Configure WordPress site send E-mail via Exchange Online (Office 365) | Provide user credentials without purchase Office 365 license | Part 5#6
In the current article, we continue to review the scenario in which we want to…
In the current article, we review a scenario in which we need to configure our WordPress site to use Exchange Online as “mail server”. The main character of this scenario is – that we want to configure our WordPress site to address Office 365 mail services without providing any user credentials (anonymously).
The reason for this requirement is – that we would like to avoid the need of purchase Office 365 user license that will be used for the authentication purposes.
Office 365 mail server host name
In Office 365 based environment, when we need to address the mail server that represents our domain name, anonymously, we need to address the hostname who is published in the MX record for our domain name.
In case that you don’t know the value of the Exchange Online server host name that represents your domain name, I add a special section at the bottom of the current article, in which we review the steps we need to implement for getting the required MX value.
WordPress mail plugin that we use
To mail communication configuration will be implemented by using useful WordPress mail plugin named- Postman SMTP Mailer/Email Log
The main advantage of this WordPress mail plugin is that he offers us a comfortable interface, and tools that enable us to deal with a troubleshooting scenario of mail failure, in which we don’t manage to send an E-mail to the destination recipient.
The characters of our scenario are as follows:
In the following table, we can see a summary of the “relationship” that are our WordPress website will have with the Office 365 (Exchange Online) mail server:
Because we don’t provide any user credentials, the E-mail that will be sent from the WordPress website to Exchange Online, will be identified as “problematic E-mail” and the Exchange Online server will stamp these E-mails with high SCL (spam confidence level) value.
In the next article – Creating Exchange Online bypass spam rule – whitelist specific sender E-mail address | Part 3#6 , we will review how to deal with this issue by creating an Exchange Online bypass spam rule, that will prevent the spam check when the sender E-mail address is email@example.com
In addition, we need to know that in this configuration, we will not be able to use the Exchange Online mail server for sending E-mails to recipients who considered as external recipients. In a scenario in which don’t provide user credentials, the Exchange Online mail server will not approve to “forward” (relay) the E-mail to the external recipients.
In this section, we will review how to install the Postman SMTP Mailer/Email Log WordPress plugin.
In the following section, we review how to configure the Postman SMTP plugin to use Exchange Online as a “mail server.” server”. It is important to emphasize that in our scenario, we will configure a communication channel with the Exchange Online server using SMTP protocol.
I emphasize this “detail” because, there is an option to use another communication channel, that is based on an authenticated mail session + TLS protocol, and that scenario requires different configuration settings. The article – Configure your WordPress site to send E-mail via Exchange Online (Office 365) provide user credentials | Part 4#6 include step by step description of the TLS settings.
In the following table, we can see the values of the different parameters that we will configure in our specific scenario:
|Outgoing Mail Server Hostname||o365info-com.mail.protection.outlook.com||Number 2|
|Outgoing Mail Server Port||25||Number 3|
|Envelope-From Email Address||The “sender” E-mail address||Number 4|
Outgoing Mail Server Hostname
In the field name – Outgoing Mail Server Hostname, we need to write the hostname of the mail server that we are going to address.
In our scenario, I use the hostname of the Office 365 mail servers (Exchange Online) that represent my domain – o365info.com
The hostname of my Office 365 mail server is- o365info-com.mail.protection.outlook.com
Security + Authentication
The value that we set for the Security + Authentication field is “None” because the E-mail address that we use is not “attached” to a specific Office 365 user.
In this section, we define the “identity” of the WordPress sender that will appear in the E-mail message that will be sent out.
In our example, the E-mail address that we will use as the “sender E-mail address”
Is – firstname.lastname@example.org
In the following section, we review the process in which we verify that the mail server settings were configured correctly and that we manage to successfully send E-mail to the destination recipient.
In our scenario, the WordPress sender identity is represented by the E-mail address email@example.com and we will send E-mail to “another o365info.com recipient.”
The expected results are:
In addition, the E-mail that we sent via the WordPress site will probably classify by the Exchange Online server, as a “problematic E-mail” because, the sender “claim” that he belongs to o365info.com, but he cannot provide user credentials.
Sending test E-mail to organization recipient
In the following screenshot, we can see that the E-mail address was successfully sent to the destination recipient.
The meaning is that:
Now, we want to check what happened to the “other side” meaning, the side of the destination recipient.
In the following screenshot, we can see that the E-mail reaches to Bob’s mailbox. However, it’s important to notice that the E-mail was classified a “spam mail” and for this reason, sent to the junk mail folder!
How does Exchange Online treat “suspicious sender”?
The reason for this “strange phenomenon” in which the E-mail address that was sent from the WordPress site reaches the junk mail folder is, because the mail server that host our domain (o365info.com in our example) cannot trust a mail client, that his E-mail address includes our domain name, but the mail client didn’t provide any user credentials.
From the mail server point of view, the sender considers “suspicious”!
For this reason, the mail server can decide to reject the E-mail message that sent from the “untrusted sender” or mark the E-mail message as “spam mail.”
In Exchange Online based environment, the Exchange Online mail will not reject or delete the
E-mail that was sent by the “suspicious sender” but instead, “stamp” the E-mail using high SCL value.
Analyzing the information in the E-mail message header
To be able to understand better the reason for this “phenomena,” we will look at the E-mail header content that was sent to Bob.
In our example, we analyze the E-mail header content by using the Microsoft Remote Connectivity Analyzer
Exchange stores the information about the “spam level” of specific E-mail in the mail
In the following screenshot, we can see that Exchange Online stamp the E-mail using SCL=5. The meaning is that there is high chance that the E-mail is sent by “problematic sender.”
When looking at an additional mail field named – MS-Exchange-Organization-AuthAs, we can see that the value is – Anonymous
The reason in which the Office 365 mail server “think” that the E-mail is a spam mail is, because the sender uses the domain name that is hosted by Exchange server (o365info.com) but considers as “Anonymous sender” meaning, unauthenticated the sender.
In the next article – Creating Exchange Online bypass spam rule – whitelist specific sender E-mail address | Part 3#6 , I will provide a possible solution for this problem, by creating an Exchange Online bypass spam rule that will treat E-mail that sends by firstname.lastname@example.org as a legitimate E-mail message.
In the following section, we will review an additional scenario in which we want to send E-mail to the external (non-organization) recipient.
The expected result is that the test will fail!
The reason for this “expected failure” is related to the fact that we address Office 365 mail server Anonymously.
In the previous section, we have seen, that the Office 365 mail server “agreed” to accept the E-mail address that was sent to Bob@o365info.com.
The Office 365 mail server “agreed” to accept the E-mail because he represents the specific domain name (in our example – o365info.com).
In case that we ask from a mail server to deliver E-mail to the recipient who is hosted at “other domains,” this process described as “relay.”
By default, the basic security setting of mail servers, will not allow to the mail server to “relay E-mail message” if the sender is Anonymous meaning – didn’t provide any user credentials.
To recap, one of the disadvantages of the scenario in which we address Office 365 mail server using SMTP and without providing user credentials is – that we cannot ask from Office 365 mail server to send E-mail to “external recipient.” This issue cannot be “fixed.”
In case that we need to send E-mail to “external recipient,” we will need to use TLS session + provide user credentials.
The instructions for this configuration appear in the article – Configure your WordPress site to send E-mail via Exchange Online (Office 365) provide user credentials | Part 4#6
Sending test E-mail to external recipients
In the following screenshot, we can see that we didn’t manage to send the E-mail to the external recipient. The error message is –
5.7.64 TenantAttribution; Relay Access Denied
In simple word – the Office 365 mail server inform us that – he is not willing to “relay” (deliver) the E-mail address to the destination recipient!
In the following section, I would like to review the process of accessing information about mail transaction that is stored in the Log file.
One of the features that I like in the Postman SMTP Mailer/Email Log plugin is the ability to access the Log file that includes detailed information about each mail transaction.
The ability to look at the log file, enable troubleshoot a scenario, and we experience “mail communication failure” for a specific recipient or specific domain.
In the following screenshot, we can see an example of the “documentation” of the mail transaction that occurred.
In the following screenshot, we can see the “recording” of the session that occurred between our WordPress site (the Postman SMTP Mailer/Email Log plugin) and the destination mail server.
In our specific example, we can see information about the E-mail that we try to send to external recipients. We can see that we manage to connect the Office 365 mail server but the Office 365 mail server “refuse” to accept the “delivery request” to the external recipient (refusing to relay the E-mail).
To be able to address the Office 365 mail server (Exchange Online) that represent our domain name anonymously, we will need to find the host name of our mail server.
The information about the host name of “our Office 365 mail server” or in other words, the hostname who appears in the MX record that represents our domain, the name appears in the Office 365 portal.
To be able to get this information we will need to login to Office 365 portal using Global administrator credentials.
Select the domain name which you want to view his DNS settings
In the following screenshot, we can see the information about the DNS records
We want to know what is the value of the MX record that Office 365 creates for our publicly registered domain name.
In our example, the value of the MX record is – o365info-com.mail.protection.outlook.com
Creating Exchange Online bypass spam rule – whitelist specific sender E-mail address | Part 3#6
This Post Has 0 Comments