Microsoft in the blog post announced that it has updated the requirement for SMTP relay through Exchange Online.

The main points in the blog are

Current Requirements

Currently, to relay email through Exchange Online, two conditions must be true:

  1. Any of the following is an accepted domain of your organization:
    1. SMTP certificate domain on the SMTP connection; or
    2. SMTP envelope sender domain in the MAIL FROM command (P1 sender domain); or
    3. SMTP header sender domain, as shown in email clients (P2 sender domain).
  2. The sending host’s IP address or the certificate domain on the SMTP connection matches your tenant’s Inbound Connector of OnPremises type.

New Requirements

On November 1, 2023, we are removing the matching condition for the SMTP P2 sender domain (1c above). After we remove this condition, relaying email through Exchange Online will require the following:

  1. Any of the following is an accepted domain of your organization:
    1. SMTP certificate domain on the SMTP connection; or
    2. SMTP envelope sender domain in the MAIL FROM command (P1 sender domain).
  2. The sending host’s IP address or certificate domain on the SMTP connection matches your organization’s Inbound Connector of OnPremises type.

After November 1, 2023, if either of the above conditions are not met, the relay attempt from your on-premises environment to Exchange Online will be rejected.

————————————————————————————

To Put it simply in the message header you will find the below details

HELO server

MAIL FROM address@This_is_my_p1_address.com                         //This is the P1 address that is used for routing

RCPT TO: recipient@domain.com

DATA

FROM: address2@This_is_my_p2_address.com                             //This is the P2 address that is used for displaying in email clients

TO: recipient@domain.com

Earlier, SMTP Relay through exchange online would work, if we had a valid cert for the domain that we are trying to relay and we have it added to the Onpremises Type connector, and that domain we are using for relay is accepted domain in Office 365.

This domain can be domain either the P1 or P2 address field above.

After November 1, 2023, only if P1 sender domain is present in accepted domains list relay will be allowed (or SMTP certificate domain on the SMTP connection)

The status of P2 sender domain, being available in accepted domains list will not be evaluated for relaying through exchange online.

The MS blog post has couple of scenarios where this change might affect organizations.

–   Praveen Kumar E     

www.Modern365.co.in