Exchange Online - Unrecognized authentication type

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
chrissezhi
New user
New user
Posts: 8
Joined: 2019-04-15 23:47

Exchange Online - Unrecognized authentication type

Post by chrissezhi » 2019-04-16 00:17

Good day –

I am trying to setup Office365 (Exchange Online) relay using hMailServer. I am making progress but getting stuck on one item. If I telnet using commands I can send a test message from same server with no issues. In hMailServer logs – receiving “Unrecognized authentication type”

I am using some of the following guides to help in the process of setup:
http://becdetat.com/setting_up_an_open_ ... erver.html
http://jpelectron.com/sample/WWW%20and% ... 0gmail.htm

We are utilizing a hybrid exchange environment between on premise and o365 and for my scanners, printers, lob applications wanting to setup hMailServer to handle the relay once I retire on premise exchange servers.

I have a txt record SPF showing my external IP and am using a certificate for connector which I have imported into hMailServer using the following information:

Export the IIS certificate using the MMC snap-in. There is lots of documentation out there for this. Be sure to include the private key. Do NOT tell it to remove the private key if you intend to keep using the certificate in IIS.

2. Use OpenSSL to split the resulting pfx file into multiple keys, and save it in .pem format. Here's how:

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

3. Open the certificate.pem file in a text editor.

4. Copy the half of the file dealing with private key to a file and call it something like private.pem

5. Copy the rest of the file to another file and call it something like public.pem

6. Tell hMailServer to use private.pem for the private key, and public.pem for the certificate


Telnet:
220 BL2NAM02FT003.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 15 Apr 2019 21:30:39 +0000
EHLO xxxxxx.com
250-BL2NAM02FT003.mail.protection.outlook.com Hello [6xxxxxxxx]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
MAIL FROM: xxxxx@xxxxx.com
250 2.1.0 Sender OK
RCPT TO: xxx@xxxxx.com
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
Subject: Test
This is a test message.
.
250 2.6.0 <1385a8d8-3fcc-44f2-bd6c-c83666199a80@BL2NAM02FT003.eop-nam02.prod.protection.outlook.com> [InternalId=7636451
856276, Hostname=BYAPR13MB2727.namprd13.prod.outlook.com] 7786 bytes in 0.268, 28.332 KB/sec Queued mail for delivery
quit
221 2.0.0 Service closing transmission channel

However, in hMailServer getting the following:

DEBUG" 5016 "2019-04-15 17:07:53.883" "Creating session 122"
"TCPIP" 5016 "2019-04-15 17:07:53.883" "TCP – xx.xxx.xxx.50 connected to xxx.xxx.xxx.127:25."
"DEBUG" 5016 "2019-04-15 17:07:53.883" "TCP connection started for session 119"
"SMTPD" 5016 119 "2019-04-15 17:07:53.883" "xxx.xxx.xx.50" "SENT: 220 xxx.xxx.com ESMTP"
"SMTPD" 3528 119 "2019-04-15 17:07:53.883" "xxx.xx.xx.50" "RECEIVED: HELO canal-ins.com"
"SMTPD" 3528 119 "2019-04-15 17:07:53.883" "xxx.xx.xx.50" "SENT: 250 Hello."
"SMTPD" 1224 119 "2019-04-15 17:07:53.899" "xxx.xx.xx.50" "RECEIVED: MAIL FROM:<xxx@xxx.com>"
"SMTPD" 1224 119 "2019-04-15 17:07:53.899" "xxx.xx.xx.50" "SENT: 250 OK"
"SMTPD" 1224 119 "2019-04-15 17:07:53.899" "xxx.xx.xx.50" "RECEIVED: RCPT TO:<xxx@xxx.com>"
"SMTPD" 1224 119 "2019-04-15 17:07:53.899" "xxx.xx.xx.50" "SENT: 250 OK"
"SMTPD" 1224 119 "2019-04-15 17:07:53.899" "xxx.xx.xx.50" "RECEIVED: DATA"
"SMTPD" 1224 119 "2019-04-15 17:07:53.914" "xxx.xx.xx.50" "SENT: 354 OK, send."
"TCPIP" 5016 "2019-04-15 17:07:53.914" "DNS - Query failure. Treating as temporary failure. Query: xxxxxxx.in-addr.arpa, Type: 12, DnsQuery return value: 9002."
"DEBUG" 5016 "2019-04-15 17:07:53.914" "Could not retrieve PTR record for IP (false)! xxx.xx.xx.50"
"DEBUG" 5016 "2019-04-15 17:07:53.914" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 7076 "2019-04-15 17:07:53.914" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 7076 "2019-04-15 17:07:53.914" "Saving message: {14C88549-0C8F-4350-8581-620F9D69C67B}.eml"
"DEBUG" 7076 "2019-04-15 17:07:53.914" "Requesting SMTPDeliveryManager to start message delivery"
"SMTPD" 7076 119 "2019-04-15 17:07:53.930" "xxx.xx.xx.50" "SENT: 250 Queued (0.000 seconds)"
"SMTPD" 3528 119 "2019-04-15 17:07:53.930" "xxx.xx.xx.50" "RECEIVED: QUIT"
"SMTPD" 3528 119 "2019-04-15 17:07:53.930" "xxx.xx.xx.50" "SENT: 221 goodbye"
"DEBUG" 3720 "2019-04-15 17:07:53.930" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 5492 "2019-04-15 17:07:53.930" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 5492 "2019-04-15 17:07:53.930" "Delivering message..."
"DEBUG" 6040 "2019-04-15 17:07:53.930" "Ending session 119"
"APPLICATION" 5492 "2019-04-15 17:07:53.930" "SMTPDeliverer - Message 15: Delivering message from xxx@xxx.com to xxx@xxx.com. File: C:\Program Files (x86)\hMailServer\Data\{14C88549-0C8F-4350-8581-620F9D69C67B}.eml"
"DEBUG" 5492 "2019-04-15 17:07:53.930" "Applying rules"
"DEBUG" 5492 "2019-04-15 17:07:53.930" "Applying rule wildcard"
"DEBUG" 5492 "2019-04-15 17:07:53.930" "Performing rule action"
"DEBUG" 5492 "2019-04-15 17:07:53.930" "Performing local delivery"
"DEBUG" 5492 "2019-04-15 17:07:53.930" "Local delivery completed"
"APPLICATION" 5492 "2019-04-15 17:07:53.961" "SMTPDeliverer - Message 15: Relaying to host xxxxxx.mail.protection.outlook.com."
"DEBUG" 5492 "2019-04-15 17:07:53.976" "Starting external delivery process. Server: xxxxxx.mail.protection.outlook.com (104.47.36.36), Port: 25, Security: 0, User name: xxxxxx@xxxxx.com"
"DEBUG" 5492 "2019-04-15 17:07:53.976" "Creating session 123"
"TCPIP" 5492 "2019-04-15 17:07:53.976" "Connecting to 104.47.36.36:25..."
"DEBUG" 6040 "2019-04-15 17:07:54.008" "TCP connection started for session 123"
"SMTPC" 6040 123 "2019-04-15 17:07:54.070" "104.47.36.36" "RECEIVED: 220 SN1NAM02FT034.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 15 Apr 2019 21:07:53 +0000"
"SMTPC" 6040 123 "2019-04-15 17:07:54.070" "104.47.36.36" "SENT: EHLO xxxx.xxxxx.com"
"SMTPC" 3528 123 "2019-04-15 17:07:54.101" "104.47.36.36" "RECEIVED: 250-SN1NAM02FT034.mail.protection.outlook.com Hello [xx.xx.xx.178][nl]250-SIZE 157286400[nl]250-PIPELINING[nl]250-DSN[nl]250-ENHANCEDSTATUSCODES[nl]250-STARTTLS[nl]250-8BITMIME[nl]250-BINARYMIME[nl]250-CHUNKING[nl]250 SMTPUTF8"
"SMTPC" 3528 123 "2019-04-15 17:07:54.101" "104.47.36.36" "SENT: AUTH LOGIN"
"SMTPC" 6040 123 "2019-04-15 17:07:54.133" "104.47.36.36" "RECEIVED: 504 5.7.4 Unrecognized authentication type [SN1NAM02FT034.eop-nam02.prod.protection.outlook.com]"

"SMTPC" 6040 123 "2019-04-15 17:07:54.133" "104.47.36.36" "SENT: QUIT"
"SMTPC" 5016 123 "2019-04-15 17:07:54.164" "104.47.36.36" "RECEIVED: 221 2.0.0 Service closing transmission channel"
"DEBUG" 5016 "2019-04-15 17:07:54.164" "Ending session 123"
"DEBUG" 5492 "2019-04-15 17:07:54.164" "External delivery process completed"
"DEBUG" 5492 "2019-04-15 17:07:54.164" "Summarizing delivery result"
"DEBUG" 5492 "2019-04-15 17:07:54.164" "Summarized delivery results"
"DEBUG" 5492 "2019-04-15 17:07:54.164" "SD::SubmitErrorLog_"
"DEBUG" 5492 "2019-04-15 17:07:54.184" "Saving message: {3447074F-235D-4CB8-A11D-5E48336E7BBB}.eml"
"DEBUG" 5492 "2019-04-15 17:07:54.184" "SD::~SubmitErrorLog_"
"DEBUG" 5492 "2019-04-15 17:07:54.184" "Deleting message"
"DEBUG" 5492 "2019-04-15 17:07:54.184" "Deleting message file."
"APPLICATION" 5492 "2019-04-15 17:07:54.184" "SMTPDeliverer - Message 15: Message delivery thread completed."

Thank you for your time and assistance.

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: Exchange Online - Unrecognized authentication type

Post by mikedibella » 2019-04-16 17:40

Are you trying to submit authenticated mail to Office 365 on port 25?

Office 365 accepts only local delivery on port 25. Relay mail must be submitted using port 587.

https://docs.microsoft.com/en-us/exchan ... g-office-3

chrissezhi
New user
New user
Posts: 8
Joined: 2019-04-15 23:47

Re: Exchange Online - Unrecognized authentication type

Post by chrissezhi » 2019-04-16 19:10

Thank you for you reply - so I am making headway (switched to Port 587) but getting below message - user I am sending as under Settings / Protocols / SMTP / Routes then Delivery is acct located in O365 (mailbox)

"DEBUG" 6900 "2019-04-16 13:01:55.799" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 5552 "2019-04-16 13:01:55.799" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 5552 "2019-04-16 13:01:55.799" "Delivering message..."
"APPLICATION" 5552 "2019-04-16 13:01:55.799" "SMTPDeliverer - Message 40: Delivering message from <Empty> to xxx@xxxxx.com. File: C:\Program Files (x86)\hMailServer\Data\{308994B3-A886-4C24-88F9-92BD5DA42C0A}.eml"
"DEBUG" 5552 "2019-04-16 13:01:55.799" "Applying rules"
"DEBUG" 5552 "2019-04-16 13:01:55.815" "Applying rule wildcard"
"DEBUG" 5552 "2019-04-16 13:01:55.815" "Performing rule action"
"DEBUG" 5552 "2019-04-16 13:01:55.815" "Performing local delivery"
"DEBUG" 5552 "2019-04-16 13:01:55.815" "Local delivery completed"
"APPLICATION" 5552 "2019-04-16 13:01:55.846" "SMTPDeliverer - Message 40: Relaying to host smtp.office365.com."
"DEBUG" 5552 "2019-04-16 13:01:55.846" "Starting external delivery process. Server: smtp.office365.com (40.97.229.82), Port: 587, Security: 3, User name: bexxxxxx@xxxx.com"
"DEBUG" 5552 "2019-04-16 13:01:55.846" "Creating session 193"
"TCPIP" 5552 "2019-04-16 13:01:55.846" "Connecting to 40.97.229.82:587..."
"DEBUG" 7084 "2019-04-16 13:01:55.861" "TCP connection started for session 193"
"SMTPC" 7084 193 "2019-04-16 13:01:55.877" "40.97.229.82" "RECEIVED: 220 BN7PR11CA0004.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 16 Apr 2019 17:01:55 +0000"
"SMTPC" 7084 193 "2019-04-16 13:01:55.893" "40.97.229.82" "SENT: EHLO xxxx.xxxxx.com"
"SMTPC" 7084 193 "2019-04-16 13:01:55.908" "40.97.229.82" "RECEIVED: 250-BN7PR11CA0004.outlook.office365.com Hello [xx.xx.xx.178][nl]250-SIZE 157286400[nl]250-PIPELINING[nl]250-DSN[nl]250-ENHANCEDSTATUSCODES[nl]250-STARTTLS[nl]250-8BITMIME[nl]250-BINARYMIME[nl]250-CHUNKING[nl]250 SMTPUTF8"
"SMTPC" 7084 193 "2019-04-16 13:01:55.908" "40.97.229.82" "SENT: STARTTLS"
"SMTPC" 3516 193 "2019-04-16 13:01:55.924" "40.97.229.82" "RECEIVED: 220 2.0.0 SMTP server ready"
"DEBUG" 3516 "2019-04-16 13:01:55.924" "Performing SSL/TLS handshake for session 193. Verify certificate: False, Expected remote host name: smtp.office365.com"
"TCPIP" 3516 "2019-04-16 13:01:55.971" "TCPConnection - TLS/SSL handshake completed. Session Id: 193, Remote IP: 40.97.229.82, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384, Bits: 256"
"SMTPC" 3516 193 "2019-04-16 13:01:55.971" "40.97.229.82" "SENT: EHLO xxxx.xxxxx.com"
"SMTPC" 7084 193 "2019-04-16 13:01:56.002" "40.97.229.82" "RECEIVED: 250-BN7PR11CA0004.outlook.office365.com Hello [xx.xx.xx.178][nl]250-SIZE 157286400[nl]250-PIPELINING[nl]250-DSN[nl]250-ENHANCEDSTATUSCODES[nl]250-AUTH LOGIN XOAUTH2[nl]250-8BITMIME[nl]250-BINARYMIME[nl]250-CHUNKING[nl]250 SMTPUTF8"
"SMTPC" 7084 193 "2019-04-16 13:01:56.002" "40.97.229.82" "SENT: AUTH LOGIN"
"SMTPC" 3516 193 "2019-04-16 13:01:56.018" "40.97.229.82" "RECEIVED: 334 VXNlcm5hbWU6"
"SMTPC" 3516 193 "2019-04-16 13:01:56.018" "40.97.229.82" "SENT: YmVzZXJ2aWNlc0BjYW5hbC1pbnMuY29t"
"SMTPC" 6108 193 "2019-04-16 13:01:56.033" "40.97.229.82" "RECEIVED: 334 UGFzc3dvcmQ6"
"SMTPC" 6108 193 "2019-04-16 13:01:56.033" "40.97.229.82" "SENT: ***"
"SMTPC" 2644 193 "2019-04-16 13:01:56.460" "40.97.229.82" "RECEIVED: 235 2.7.0 Authentication successful"
"SMTPC" 2644 193 "2019-04-16 13:01:56.460" "40.97.229.82" "SENT: ***"
"SMTPC" 6108 193 "2019-04-16 13:01:56.523" "40.97.229.82" "RECEIVED: 250 2.1.0 Sender OK"
"SMTPC" 6108 193 "2019-04-16 13:01:56.523" "40.97.229.82" "SENT: RCPT TO:<xxx@xxxxx.com>"
"SMTPC" 3516 193 "2019-04-16 13:01:56.571" "40.97.229.82" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 3516 193 "2019-04-16 13:01:56.571" "40.97.229.82" "SENT: DATA"
"SMTPC" 2644 193 "2019-04-16 13:01:56.617" "40.97.229.82" "RECEIVED: 354 Start mail input; end with <CRLF>.<CRLF>"
"SMTPC" 2644 193 "2019-04-16 13:01:56.617" "40.97.229.82" "SENT: [nl]."
"SMTPC" 6108 193 "2019-04-16 13:01:56.945" "40.97.229.82" "RECEIVED: 554 5.2.0 STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message Cannot submit message. 16.55847:7E140000, 17.43559:0000000004020000000000000100000000000000, 20.52176:140F1587000010100300170E, 20.50032:140F1587701710100A000981, 0.35180:E7020000, 255.23226:0A008440, 255.27962:0A000000, 255.27962:0E000000, 255.31418:0A000000, 16.55847:D2000000, 17.43559:00000000E0020000000000000100000000000000, 20.52176:140F15870000101003000136, 20.50032:140F1587701710100A00DA36, 0.35180:44000000, 255.23226:4800D13D, 255.27962:0A000000, 255.27962:32000000, 255.17082:DC040000, 0.27745:0A003A66, 4.21921:DC040000, 255.27962:FA000000, 255.1494:64000000, 0.38698:0F010480, 0.37692:02010480, 0.37948:00000000, 5.33852:00000000534D545000000100, 4.56248:DC040000, 7.40748:010000000025428C09000100, 7.57132:000000000000000009000100, 1.63016:32000000, 4.39640:DC040000, 8.45434:5FD482657CFBBA449AF45AAFB271297CA4A2245E, 5.10786:0000000031352E32302E313831332E3030303A534E36505231334D42323235343A33396266373939652D343437382D343763612D613461322D32343565656335386435616500444400643561, 255.1750:A0000000, 255.31418:0A005636, 0.22753:A5000000, 255.21817:DC040000, 4.60547:DC040000, 0.21966:03003866, 4.30158:DC040000 [Hostname=SN6PR13MB2254.namprd13.prod.outlook.com]"
"SMTPC" 6108 193 "2019-04-16 13:01:56.945" "40.97.229.82" "SENT: QUIT"
"SMTPC" 3516 193 "2019-04-16 13:01:56.992" "40.97.229.82" "RECEIVED: 221 2.0.0 Service closing transmission channel"
"DEBUG" 3516 "2019-04-16 13:01:56.992" "Ending session 193"
"DEBUG" 5552 "2019-04-16 13:01:56.992" "External delivery process completed"
"DEBUG" 5552 "2019-04-16 13:01:57.008" "Summarizing delivery result"
"DEBUG" 5552 "2019-04-16 13:01:57.008" "Summarized delivery results"
"DEBUG" 5552 "2019-04-16 13:01:57.008" "SD::SubmitErrorLog_"
"DEBUG" 5552 "2019-04-16 13:01:57.008" "Deleting message"
"DEBUG" 5552 "2019-04-16 13:01:57.008" "Deleting message file."
"APPLICATION" 5552 "2019-04-16 13:01:57.008" "SMTPDeliverer - Message 40: Message delivery thread completed."

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: Exchange Online - Unrecognized authentication type

Post by mikedibella » 2019-04-16 20:00

That error is raised when the Sender email address doesn't match the proxy address of the authenticated user. It is more difficult to configure Office 365 as a relay for any-sender to any-recipient use cases. You might want to take a look at SendGrid free tier.

chrissezhi
New user
New user
Posts: 8
Joined: 2019-04-15 23:47

Re: Exchange Online - Unrecognized authentication type

Post by chrissezhi » 2019-04-18 18:58

Thanks again for your reply.

So with SMTP Direct Send there is no way to achieve using hMailServer?

I am unsure if SendGrid will work. Once I retire Exchange Servers on-premise. I need a way for 3rd party legacy code/applications to be able to send email. Plan was to change DNS mail.xxxx.com to point to hMailServer IP since most of them use the DNS name. (It would take too much effort to change code, etc).

Of course, the sending name will not match the proxy address name in hMailserver.

Suggestions?

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: Exchange Online - Unrecognized authentication type

Post by mikedibella » 2019-04-18 19:49

You can achieve authenticated send with Office 365 using username/password authentication, which requires that the Sender address match the primary STMP proxy address (reply address) for the account. So if your sending appliances can support username/password AUTH, just make sure that the mail client configuration contains a Sender email identity that matches the mailbox you want to use and submit on port 587. You will need a designated licensed mailbox to use the approach; you can share a mailbox for multiple senders, but they all must use the same Sender identity. Using this approach mail can be sent external recipients as well as Office 365 mailboxes.

You can also configure a Connector that authenticates using a Source IP Address. See http://www.mistercloudtech.com/2015/06/ ... smtp-relay. All mail for relay must originate from the designated Source IP Address and be addressed to Office 365-hosted mailboxes.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8118
Joined: 2011-09-08 17:48

Re: Exchange Online - Unrecognized authentication type

Post by jimimaseye » 2019-04-18 20:20

Why do you need to relay? Why can't you just send and deliver direct (ie no relay)?
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

chrissezhi
New user
New user
Posts: 8
Joined: 2019-04-15 23:47

Re: Exchange Online - Unrecognized authentication type

Post by chrissezhi » 2019-04-18 21:30

I am just trying to find the best option to keep mail flowing on premise. Think of coding/programming that sends out email currently. Once we rip the exchange servers from on premise, I need the emails to still flow to office 365 and be delivered to external or internal clients. Our developers do not want to take the time to find out what is being emailed and change. So my thought was to enable a SMTP direct send / relay whatever for these apps to continue to email.

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: Exchange Online - Unrecognized authentication type

Post by mikedibella » 2019-04-18 21:49

There are other articles on this site that describe how to configure your systems so that mail sent directly (using MX record lookup) from HMS has the requisite reputation to be accepted as ham. Maybe Jim can provide a link to his favorite post on this subject.

If you want HMS to deliver directly to Office 365 mailboxes securely, you can use a Route (https://www.hmailserver.com/documentati ... ence_route) to control relaying for the Office 365 Accepted Domains (https://docs.microsoft.com/en-us/exchan ... ed-domains).

chrissezhi
New user
New user
Posts: 8
Joined: 2019-04-15 23:47

Re: Exchange Online - Unrecognized authentication type

Post by chrissezhi » 2019-04-18 23:20

Thank you -

Actually put me on the right track.

In the Settings -> Protocols -> SMTP -> Routes

Target I had smtp.office365.com

Changed to xxxxx.mail.protection.outlook.com Connection Security STARTTLS and removed Server Requires Authentication.

After this change, was able to route no issues.

chrissezhi
New user
New user
Posts: 8
Joined: 2019-04-15 23:47

Re: Exchange Online - Unrecognized authentication type

Post by chrissezhi » 2019-04-18 23:33

Actually - cannot relay to someone outside organization - how do I get past that?

Error Type: SMTP
Remote server (104.47.36.36) issued an error.
hMailServer sent: RCPT TO:<xxxxxxx@bellsouth.net>
Remote server replied: 550 5.7.64 TenantAttribution; Relay Access Denied [SN1NAM02FT053.eop-nam02.prod.protection.outlook.com]

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: Exchange Online - Unrecognized authentication type

Post by mikedibella » 2019-04-19 01:02

This has been covered in previous posts. Office 365 does not support external-to-external SMTP relay. This is by design. It is not a product to use for that type of mailings. If you want to route mail though Office 365 SMTP servers, either the sender or the recipient must be a local user.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8118
Joined: 2011-09-08 17:48

Re: Exchange Online - Unrecognized authentication type

Post by jimimaseye » 2019-04-19 08:35

Again, as mike said, you can't. Google "550 5.7.64 TenantAttribution; Relay Access Denied exchange" to figure it out.

I'm still not seeing a reason why you don't do direct deliveries.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

chrissezhi
New user
New user
Posts: 8
Joined: 2019-04-15 23:47

Re: Exchange Online - Unrecognized authentication type

Post by chrissezhi » 2019-04-22 17:15

Thank you for your responses.

Unless I am unsure of the terminology, but direct send is not capable of sending emails to external recipients?

Currently connector in Exchange Online is setup for:

This option requires all email messages from your email server to be sent over Transport Layer Security (TLS), a secure channel. Your email server secures this channel by authenticating with Office 365 using a digital certificate. Office 365 then verifies that the subject name in the digital certificate matches the domain name specified here. The domain name can contain wildcard characters. For example contoso.com and *.contoso.com are both valid. Learn more By verifying that the subject name on the certificate that the sending server uses to authenticate with Office 365 matches this domain name (recommended)

Here is a link that is very similar to what I am facing but unsure how to handle in hMail server :

https://support.microsoft.com/en-sg/hel ... when-sendi

Error Logs:

"DEBUG" 5068 "2019-04-22 10:51:59.620" "TCP connection started for session 84"
"SMTPC" 5068 84 "2019-04-22 10:51:59.730" "104.47.37.36" "RECEIVED: 220 CY1NAM02FT058.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Mon, 22 Apr 2019 14:51:58 +0000"
"SMTPC" 5068 84 "2019-04-22 10:51:59.730" "104.47.37.36" "SENT: EHLO xxx.xxxx-xxx.com"
"SMTPC" 2176 84 "2019-04-22 10:51:59.777" "104.47.37.36" "RECEIVED: 250-CY1NAM02FT058.mail.protection.outlook.com Hello [xx.xx.xx.178][nl]250-SIZE 157286400[nl]250-PIPELINING[nl]250-DSN[nl]250-ENHANCEDSTATUSCODES[nl]250-STARTTLS[nl]250-8BITMIME[nl]250-BINARYMIME[nl]250-CHUNKING[nl]250 SMTPUTF8"
"SMTPC" 2176 84 "2019-04-22 10:51:59.777" "104.47.37.36" "SENT: STARTTLS"
"SMTPC" 2176 84 "2019-04-22 10:51:59.824" "104.47.37.36" "RECEIVED: 220 2.0.0 SMTP server ready"
"DEBUG" 2176 "2019-04-22 10:51:59.824" "Performing SSL/TLS handshake for session 84. Verify certificate: False, Expected remote host name: xxxxxx.mail.protection.outlook.com"
"TCPIP" 2176 "2019-04-22 10:51:59.933" "TCPConnection - TLS/SSL handshake completed. Session Id: 84, Remote IP: 104.47.37.36, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-SHA384, Bits: 256"
"SMTPC" 2176 84 "2019-04-22 10:51:59.933" "104.47.37.36" "SENT: EHLO xxxx.xxxx-xxx.com"
"SMTPC" 4208 84 "2019-04-22 10:51:59.980" "104.47.37.36" "RECEIVED: 250-CY1NAM02FT058.mail.protection.outlook.com Hello [xx.xx.xx.178][nl]250-SIZE 157286400[nl]250-PIPELINING[nl]250-DSN[nl]250-ENHANCEDSTATUSCODES[nl]250-8BITMIME[nl]250-BINARYMIME[nl]250-CHUNKING[nl]250 SMTPUTF8"
"SMTPC" 4208 84 "2019-04-22 10:51:59.980" "104.47.37.36" "SENT: MAIL FROM:<xxx@xxx.com>"
"SMTPC" 4208 84 "2019-04-22 10:52:00.121" "104.47.37.36" "RECEIVED: 250 2.1.0 Sender OK"
"SMTPC" 4208 84 "2019-04-22 10:52:00.121" "104.47.37.36" "SENT: RCPT TO:<xxxxx@bellsouth.net>"
"SMTPC" 1652 84 "2019-04-22 10:52:00.183" "104.47.37.36" "RECEIVED: 550 5.7.64 TenantAttribution; Relay Access Denied [CY1NAM02FT058.eop-nam02.prod.protection.outlook.com]"
"SMTPC" 1652 84 "2019-04-22 10:52:00.199" "104.47.37.36" "SENT: QUIT"
"SMTPC" 6160 84 "2019-04-22 10:52:00.230" "104.47.37.36" "RECEIVED: 221 2.0.0 Service closing transmission channel"
"DEBUG" 6160 "2019-04-22 10:52:00.245" "Ending session 84

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: Exchange Online - Unrecognized authentication type

Post by mikedibella » 2019-04-22 19:27

My understanding of your situation is that your legacy architecture included an on-premise Exchange server hosting mailboxes for your internal users, and additional mail-enabled endpoints that used the Exchange infrastructure as an SMTP relay to deliver messages to internal and external addresses. You have limited ability to change the sending identity (FROM address) for these endpoints, and the identities may not be valid addresses on your authoritative (internal) email domains.

You want to decommission/deprecate the on-premise Exchange servers and move all the Exchange hosted mailboxes to Office 365, and still be able to route mail originating from the mail-enabled endpoints that are not associated mailbox users.

You are looking for a configuration that will allow you to use hMailServer to replace the Exchange SMTP relay facility to do this.

So, both Jim and I have given you advice on how to do that. If your internal Exchange server was previously configured properly to deliver mail to external recipients directly, then you should configure hMailServer to take over that function. Direct delivery uses DNS lookup to determine the recipient's Mail Exchanger and connect to that server to relay the mail. This is more efficient than Smart Host delivery, which hands all mail off to another SMTP server and trusts that server to handle delivery. You cannot use Office 365 as a Smart Host, so if you want to pursue the Smart Host approach, you need to find another provider, like SendGrid, for that service.

Direct delivery requires attention to detail or your mail will be treated as SPAM. There are other articles here how to do that, but you will need a static IP address from a provider with a good reputation for policing egregoius Internet behavior by its clients, and expertise in DNS to make the adjustments needed to insure your forward and reverse zones are setup correctly for your MX, SPF, DKIM, and DMARC and other records associated with email delivery.

With both direct and Smart Host delivery, you can still deliver mail from hMailServer securely and directly to Office 365 mailboxes using a Route on hMailServer and a Connector on Office 365. Review the references in the previous posts for hints on how that works.

If these terms and concepts are foreign to you, you really need to consider hiring someone to help you.

chrissezhi
New user
New user
Posts: 8
Joined: 2019-04-15 23:47

Re: Exchange Online - Unrecognized authentication type

Post by chrissezhi » 2019-04-22 23:55

Thank you both for your responses. We utilize Mimecast so we will go this route which seems to be working ok.

https://community.mimecast.com/docs/DOC-3332

Post Reply