Office 365 allows unauthenticated mail relay to email addresses in your organization if you have a static IP address and we’ll outline the exact setup steps in this post.
Scenario and Network Setup
Most offices have at least one copier that is used to email scanned documents to employees. Recently, one of our clients could not get one of their copiers to send email through Office 365. After further investigation, it was revealed that the copier’s firmware did not provide sufficient encryption to go through Exchange Online.
To combat the encryption issues, we installed the free hMailServer (https://www.hmailserver.com/) on one of their local Windows servers. The copier was then configured to send to hMailServer which in turn sends the email to Exchange Online.
Of course there was still an authentication issue at Microsoft so the easiest solution was to permit mail relaying from the client’s static IP address.
Whitelisting Static IP Addresses
Log in as an administrator to your Office 365 account and go to the Admin section. On the left hand side pick the Exchange Admin Center.
Once the Center opens up, select the Protection section.
Select the Connection Filter at the top, then edit the default rule by highlighting Default and clicking on the pencil icon.
Select the Connection Filtering option on the left and then add your static IP address by clicking on the ‘plus’ icon. Then click save. That’s all there is to it!
In this example, emails were still not going through even after approving the static IP address. The next step was to turn on logging on hMailServer which revealed that the static IP had been blacklisted for spam. The ISP had recently been changed so whomever had the IP address before must have been doing something not so nice. Below is a relevant section of the log:
“RECEIVED: 550 5.7.606 Access denied, banned sending IP
It’s really easy to delist the static IP. Go to https://sender.office.com/ and enter your IP and email addresses. You’ll receive this response:
Then check your email to prove you’re legitimate:
It will take a little while for this to go into effect.
If you have devices on your network that need to send email but don’t support authentication or encryption then this method will allow you to relay without either with a static IP. Good luck!