Setup a Microsoft 365 SMTP Relay with TLS Connectors

Yash Sinha
Yash Sinha linkedin | Updated On - January 18, 2023 |

Read time: 5 minutes

While sending emails from one client to another, have you ever thought about how it really happens? What mechanism establishes a connection between two mail clients? Actually, it is all made possible through a protocol named SMTP (Simple Mail Transfer Protocol), which is mainly responsible for transferring mail from one host to another. It includes three major phases, i.e., connection establishment, mail transfer, and connection termination. But sometimes, you might need a higher level of anti-spam and anti-virus protection to receive mail from any client, which can’t be achieved from a single SMTP. Hence, it is recommended to configure your SMTP settings with relays to improve efficiency.

SMTP relay is a managed service that enables users to send their outgoing mail via Simple Mail Transfer Protocol (SMTP). Nowadays, almost all email services send emails through SMTP relay service. To avoid confusion between SMTP and SMTP relay, you can think of SMTP as a delivery protocol for outgoing email and SMTP relay as the email transmission process. SMTP relays are also the best option when sending bulk emails or marketing messages.

Prerequisites for Setting Up SMTP relay

Before moving to set up the SMTP relay, you must have the following requirements:

  • First, you must have a subscription to Microsoft 365 to access all its services.
  • TLS must be supported by the sending application (on-premises mail server).
  • Use SMTP port 587 for connecting to Microsoft 365 server.
  • Need a valid SSL certificate from a certification authority, such as LetsEncrypt or DigiCert.
  • Note: Self-signed certificates and internal PKI-issued certificates can’t be used as it is not supported by SMTP.

  • Creating a connector is required to accept SMTP transactions in Microsoft 365. Before attempting this, ensure that you have the required Exchange Online permissions and have membership in the Organization Management Group.
Microsoft 365 Connectors

Microsoft 365 Connectors provide a route to emails from Microsoft 365 servers to your server. It provides seamless communication between them.
For SMTP relay, you must configure Microsoft 365 connectors from your mail server to Office 365 by following the below steps:

  • First, open the Exchange admin center using your global administrator credentials.
  • Open the SMTP relay settings from the left navigation pane by clicking on Mail flow -> Connectors. If you have already created the connectors, they will appear on the specific page.
  • To create or add a new connector, click Add a connector from the Connector page. It will redirect to a new window, New Connector.
  • New Connector: On this page, you must select your mail flow scenario as Your organization’s email server. Under connection to, you will see Office 365 has been greyed out after selecting the above radio button.
  • Connector name: After completing the above steps, you will be redirected to a new window, i.e., Connector name, where you must enter the connector name and a description for the SMTP connector. Also, select options for what to do after saving the connector. Click Next.
  • Authenticating sent mail: Here, you can specify how you want Microsoft 365 to authenticate and accept an email sent from your server.
  • Review Connector: Once you have done all the above steps, you can review or edit your selection from the Review Connector. Finally, click on Create connector.

Now, let’s take a closer look at configuring Microsoft 365 SMTP relay with a connector from the mail flow between Microsoft 365 and your mail server:

  • First, open an Exchange admin center and input your global administrator credentials to access its services.
  • In the left navigation pane, click Mail flow -> Connectors to open SMTP relay settings.
  • Similar to the previous section, create a new connector by clicking on Add a connector. After that, you will be redirected to a New Connector wizard.
  • In this wizard, you must select Office 365 as a connection from your organization’s email server under the option Connection to.
  • Connector name: Here, enter the SMTP connector name and its description. Also, you have to select options for what to do after saving the connector.
  • Use of connector: In this option, you must specify your usage for SMTP connectors.
  • Routing: Input the hostname that will be used by Microsoft 365 for delivering mail. Instead, you might either enter an IP address or FQDN (Fully Qualified Domain Name). After that, add the server by clicking on the + button.
  • Security restrictions: To enable the encryption mechanism, selecting the security question while creating an SMTP relay with TLS connectors is important.
  • Validation email: To validate the configuration of email relay, input single or multiple email addresses on your mail server. Next, Click Validate.
  • Review Connector: Finally, review the configuration of the SMTP relay and click Create Connector
Using PowerShell

If configuring an SMTP relay with connectors using the Exchange admin center doesn’t work, you can use an alternative method, i.e., PowerShell. Before proceeding further, ensure that you are connected to Exchange Online PowerShell. To set the SMTP relay with connectors, you need to run the below commands:

$ABC = @{
Name = ‘SMTP Relay’ ## Define name of connector.
ConnectorType = ‘OnPremises’ ## Define type of connector to create.
SenderDomains = ‘*’ ## The set of sender domains allowed to relay.
RequireTLS = $true ## Require TLS
TlsSenderCertificateName = ‘*’ ## Subject/Name of the SSL certificate
New-InboundConnector @ABC

Require TLS: It specifies that all messages received by the specific connector require TLS transmission.

TlsSenderCertificateName: It is a certificate name given by the sender.


As the SMTP relay service supports bulk emailing and offers high-level security, it’s quite important for your organization to set up an SMTP relay. It offers quick email delivery and a tracking emails option which makes it stand apart from other services. If you use this service, you need not worry about the security of Microsoft 365 mailboxes. Here, we have listed all the possible methods to set up an SMTP relay with TLS connectors. But before attempting these methods, it is recommended to keep a backup of your data stored in Microsoft 365. One such innovative tool, Kernel Office 365 Backup & Restore, can backup your private mailboxes, shared mailboxes, archive mailboxes, public folders, and Office 365 groups. It also offers automated backup using inbuilt CSV files. You can save your backup data in multiple output formats such as PST, DOC, DOCX, EML, PDF, etc. Furthermore, it offers smart filters to choose only the required data.