can test the connection and the credentials before you deploy this solution.
I’ve created a simple Powershell script that can test this:
$smtpcred = Get-Credential
Send-MailMessage –From SMTP@thecloudgeek.net –To Administrator@thecloudgeek.net –Subject “Testing SMTP” –Body “This email is sent from Office365 SMTP server for test purpose” -SmtpServer smtp.office365.com -Credential $smtpcred -UseSsl -Port 587
This script can come in handy when some customer call you to report that the email from the Applications/Devices isn’t working correctly. You can test the connection and the credentials easily.
Make sure that you change the mail-addresses, the Subject and Body after your needs.
Remember
not all application and devices have support for TLS and or to use specific credentials when sending mail through smtp servers.
To solve this, you might need to install a SMTP relay server in your server-infrastructure.
Pfsense Office 365 Smtp Outlook
For more informations about other solutions and limits, visit Technet