Read time: 5 minutes

Summary: SMTP relay is essential for efficient email transmission. This article discusses its significance, prerequisites for setup (Microsoft 365 subscription, TLS support, SSL certificates), and provides step-by-step guidance for configuration using Microsoft 365 connectors or PowerShell, emphasizing TLS and SSL certificate requirements for secure email relay.

Ever wondered how emails traverse between clients? It’s thanks to SMTP (Simple Mail Transfer Protocol), the backbone for email transfer. SMTP orchestrates three key phases: connection setup, mail transfer, and connection termination. But for robust anti-spam and anti-virus safeguards when receiving emails from diverse clients, a single SMTP might fall short. Hence, it is recommended to configure your SMTP settings with relays to improve efficiency.

SMTP relay, a managed service, facilitates users in dispatching outgoing emails through the Simple Mail Transfer Protocol (SMTP). In the present landscape, nearly all email services employ SMTP relay for sending messages. To distinguish between SMTP and SMTP relay, envision SMTP as the delivery protocol for outbound emails and SMTP relay as the transmission mechanism. SMTP relays prove especially advantageous for transmitting bulk emails and marketing communications.

Prerequisites for Setting Up SMTP relay

Before moving to set up the SMTP relay, you must have the following requirements:

  • First, you must have a subscription to Microsoft 365 to access all its services.
  • TLS must be supported by the sending application (on-premises mail server).
  • Use SMTP port 587 for connecting to Microsoft 365 server.
  • Need a valid SSL certificate from a certification authority, such as LetsEncrypt or DigiCert.
  • Note: Self-signed certificates and internal PKI-issued certificates can’t be used as it is not supported by SMTP.

  • Creating a connector is required to accept SMTP transactions in Microsoft 365. Before attempting this, ensure that you have the required Exchange Online permissions and have membership in the Organization Management Group.
Microsoft 365 Connectors

Microsoft 365 Connectors facilitate the flow of emails from Microsoft 365 servers to your own server, ensuring seamless communication between them. To enable SMTP relay, it’s essential to configure Microsoft 365 connectors, establishing a connection from your mail server to Office 365, as outlined in the following steps:

  • First, open the Exchange admin center using your global administrator credentials.
  • Open the SMTP relay settings from the left navigation pane by clicking on Mail flow -> Connectors. If you have already created the connectors, they will appear on the specific page.
  • To create or add a new connector, click Add a connector from the Connector page. It will redirect to a new window, New Connector.
  • New Connector: On this page, you must select your mail flow scenario as Your organization’s email server. Under connection to, you will see Office 365 has been greyed out after selecting the above radio button.
  • Connector name: After completing the above steps, you will be redirected to a new window, i.e., Connector name, where you must enter the connector name and a description for the SMTP connector. Also, select options for what to do after saving the connector. Click Next.
  • Authenticating sent mail: Here, you can specify how you want Microsoft 365 to authenticate and accept an email sent from your server.
  • Review Connector: Once you have done all the above steps, you can review or edit your selection from the Review Connector. Finally, click on Create connector.

Now, let’s take a closer look at configuring Microsoft 365 SMTP relay with a connector from the mail flow between Microsoft 365 and your mail server:

  • First, open an Exchange admin center and input your global administrator credentials to access its services.
  • In the left navigation pane, click Mail flow -> Connectors to open SMTP relay settings.
  • Similar to the previous section, create a new connector by clicking on Add a connector. After that, you will be redirected to a New Connector wizard.
  • In this wizard, you must select Office 365 as a connection from your organization’s email server under the option Connection to.
  • Connector name: Here, enter the SMTP connector name and its description. Also, you have to select options for what to do after saving the connector.
  • Use of connector: In this option, you must specify your usage for SMTP connectors.
  • Routing: Input the hostname that will be used by Microsoft 365 for delivering mail. Instead, you might either enter an IP address or FQDN (Fully Qualified Domain Name). After that, add the server by clicking on the + button.
  • Security restrictions: To enable the encryption mechanism, selecting the security question while creating an SMTP relay with TLS connectors is important.
  • Validation email: To validate the configuration of email relay, input single or multiple email addresses on your mail server. Next, Click Validate.
  • Review Connector: Finally, review the configuration of the SMTP relay and click Create Connector
Using PowerShell

If configuring an SMTP relay with connectors via the Exchange admin center proves unsuccessful, an alternative approach involves using PowerShell. Before proceeding, ensure a connection to Exchange Online PowerShell. To establish SMTP relay with connectors, execute the following commands:

$ABC = @{
Name = ‘SMTP Relay’ ## Define name of connector.
ConnectorType = ‘OnPremises’ ## Define type of connector to create.
SenderDomains = ‘*’ ## The set of sender domains allowed to relay.
RequireTLS = $true ## Require TLS
TlsSenderCertificateName = ‘*’ ## Subject/Name of the SSL certificate
New-InboundConnector @ABC

Require TLS: It specifies that all messages received by the specific connector require TLS transmission.

TlsSenderCertificateName: It is a certificate name given by the sender.


Implementing an SMTP relay service is crucial for organizations, offering secure bulk emailing and swift message delivery with tracking capabilities. It eliminates concerns about Microsoft 365 mailbox security. We’ve detailed methods to set up SMTP relay with TLS connectors. Before proceeding, it’s advisable to backup your Office 365 data, which can be easily achieved using Kernel Office 365 Backup & Restore. This innovative tool supports automated backups, various output formats, and smart filters, safeguarding private and shared mailboxes, archive mailboxes, public folders, and Office 365 groups. The tool also provides automated backup capabilities, utilizing built-in CSV files. You have the flexibility to store your backup data in a variety of formats, including PST, DOC, DOCX, EML, PDF, and more. Additionally, it features intelligent filters that enable you to select only the essential data for backup.