Email query
- 
 @Carnival-Boy said in Email query: If I want to send an e-mail to @bishnitro I can just make an SMTP connection to his server and send him an e-mail, can't I? In theory, yes. But with modern security, that's never realistically possible. 
- 
 @bishnitro said in Email query: is there a relay that is friendly to non-linux user like me? I just built one this week.  It seems to be a popular topic at the moment. It seems to be a popular topic at the moment.
- 
 @scottalanmiller said in Email query: But with modern security, that's never realistically possible. Why not? 
- 
 @scottalanmiller said in Email query: @Carnival-Boy said in Email query: If I want to send an e-mail to @bishnitro I can just make an SMTP connection to his server and send him an e-mail, can't I? In theory, yes. But with modern security, that's never realistically possible. It will not work. when an app tries this is will get blocked for relaying. 
- 
 @Carnival-Boy said in Email query: @scottalanmiller said in Email query: But with modern security, that's never realistically possible. Why not? Lots of reasons, all around security and stopping spam, none of these are 100%, but most are like 95% true and with the overlap, it's nearly 100% that it would cause an issue: - Port 25 is not always used any longer, it's one of three main ports.
- TLS is often required.
- SPF records are sometimes required.
- Reverse lookups almost always need to work.
 And more. Accepting email from "just anywhere" isn't done any longer. At a minimum most sites need to be set up as the official email system for the domain in question. Getting email to the big boys that represent most of the market (MS, Google, etc.) is even harder. 
- 
 If you don't have all of these things, then some systems will allow you to connect as an authenticated user, if you have an account on that system, which is what we are trying to do here. But the issue is that the proprietary software doesn't allow for the user to log in on the email system so that doesn't work. 
- 
 @Carnival-Boy said in Email query: @scottalanmiller said in Email query: But with modern security, that's never realistically possible. Why not? doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing. 
- 
 Then you could use a different domain address. 
- 
 @JaredBusch said in Email query: I guess you could actually just create an anonymous receive connector in Office 365 and restrict it to your public IP. - Sign in to Office 365
- Go to Exchange Admin
- Select Mail Flow
- Select Connectors.
- Click the Plus
- These options to get past the stupidity filter
- Name it
- Click the second radio button to require an IP and click the plus.
- Enter your public subnet for the office
- Click next
- Verify and click save
- There you go.
  
- Set said shitty app to use FQDN.mail.protection.outlook.com for the SMTP server
- mine would be bundystl-com.mail.protection.outlook.com
 
 
- 
 @Dashrender said in Email query: @Carnival-Boy said in Email query: @scottalanmiller said in Email query: But with modern security, that's never realistically possible. Why not? doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing. Not if you make a connector as I just listed. 
- 
 @scottalanmiller said in Email query: - SPF records are sometimes required.
 You can create an SPF record for the IP address of the application sending the e-mail. 
- 
 @Carnival-Boy said in Email query: @scottalanmiller said in Email query: - SPF records are sometimes required.
 You can create an SPF record for the IP address of the application sending the e-mail. Yes, if you have a static IP address. 
- 
 @Carnival-Boy said in Email query: Then you could use a different domain address. Sure, one that you are going to be an authoritative email host for. 
- 
 @Carnival-Boy said in Email query: Then you could use a different domain address. Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam. 
- 
 @JaredBusch said in Email query: @Dashrender said in Email query: @Carnival-Boy said in Email query: @scottalanmiller said in Email query: But with modern security, that's never realistically possible. Why not? doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing. Not if you make a connector as I just listed. Very nice bro! 
- 
 @Carnival-Boy said in Email query: @scottalanmiller said in Email query: - SPF records are sometimes required.
 You can create an SPF record for the IP address of the application sending the e-mail. Well first, you will have to have a second domain that is not controlled by Office 365. 
 Then you have to make an SPF on said second domain.
 Then you have to train users not to ignore it as spam.
- 
 @Dashrender said in Email query: @Carnival-Boy said in Email query: Then you could use a different domain address. Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam. Yup, same reasons that we say to not run your own in house email servers in general. Some people get lucky and it just works. Others can never get reliable email delivery. Tons of IP addresses like most cloud hosts and most normal connections are black listed by the big carriers to avoid spam. So sometimes nothing you do as a small email player matter. Other times, it just works. You take your chances. 
- 
 @Dashrender said in Email query: @JaredBusch said in Email query: @Dashrender said in Email query: @Carnival-Boy said in Email query: @scottalanmiller said in Email query: But with modern security, that's never realistically possible. Why not? doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing. Not if you make a connector as I just listed. Very nice bro! Added the last step for the SMTP address. missed that initially. 
- 
 @Dashrender said in Email query: @Carnival-Boy said in Email query: Then you could use a different domain address. Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam. I guess what I'm talking about is Direct Send. Microsoft used to recommend this approach with O365. Are you all saying this is no longer supported, or it is just very unreliable? 
- 
 Note, making a connector in Office 365 is subject to limiters that accept only so many messages in a specified time frame, and also a total cap per day. It is not a recommended way of handling a mail relay. It will work fine for @bishnitro's needs though as they are listed as internal only, and I assume low use. 











