HMAIL to Office365 without IMAP/POP

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
ggoosen
New user
New user
Posts: 11
Joined: 2017-06-17 04:03

HMAIL to Office365 without IMAP/POP

Post by ggoosen » 2019-06-03 09:35

Hi,

I have a requirment to configure HMailServer relay to Office365, in the past i have just set that up using IMAP or POP.

However in this scenario the client is unwilling to open IMAP or POP3 connectivity and have told us that they will only use HTTPS
I assume this is MAPI over HTTP? (Happy to be corrected if anyone else knows more about this than me)

Does anyone know if this is possible at all?

Regards

User avatar
Dravion
Senior user
Senior user
Posts: 1435
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HMAIL to Office365 without IMAP/POP

Post by Dravion » 2019-06-03 09:40

Its possible but Office365 Servers have very specific requirements to allow hMailServer (or any other InHouse SMTP-Server) relaying.
One Problem is, it doesnt allow it in the first place if you try to relay from a Email Address which isnt an hMailServer account. You can setup hMailServer to allow
relay to external via ip ranges but that Office365 Servers want you to use a local hMailServer Email Address to sent from in the first place which makes it complicated.

ggoosen
New user
New user
Posts: 11
Joined: 2017-06-17 04:03

Re: HMAIL to Office365 without IMAP/POP

Post by ggoosen » 2019-06-03 09:48

So what we have been doing is setting up HMailServer internally and then connecting to HMailServer from the email clients.
That way the mail client downloads the mail from Hmail server (which in turns does that via IMAP).

Are you saying that even without IMAP support HMailServer can connect to O365 using HTTPS (ActiveSync?)

User avatar
Dravion
Senior user
Senior user
Posts: 1435
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HMAIL to Office365 without IMAP/POP

Post by Dravion » 2019-06-03 09:59

ggoosen wrote:
2019-06-03 09:48
Are you saying that even without IMAP support HMailServer can connect to O365 using HTTPS (ActiveSync?)
No.

IMAP is for Receiving Emails, not for sending while SMTP is responsible for sending Emails.
Relaying Email from one Mailserver to another is allays done via SMTP-Protocol, so IMAP or POP3 makes no sense for relaying.

ActiveSync has nothing to do with relaying mails.

As i said before. Office365 (if you have an Exchnage Online Plan) let you relay you Emails from your Cooperate hMailServer but
it has some security requirements you need to match or any Relayed Email from hMailServer (or any other SMTP-Server) will be rejected and if
you retry it a lot, you even get banned and blacklisted and you need to remove your blacklisted Email address and your IP address from Office365 Blacklist
(which can take up to 30 Minutes before you are unblacklisted).

ggoosen
New user
New user
Posts: 11
Joined: 2017-06-17 04:03

Re: HMAIL to Office365 without IMAP/POP

Post by ggoosen » 2019-06-03 14:53

Sorry Dravian, I think I may have explained incorrectly and maybe relay is the wrong word.

I have in the past used hmail server to overcome issues where I couldn't connect to o365 .
The way i did that was setup hmailserver, then add an account in hmail server with an external account setup using pop to download mail from office365 into the account in hmailserver.

The issue I have is that in this scenario the customer has disabled pop and IMAP and told me that they cannot use those protocol and that I should use https to connect to office 365. I don't think hmailserver can do that?

User avatar
mattg
Moderator
Moderator
Posts: 20132
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HMAIL to Office365 without IMAP/POP

Post by mattg » 2019-06-03 14:59

ggoosen wrote:
2019-06-03 14:53
The issue I have is that in this scenario the customer has disabled pop and IMAP and told me that they cannot use those protocol and that I should use https to connect to office 365. I don't think hmailserver can do that?
HTTPS is a secure web browse connection to a webmail

and no, hMailserver doesn't read webmail
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

tunis
Normal user
Normal user
Posts: 222
Joined: 2015-01-05 20:22
Location: Sweden

Re: HMAIL to Office365 without IMAP/POP

Post by tunis » 2019-06-03 15:49

mattg wrote:
2019-06-03 14:59
HTTPS is a secure web browse connection to a webmail
Exchange server use HTTPS for clients (activesync).
I manage a exchange and only port 443 and 25 open to internet.
HMS 5.6.8 B2437.17 on Windows Server 2019 Core VM.
HMS 5.6.8 B2451.21 on Windows Server 2016 Core VM.
HMS 5.6.7 B2425.16 on Windows Server 2012 R2 Core VM.

ggoosen
New user
New user
Posts: 11
Joined: 2017-06-17 04:03

Re: HMAIL to Office365 without IMAP/POP

Post by ggoosen » 2019-06-03 15:53

I think office 365 can be configured for https only using active sync .. mapi over https.

Is there any way to connect using that?

User avatar
Dravion
Senior user
Senior user
Posts: 1435
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HMAIL to Office365 without IMAP/POP

Post by Dravion » 2019-06-03 17:10

This makes no sense even moere.
Sending Email is done via SMTP with or without
SSL.

Websites are served via HTTP Protocol with or without SSL. It makes no sense to use an SMTP-Server (like hMailServer) to do things a HTTP-Server is designed for.

ActiveSync doesnt play a role in,terms o relaying ,
its just a Connector Protocol.Its an alternative Protocol for 25 Years old Windows only shitty MS MAPI Protocol and has nothing todo with relaying
Mails from or to Office365 Servers.

All you need todo is to configure your Office365 Exchange Mailflow/Connector on Office365 side, enable hMailServer STARTTLS (mandatory) on Port 25 hMailServer and thats it.

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: HMAIL to Office365 without IMAP/POP

Post by mikedibella » 2019-06-03 21:10

Put another way, you should press client on why TLS encapsulation of HTTP is secure enough but TLS encapsulation of SMTP and IMAP is not.

hMailServer can support either TLS encapsulation either of the whole connection sequence or via STARTTLS for SMTP, POP3, and IMAP, but cannot support using ActiveSync for transferring mail outbound or inbound.

If they insist on making only HTTP-based portocol externally published from Office 365, then they will be limited to clients that support either Outlook Everywhere (MAPI over HTTPS), Activesync, or Exchange Web Services. Outlook is the one obvious option, but there are others.

User avatar
Dravion
Senior user
Senior user
Posts: 1435
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HMAIL to Office365 without IMAP/POP

Post by Dravion » 2019-06-03 23:58

It works on Office365 with hMailServer and SMTP.
But Office365 Mailflow Connector needs to be setup correctly and the local hMailServer Domain has to be the same as the Office365 Public Internet hostname. Also the SSL Cert used by hMailServer
to enable STARTTLS needs to match in the CNAME Section of the SSL-Certificate with the Domain registred with Office365 Exchange Online Domain in the first place or everything will,be rejected.

The Activesync or HTTPS stuff has nothing todo with Relaying. EWS over HTTPS is simply the successor of the crappy MAPI Interface and Activesync is designed for Mobile scenarios.
You cant relay anything with EWS+HTTPS or Activesync.

ggoosen
New user
New user
Posts: 11
Joined: 2017-06-17 04:03

Re: HMAIL to Office365 without IMAP/POP

Post by ggoosen » 2019-06-04 02:41

I see we keep going back to the SMTP side. This question relates to the inbound emails only.
When im saying inbound, you can think of hmail as a "client" in my scenario.

This thread gives some context on what i originally setup back in 2017
https://www.hmailserver.com/forum/viewt ... 71#p196671


POC Description
The concept behind this work around is that you introduce an intermediary server between
Office365 and your EBS environment. The “relay” server will connect to office365 on the support TLS
protocol, and download all the mails from the server using POP to an account inside hmail. EBS will
then connect to HMail server using imap on non SSL to overcome the SSL/TLS issues. And then
download all the mails.

Below is what i do in HM

Image


Once this is all configured i would point the application to HMailserver itself instead of o365. Reason for doing this is the application doesnt support the security protocols needed to connect to office 365 so HMAIL is an intermediary server for this.

User avatar
Dravion
Senior user
Senior user
Posts: 1435
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HMAIL to Office365 without IMAP/POP

Post by Dravion » 2019-06-04 03:22

This isnt something new.
Most Users using hMailServer with Office365
want to implement this Scenarion. But as i said before.Microsoft Office365 Mailservers will reject any of hMailServers Relay attempts until you configured hMailServer properly with Office365. Your EBS Software also needs to login to a hMailServer account (with or without SSL or STARTTLS) because if you dont, hMailServer will accept the EBS email for relaying but Office365 Servers will reject such Emails. You need atleast catch all such Emails by hMailServer VBScript from EBS and replace the FROM: Address field with a valid hMailServer accout Email address or Office365 will reject the mail for relaying entirely.

ggoosen
New user
New user
Posts: 11
Joined: 2017-06-17 04:03

Re: HMAIL to Office365 without IMAP/POP

Post by ggoosen » 2019-06-04 05:57

Dravion wrote:
2019-06-04 03:22
This isnt something new.
Most Users using hMailServer with Office365
want to implement this Scenarion. But as i said before.Microsoft Office365 Mailservers will reject any of hMailServers Relay attempts until you configured hMailServer properly with Office365. Your EBS Software also needs to login to a hMailServer account (with or without SSL or STARTTLS) because if you dont, hMailServer will accept the EBS email for relaying but Office365 Servers will reject such Emails. You need atleast catch all such Emails by hMailServer VBScript from EBS and replace the FROM: Address field with a valid hMailServer accout Email address or Office365 will reject the mail for relaying entirely.

Scenario is as follows. Ill use some email addresses here for help
EBSSystemHmail@internaldomain.com (configured in hmail)
EBSSystemMail@publicdomin.com (configured in Office365)

EBS system is configured to point to EBSSystemHmail@internaldomain.com email address for IMAP

EBS sends email to user for an approval of something (outbound via smtp relay)
User receives email in their inbox with a from address EBSSystemMail@publicdomin.com
The user then replies to the email with "Approve" which is then sent to the EBS System mail account setup in o365.
Because Hmail is configured to see that system account as an external account and downloads mail from EBSSystemMail@publicdomin.com into the EBSSystemHmail@internaldomain.com mailbox.
EBS monitors the EBSSystemHmail@internaldomain.com mailbox and actions the email.

User avatar
Dravion
Senior user
Senior user
Posts: 1435
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HMAIL to Office365 without IMAP/POP

Post by Dravion » 2019-06-04 08:11

Yes. And first condition to make it work is that your internal Domain must have the same Name than your public name. Second requirement is, yoi need anSSL-Certificate which contains the Domainname plus hMailsercer hostname . For example: smtp.yourdomain.com. If you dont get this right, Office365 will reject relay attempts.

tunis
Normal user
Normal user
Posts: 222
Joined: 2015-01-05 20:22
Location: Sweden

Re: HMAIL to Office365 without IMAP/POP

Post by tunis » 2019-06-04 14:39

Can't you add EBSSystemMail@publicdomin.com as a mail contact and then the mail sent to EBSSystemHmail@internaldomain.com after you also setup send connector for internaldomain.com domain point to hmailserver.
HMS 5.6.8 B2437.17 on Windows Server 2019 Core VM.
HMS 5.6.8 B2451.21 on Windows Server 2016 Core VM.
HMS 5.6.7 B2425.16 on Windows Server 2012 R2 Core VM.

User avatar
Dravion
Senior user
Senior user
Posts: 1435
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HMAIL to Office365 without IMAP/POP

Post by Dravion » 2019-06-04 15:24

What is a "Mail Contact"?

hMailServer has User accounts which are at the same time Email addresses.

Its simple:
1) Configure Office365 Mailflow/Connector in Exchange Online settings for your Office365 Organization
2) In hMailServer under Settings/Protocols/SMTP->"Delivery of e-mail" insert Office365 Relayserver smtp.office365.com


More details
https://docs.microsoft.com/en-us/exchan ... g-office-3

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: HMAIL to Office365 without IMAP/POP

Post by mikedibella » 2019-06-04 16:52

What I do with a couple of email addresses on my Office 365 tenant is to create them as distribution lists and set delivery management to allow sender inside and outside the organization to submit emails the the group. Next I setup a single contact with the external address I want to forward to. Add the contact as a member of the group, and Office 365 will forward all mail sent to the Office 365 distribution group address to the external address without using a mailbox license.

To maintain security in the relay, create a connector to specify the target address for your hMailServer SMTP interface, and that you want to use TLS.

tunis
Normal user
Normal user
Posts: 222
Joined: 2015-01-05 20:22
Location: Sweden

Re: HMAIL to Office365 without IMAP/POP

Post by tunis » 2019-06-04 17:00

Dravion wrote:
2019-06-04 15:24
What is a "Mail Contact"?
Maybe only available on exchange.

But what I was meaning was mail users

https://docs.microsoft.com/en-us/exchan ... erver-2019
HMS 5.6.8 B2437.17 on Windows Server 2019 Core VM.
HMS 5.6.8 B2451.21 on Windows Server 2016 Core VM.
HMS 5.6.7 B2425.16 on Windows Server 2012 R2 Core VM.

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: HMAIL to Office365 without IMAP/POP

Post by mikedibella » 2019-06-04 19:16

Both Mail Users and Mail Contacts are created from ECP on the Recipients > Contacts tab.

ggoosen
New user
New user
Posts: 11
Joined: 2017-06-17 04:03

Re: HMAIL to Office365 without IMAP/POP

Post by ggoosen » 2019-06-05 03:41

My questions on this are not related to the SMTP side though.

Im not sure why we keep going down that path?
SMTP is working fine

All the requirements here are inbound email downloads (IMAP/POP) where office365 does not have IMAP/POP enabled...

User avatar
mattg
Moderator
Moderator
Posts: 20132
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HMAIL to Office365 without IMAP/POP

Post by mattg » 2019-06-05 04:27

ggoosen wrote:
2019-06-05 03:41
All the requirements here are inbound email downloads (IMAP/POP) where office365 does not have IMAP/POP enabled...
OK lets make this really clear

hMailserver can connect via POP3 for external download

hMailserver can NOT connect for external download ANY OTHER WAY (includes no IMAP, no MAPI, NO MAPI over HTTPS, no access via Webmail, no pickup folder, nothing but POP3)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: HMAIL to Office365 without IMAP/POP

Post by mikedibella » 2019-06-05 05:37

I'll try to lay out my recommendation to you more clearly.

You have a mailbox on your Office 365 domain, let's call it mailbox@public-domain.com. You used to be able to download mail from that remote mailbox into a local mailbox hosted on hMailServer using the POP3 protocol. Now POP3 protocol access is being deprecated by policy in your organization and you need another way to get mail from the Office 365 tenant to the hMailServer local mailbox.

I've suggested to replace the mailbox with a distribution list approach. Here what you need to do:

1. Delete the mailbox@-public-domain.com mailbox and recover the license. You'll lose all the existing mail in the store but gain a licenses for reuse.

2. Create a distribution list with an email address of mailbox@public-domain.com. Set the Delivery Management of the group to "Senders inside and outside my organization".

3. Create a Mail Contact for the email address of a remote hMailServer mailbox to receive the forward mail. Hide the contact from the address book. Set the External Address for the contact to the address of the local mailbox in hMailServer. Let's call this mailbox mailbox@private-domain.com.

4. Create a Connector to route all mail to private-domain.com to the hostname or IP address or your hMailServer. Set Connection Security to TLS.

User avatar
Dravion
Senior user
Senior user
Posts: 1435
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HMAIL to Office365 without IMAP/POP

Post by Dravion » 2019-06-05 08:09

mattg wrote:
2019-06-05 04:27
ggoosen wrote:
2019-06-05 03:41
All the requirements here are inbound email downloads (IMAP/POP) where office365 does not have IMAP/POP enabled...
OK lets make this really clear

hMailserver can connect via POP3 for external download

hMailserver can NOT connect for external download ANY OTHER WAY (includes no IMAP, no MAPI, NO MAPI over HTTPS, no access via Webmail, no pickup folder, nothing but POP3)
Looks like he doesnt get it.

ggoosen
New user
New user
Posts: 11
Joined: 2017-06-17 04:03

Re: HMAIL to Office365 without IMAP/POP

Post by ggoosen » 2019-06-05 12:31

mattg wrote:
2019-06-05 04:27
ggoosen wrote:
2019-06-05 03:41
All the requirements here are inbound email downloads (IMAP/POP) where office365 does not have IMAP/POP enabled...
OK lets make this really clear

hMailserver can connect via POP3 for external download

hMailserver can NOT connect for external download ANY OTHER WAY (includes no IMAP, no MAPI, NO MAPI over HTTPS, no access via Webmail, no pickup folder, nothing but POP3)
Thanks Matt, seems i did need the clarity.
Clear as daylight now :)

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: HMAIL to Office365 without IMAP/POP

Post by mikedibella » 2019-06-05 19:58

If you don't have administrative access to the Office 365 tenant, but you do have the ability to login to Outlook Web Access, you can create a server-side rule for the mailbox to redirect mail to another mailbox.

https://support.office.com/en-ie/articl ... b748ff6a0e

Post Reply