How to Set Up an Office 365 SMTP Relay with Connectors


The Best WordPress plugins!

1. WP Reset

2. WP 301 Redirects

3. WP Force SSL

Establishing a mail relay for Office 365 requires two separate servers, each connecting to the other. This setup is often used in conjunction with an Office 365 Connector, which helps the exchange data between these servers automatically.
This guide will walk you through setting up your own connector and use it to set up an outgoing SMTP relay that can send email from another domain’s server.

The “office 365 smtp relay connector” is a tool that allows you to set up an Office 365 SMTP Relay with Connectors. The connector will allow your email server to send emails through Microsoft’s servers.

How to Set Up an Office 365 SMTP Relay with Connectors

Email is everywhere, whether you like it or not. SMTP is the mechanism for sending email throughout the world, and SMTP “routers” are SMTP relays.

Are you not a reader? Check out the video that goes along with this instruction.

Setting up SMTP relays varies per system, however your choices are restricted if you use Office 365 as your mail service provider. Setup may be time-consuming and error-prone, particularly for devices that don’t support TLS.

It’s worth noting that sending email using Office 365 doesn’t need the use of an SMTP relay. Clients may send emails directly to Office 365 without the need for an SMTP relay, which requires no setup adjustments. Read How to Send Office 365 Direct Send/SMTP Client Submission Email to learn more (PowerShell).


These are the prerequisites for moving forward.

  1. A subscription to Office 365. If you don’t already have it, you may sign up for a free trial of Office 365 E5.
  2. PowerShell v5.1 on a Windows 10 PC
  3. An IP address that is public and static. Even if you don’t have this, you can still set up an SMTP relay in Office 365, but you won’t be able to test it.
  4. Access to your Office MX endpoint over TCP port 25 from a client
  5. A valid SSL certificate is required. This certificate might be a wildcard certificate (for example, * issued by a third-party certificate authority such as LetsEncrypt, Digicert, or others. It’s important to note that self-signed certificates and certificates generated by an internal PKI aren’t supported. (necessary solely for TLS connections)

You must first construct an SMTP connector in Office 365 to accept SMTP transactions before you can set up an SMTP relay. The application or device will send SMTP relay transactions to this connection.

Make sure your account has the appropriate Exchange Online permissions before attempting to establish a connection. Ascertain that your account belongs to the Organization Management group.

A connection may be made in two ways. You may use either the Exchange Admin Center or PowerShell to do this. Both solutions will accomplish the same goal. Which one you use is entirely up to you. Both will be discussed in this post. We’ll also go through how to make TLS and non-TLS connections.

Using the Exchange Admin Center, create a Non-TLS Connector.

First, let’s make a non-TLS connection. The Exchange Admin Center is where you’ll first discover how to accomplish this. In the Exchange Admin Center, you may customize a variety of Office 365 SMTP settings.

Once logged in, click on mail flow (1) –> connectors (2) –> New (3). The a brand-new connector window will pop-up.

a brand-new connectora brand-new connector

In the a brand-new connector window, select From: Your organization’s email server (1), select To: Office 365 (2), click Next (3).

Making a decision on a mail flow scenarioMaking a decision on a mail flow scenario

Enter the name SMTP Relay (Non-TLS) or your own name in the next box (1), input the description Accept relay from on-premises SMTP Server (2), deselect Retain internal Exchange email headers (recommended) (3), and click Next (4).

The connection is given a name.The connection is given a name.

Select By confirming that the transmitting server’s IP address matches one of these IP addresses that belong to your business (1) in the next box, and then click Add (2).

Adding IP addresses to the connection that are authorizedAdding IP addresses to the connection that are authorized

Type your public IP address (1) in the new pop-up box, then click OK (2). You should be taken back to the previous window as a result of this.

Adding IP addresses to the connection that are authorizedAdding IP addresses to the connection that are authorized

Check that the IP address has been added to the list (1) before moving on to the next step (2).

Adding IP addresses to the connection that are authorizedAdding IP addresses to the connection that are authorized

After that, you’ll get a summary of the modifications you’ll need to make. Prioritize the essential adjustments. You may go ahead and click Save if there aren’t any.

Back in the Exchange Admin Center, you can now confirm that the a brand-new connector has been created.

The Office 365 Connector was developed.The Office 365 Connector was developed.

A non-TLS connection should now be formed.

Using Exchange Admin Center, create a TLS Connector.

Creating a TLS connector is similar to creating a non-TLS connector. Like how you created a non-TLS connector, head back to the a brand-new connector wizard and use the same mail flow scenario. I’ll be using a a connector name of SMTP Relay (Non-TLS) but yours may vary.

Select the following options in the box to decide how Office 365 should recognize mails from your email server:

  • By confirming that the subject name on the certificate used by the transmitting server to authenticate with Office 365 corresponds to this domain name (recommended) (1)
  • then enter in the SSL certificate’s topic (2)
  • and then choose Next (3).

Using Exchange Admin Center, create a TLS Connector.Using Exchange Admin Center, create a TLS Connector.

You’ll get an overview of the required modifications once again. Prior to processing, work on them first. If there are none, you may immediately click the Save button.

Using PowerShell, create a non-TLS connector.

If using the GUI to build Office 365 connections isn’t your thing, you can always use PowerShell. Make sure you’re connected to Exchange Online PowerShell first.

The New-InboundConnector command must be used to construct the connection. Because this operation takes a few distinct arguments, I’ll use PowerShell splatting to set them up ahead of time.

I’ve included some comments to the code below, but here’s a list of each argument and what it does:

  • Name – This is the connector’s name.
  • ConnectorType – This is the connector’s type. OnPremises or Partner are two options for this value. The suitable type in this case is OnPremises.
  • SenderDomains – This is a list of the sender domains that are permitted. Valid domains for your tenant are only those that have been confirmed. The asterisk (*) indicates that you are enabling this connection to transport messages to all of your verified domains. Change this value to an array of sender domains if you only need to accept certain sender domains. (For example, ‘’ and ‘’)
  • This is your public IP address. SenderIPAddresses – This is your public IP address. Remember to modify this before executing.
  • When this value is set to $true, it means that this connection will only receive emails from sender addresses that originate from your permitted public IP address.

@splat = $splat $splat $splat $splat $splat Specify the connector’s name. ## Defined the kind of connection to construct with the name ‘SMTP Relay.’ ‘OnPremises’ is the connector type. ## The list of sender domains that are permitted to relay. ## SenderDomains =’*’ Replace this with your public IP address. ‘110.x.x.x’ as SenderIPAddresses ## Restrict email relay to just your sender domains and IP addresses by setting RestrictDomainsToIPAddresses = $true ## Create the New-InboundConnector @splat connection.

When you run it, you should get something like this.


Using PowerShell, create a TLS Connector.

Run the code below to construct a TLS connection using PowerShell, assuming you’re connected. Many of the settings are the same when building a non-TLS connection, as you can see below. The following are the needed settings that vary from those for a non-TLS connector:

  • This indicates that any messages received by this connection must be sent via TLS.
  • The name (or topic) of the certificate used by the sender is TlsSenderCertificateName.

@splat = $splat $splat $splat $splat $splat Specify the connector’s name. ‘SMTP Relay (TLS)’ is the name of the service. The sort of connection that should be made. ## The collection of sender domains that may relay. ConnectorType = ‘OnPremises’ ## SenderDomains =’*’ TLS is required. $true ## RequireTLS TlsSenderCertificateName = ‘*’ ## Subject/Name of SSL certificate Create the New-InboundConnector @splat connection.

Use the code above to construct a TLS connector that is ready to receive email.

Using PowerShell to test the Office 365 SMTP Relay Connector

Prepare to test the connection when it has been created. PowerShell is the simplest method to do this. We’ll write some PowerShell scripts in this part to help you simply test the connector’s functionality.

Before you begin testing, make sure you know what your Exchange Online domain’s MX endpoint URL is. Log in to the Office 365 Admin Portal if you don’t know where to look for your MX endpoint URL. Copy the MX Points to address or value by going to Setup, selecting Domains, clicking the Domain name, and copying the MX Points to address or value.

A non-TLS SMTP Relay was put to the test (IP Address)

Note: You must do this testing from a computer with a public IP address that is authorized in the Office 365 SMTP relay configuration.

For testing, use the PowerShell code below. Before executing it, be sure to adjust the From, To, and SmtpServer parameter values to match your Office 365 SMTP relay settings.

  • To – One internal domain recipient and one external domain recipient must be included. Remember to replace these values with your own.
  • Change the From field to your preferred sender address. One of your tenant’s email domains must be used as the domain component of the email address.
  • SmtpServer — This must be replaced with the MX endpoint for your Office 365 tenancy.

TLS SMTP Relay Testing (Certificate)

Before you can start with this test, you must have a public SSL certificate in PFX format.

Because the TLS SMTP relay needs a certificate, the Send-MailMessage PowerShell cmdlet cannot be used because it does not enable you to provide a certificate. Instead, declare the SMTP parameters using System.Net.Mail.SmtpClient and compose the message with System.Net.Mail.MailMessage using two.NET objects: System.Net.Mail.SmtpClient and System.Net.Mail.MailMessage.

You may use the PowerShell code snippet below to test the TLS SMTP relay. Before launching it, be sure to adjust the pfxFile, pfxPass, From, To, and SmtpServer variables to utilize your Office 365 SMTP relay settings.

# specify the full path of your PFX certificate $pfxFile = “C:Certificatecert.pfx” $pfxPass = ‘<cert password here>’ $pfxBytes = Get-Content -path $pfxFile -encoding Byte -ErrorAction:SilentlyContinue $X509Cert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 $X509Cert.Import([byte[]]$pfxBytes, $pfxPass,”Exportable,PersistKeySet”) # Build SMTP properties $smtpServer = ‘<tenant>’ $smtpPort = ’25’ $smtp = New-Object Net.Mail.SmtpClient($smtpServer,$smtpPort) $smtp.ClientCertificates.Add($X509Cert) $smtp.EnableSSL = $true # Compose message $emailMessage = New-Object System.Net.Mail.MailMessage $emailMessage.From = ‘[email protected]’ $emailMessage.To.Add(‘[email protected]’) $emailMessage.To.Add(‘[email protected]’) $emailMessage.Subject = (‘SMTP Relay (TLS) – ‘ + (Get-Date -Format g)) $emailMessage.Body = ‘This is a test email using SMTP Relay (TLS)’ # Send the message $smtp.Send($emailMessage)

If the TLS connection is correctly configured, the test email should be sent to the recipients specified using the Add() function.

Using a local server and Office 365 SMTP relay, you now have a working SMTP relay. All of your devices passed the testing, and you may now send messages to both internal and external receivers. You did an excellent job!

If you’re still not sure if these messages are traveling via the Office 365 SMTP relay, look at the message headers of the emails you’ve received.

Note that various mail clients have different ways of opening message headers. The sample following is particular to Gmail.

Open the email in Gmail, open the message, and then click the three vertical dots (1), followed by Show original (2).

Using the Message Header to Validate SMTP Relay HopsUsing the Message Header to Validate SMTP Relay Hops

The email message headers will be shown on a different page. Copy to clipboard is selected (1).

Using the Message Header to Validate SMTP Relay HopsUsing the Message Header to Validate SMTP Relay Hops

Navigate to in a new browser tab.

Go to the Message Analyzer (1) tab, paste the copied data into the box (2), and then choose Analyze Headers from the drop-down menu (3).

Header analysisHeader analysis

The outcome of the analysis will be shown in the table below.

Analyzing the outcomesAnalyzing the outcomes

In the aforementioned results, you should observe the following workflow:

  1. The computer’s origin is indicated by the IP address
  2. The message was received by an on-premises SMTP relay server.
  3. The communication was received by Exchange Online Protection (EOP).
  4. The message was received by the Exchange Online server and re-routed for outbound delivery.
  5. The message was sent from Office 365 to

You can ensure that the message passed via the Office 365 SMTP relay as planned based on the analysis findings.


You learnt how to set up a TLS and non-TLS Office 365 SMTP relay in this post. You also learnt how to use various approaches to test and check their functioning, as well as how to verify the SMTP routes that the message had travelled through.

Additional Reading

The “office 365 smtp relay modern authentication” is a feature that allows you to set up an Office 365 SMTP Relay with Connectors. This will allow your email server to use the Office 365 service as the source of email, instead of your own server.

Frequently Asked Questions

How do I create a SMTP relay connector in Office 365?

A: To create a SMTP relay connector, go to your Office 365 admin portal and navigate to mail flow settings. Then click on the connectors tab. From there you can create as many types of connectors as needed for your organizations needs including creating new ones or modifying existing ones like relays.

How do I relay an email in Office 365?

A: To relay an email in Office 365, follow these steps.
1) Open the Inbox tab at the top of your Outlook screen and select the message you wish to send.
2) Click on Options down next to Send/Receive.
3) Select Delivery Reports > Single-Send Report or Double-Send Report depending on how many people will be receiving your email report (the more recipients, the longer it takes).
4) In User Type or Group Name, enter a name that is relevant for those who might forward this report in order to track its progress – such as HR or Finance department names are good examples of suggested names here.

How do I set up outbound connectors in Office 365?

A: You can set up outbound connectors in Exchange Online. To do so, follow the steps below:
1) Navigate to
2) In the top left corner of your browser, you will see a drop down box labeled Outgoing Connector. Click on this and then click on Create Outgoing Connector.
3) Choose whichever options make sense for what you want to use it for (for example, if you wanted an email connector that send emails as PDFs). 。 。 。 Additionally, Office 365 also includes additional services such as messaging and chat which are provided by Microsoft Teams or Skype for Business Cloud PBX respectively..

Related Tags

  • smtp settings
  • office 365 smtp settings for scanner
  • office 365 smtp relay not working
  • office 365 whitelist ip for smtp relay
  • office 365 on-premise smtp relay

Table of Content