Configure your WordPress site to send E-mail via Exchange Online (Office 365) provide user credentials | Part 4#6
In the current article, we review how to configure a WordPress site, to address Office…
One of the most common questions among Office 365 customers is: how to implement a scenario in which on-Premises device or application, sends mail via the Exchange Online infrastructure.
The main reason for the uncertainty regarding this process arises from two main factors:
The primary purpose of the current four article series is to expose and explain the two main options that are available to us for implementing mail delivering via Exchange Online and provide a “how to“ description of the required steps and configuration settings.
Let’s start with the definition of the most basic terms. When we say that we need to send mail to the “cloud,” what is the meaning? Who is this “cloud” that we want to address?
In the Office 365 environment, the mail infrastructure is implemented by using the Exchange Online architecture.
In the Office 365 environment, when we say that we want to send an E-mail to the “cloud,” we mean – sending E-mail to Exchange Online based server. If we want to be more accurate, in an Office 365 environment the “representative” of the Office 365 mail infrastructure that “talks” to elements of the public network is the EOP – Exchange Online Protection.
The EOP serves as the mail security gateway that protects the Office 365 mail infrastructure.
Exchange Online server’s responsibility is to host the Office 365 user mailboxes, and the EOP responsibilities are to handle mail security and communication with the public network.
Most of the time we relate to EOP server as a “single entity” but if we want to be even more accurate, the term “EOP” does not refer to a particular Exchange mail server, but instead, to tens and maybe even hundreds of “hosts” (EOP mail servers).
In the current article, we will refer to the mail server that we want to address as Exchange Online or EOP (Exchange Online Protection), although the most accurate term is EOP.
An additional term that we need to clarify is the term “I” or “me.
When we say that we need to send E-mail to Exchange Online, what is the object that serves as the “source mail client”?
In reality, the “source mail client” can be translated into a number of options such as:
It’s important that we understand that there is a different type of “source mail client” because each of the specific mail clients has different characters and capabilities.
When we want to address the “Public mail server” of Office 365, we can relate to the EOP (Exchange Online Protection) server by using two different “entities.”
When we address the EOP server by using the hostname who appears the domain MX record or, by using the public IP address that is “mapped” to the MX record, the mail client can address the EOP server by using a “standard SMTP communication channel”.
In this scenario, the mail client doesn’t need to implement encryption and authentication.
In the following diagram, we can see a representation of the EOP server “two interfaces.”
At first glance, an obvious question could appear in our mind: Why does the EOP need to have two different interfaces (entities)?
The general answer to this question is that – each of the EOP “identities” created for answering different mail flow scenario.
In the following diagram, we can see a summary table that compares the two “EOP identifies” and the characters of each scenario.
The “formal identity” or interface of EOP is defined as a secure communication channel.
When we chose to implement secure communication channel with EOP, we address the EOP server by using the generic hostname: smtp.office365.com
I use the term “generic hostname” because this hostname is not related to a particular Office 365 tenets or a specific public domain but, to all the Office 365 tenants that use a mail client, that need to address a “mail server.”
I use the term: “secure communication link” because when we address the EOP hostname: smtp.office365.com the mandatory requirement is that the mail client will be able to provide user credentials + use an encrypted mail protocol – the TLS protocol.
The main benefits of using a “secure communication link” are:
The ability of a recipient to address a mail server and ask it to deliver email messages to an external recipient (recipient who has a domain name that the mail server is not authoritative for it) considered as a “relay.”
The “relay operation” will be implemented by the EOP and Exchange Online only if the mail client considered as an “authenticated user.”
In case that we want to enable a particular device such as a printer which is represented by the E-mail address: email@example.com.
To send an E-mail to an external recipient, who uses the E-mail address: Alice@hotmail.com, the mail client (the printer in our scenario) will have to consider as an “authenticated user.” Only then the EOP server will “agree” to forward the E-mail message to the external recipient.
The main disadvantages of using a “secure communication link” are:
The need to create a TLS communication channel with the EOP server and provide a user’s credentials could be considered as “problematic” in some scenarios.
For example, a scenario in which the mail client (application or hardware device) doesn’t support, the option of using the TLS protocol.
In this case, the available options that we can use are:
The main advantage of using mail flow that considers as a “non-secure communication link” is that in case that our device or application doesn’t support TLS and, we don’t have the option to use an Intermediary element; such as a mail relay, we can enable the mail client to communicate directly with the EOP server.
In other words: the mail client will need to provide user credentials and support the use of the TLS protocol.
This Post Has One Comment
I have one question please. I would like to use smart host in o365.
What I would like is to create one domain mysmarhost.mydomain.com and set up mx records. The first mx is my smtp server ( in my partner cloud) and o365 as the second MX.
My question is what o365 server name do I have to set as the second MX