Office 365 using port 25 Forward and Copy [Solution]

[Tech Electronics]

Everyone,

It has come to my attention that there are some customers who do not want use the Enhanced Integration. Of course there are times when the service has been updated and it breaks Enhanced Integration.

The best solution to this day that I have found is using the base MX record instead of the DNS of their email domain. The format should follow this format: {Subdomain}{-}{Top Level Domain}.mail.protection.outlook.com

For example let's say that testsite.com is an email domain for our site. The root MX should be testsite-com.mail.protection.outlook.com. This is what you would use for the Email Server under the Email Gateway settings.

In order to verify this you could have the customer perform the following steps.

Go to https://portal.microsoftonline.com
Log in as an Administrator onto the Office 365 web portal.
Select the Admin drop down and click on Office 365
  
Select Domains from the left side Menu
  
Select the Radio Button for the primary domain and then click on Domain Settings on the right.
  
Click on the View DNS Records Link under DNS Records Paragraph
Copy the MX Records Points of Address URL

Thanks,

TE

[619Tech]

Thanks for sharing TE!

[Tech Electronics]

Everyone,

I think that Office 365 has changed something within the last week as we have been getting a lot of calls for systems that are not setup as Enhanced Integration.

The biggest issues is those setup to use smtp.office365.com as the Email Gateway. The biggest clue to this issues is the two following SMTP errors.

530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM

550 5.7.60 SMTP; Client does not have permissions to send as this sender

The solution to this problem is the above mentioned root MX record being used for the Email Gateway instead of smtp.office365.com

Thanks,

TE

[Camoron]

Hi,

I am bumping this topic because I have a client who is having issues with Forward & Copy using office 365. They are using smtp.office365.com as their SMTP server on port 587 for TLS. They said it was working up until mid September (which is, perhaps not coincidentally also around the time they started disconnecting a branch they no longer own, including the phone system which was networked...). I did go into their admin account on Office 365 and into their default domain, which was a .onmicrosoft.com domain, and I did not see any DNS records available, or else I would have tried the MX record you mentioned!

I've tried using our own, known-good phone system gmail settings to see if I could get an email out and even that wouldn't work. It seems they may have some sort of network issue but I don't know what it is. Is it possible their phone system is connected to the network (so we can get into DB programming) but not connected to the internet (so it can't send email)? I looked in logs but since they are only using Forward & Copy I don't see much helpful information to look through. It gets a voicemail and tries to send it.

Thanks

[Tech Electronics]

Camoron,

The MX Records on Office 365 always follow the pattern I provided so if you know their domain you have everything you need to create their root MX record.

As for fixing your issue what troubleshooting steps have you taken so far? Have you looked at the mail logs to see what is going on? Have you verified the system has access to the Internet?

Thanks,

TE

[Camoron]

Trouble is, they have two domains. They use one for the phone system email address and the other for users. I tried them in the format you recommended but nothing. I also tried our own settings and nothing. The system is connected to the network so I would assume it's connected to the internet, but this is my only idea, that for some reason, it isn't. Unfortunately, I don't know how to confirm whether or not it's on the internet, only if it's on the network. Is there a way I can send a ping from the phone system?

And yes, I have looked at vmail logs and didn't see anything helpful. They are set up for forward & copy so as far as I know there is no way the phone system would report on it if there is a problem with sending the email?

[acejavelin]

I often find the best "cure" for unusual hosted email situations is to get an email address from your ISP... like mitel5000@ispprovider.com

- They usually provide 5+ free for commercial accounts
- They usually allow open SMTP (Port 25) with plain text authentication
- Their servers rarely change (smtp.ispprovider,com)
- Their email servers have valid MX records so the relay emails never get rejected

Trouble is, they have two domains. They use one for the phone system email address and the other for users. I tried them in the format you recommended but nothing. I also tried our own settings and nothing. The system is connected to the network so I would assume it's connected to the internet, but this is my only idea, that for some reason, it isn't. Unfortunately, I don't know how to confirm whether or not it's on the internet, only if it's on the network. Is there a way I can send a ping from the phone system?

And yes, I have looked at vmail logs and didn't see anything helpful. They are set up for forward & copy so as far as I know there is no way the phone system would report on it if there is a problem with sending the email?

Connected to the network does not necessarily imply being connected to the internet... You will need to verify the IP information (gateway, subnet mask, DNS settings, etc), VLAN, routing ect.

You cannot "send a ping" from the phone system, but you can setup NTP time synchronization, if it works it is a pretty good indication that the system can get to the internet.

[Tech Electronics]

Camoron,

There are a few ways to determine whether or not the system can access the Internet and as Acejavelin stated you can verify with the NTP service, but there is a way to do a ping from the Mitel 5000 that will tell you whether or not it can resolve the name and actually reach the destination.

If you open up an SSH connection to the system and then go to Command Prompts you can do a ping smtp.gmail.com or www.google.com and it should come back with an IP Address and whether or not it can ping it.

As for the vmail log that is the wrong log to be looking at for smtp issues. Open up your System Administration and Diagnostics tool and connect to the system. Then press the play button and use the drop down button to open up the tabs. The first tab is Favorites which should have a System Information box within it, if it doesn't you can find that box under the System Information Tab as well. At the bottom of that box you will find a View System Logs button that will show you all of the logs the system is keeping. If you scroll down that list of logs you will find one for NTP and you will also find one for mail.log which will have any SMTP error information that you would need in it.

Hopefully that gets you further along with your testing and figuring out what is going on, but if I had to guess I would say that the system doesn't have access to the Internet or the IP Settings are no longer correct for the new site.

Thanks,

TE

[Camoron]

Thanks for the very helpful info... It has been my suspicion all along that the phone system wasn't connected to the internet, and now I can test that theory... assuming I can get  into the client's system. I was working with them remotely on this entirely over the phone, I have never seen their database and I don't know how it's set up beyond what they've told me, but you've given me a lot to go on. Thanks!

[Tech Electronics]

Camoron,

I understand that troubleshooting remotely is a time saver for both you and your company, but there are times when it is necessary to go out to a site so you can see what is going on. If they do not have port 22 open to allow for SSH, which they shouldn't, then getting to the command prompt is pretty much a no go. The NTP service on the other hand would work if they have port 443 opened up so you can get to the logs through the web service, again they shouldn't allow this over the Internet for security reasons.

I hope that you are able to get this resolved for your customer as it has been a few days for them and I know our customers would be ready to hang someone by now.

Thanks,

TE

[acejavelin]

BTW... It should be reinforced here that you should NEVER have SSH (port 22/TCP) blindly port forwarded to the 5000, hacking attempts will occur, and the system can easily experience extremely noticeable slowdowns to the point it will become unusable... Users report VM, key press, ringing, and most other actions delayed significantly, I saw one site where a button press on the phone would be delayed over 10 seconds and voicemail wouldn't start playing greeting for 30 seconds after you got through waiting for the key presses to be recognized.

Sent from my MotoG3 using Tapatalk

[Camoron]

Camoron,

I understand that troubleshooting remotely is a time saver for both you and your company, but there are times when it is necessary to go out to a site so you can see what is going on. If they do not have port 22 open to allow for SSH, which they shouldn't, then getting to the command prompt is pretty much a no go. The NTP service on the other hand would work if they have port 443 opened up so you can get to the logs through the web service, again they shouldn't allow this over the Internet for security reasons.

I hope that you are able to get this resolved for your customer as it has been a few days for them and I know our customers would be ready to hang someone by now.

Thanks,

TE

I was actually using Remote Desktop to connect into their system, the one time I did. Anyways, going to the client is what I would have preferred, but my boss wanted me to help remotely... frankly, I am not even sure if our company is charging them for our time as it is an "old friend" of my boss (the owner).

We have confirmed the client's unit is online as he had another issue with IP Phones which we now have working. Our client isn't in a particular hurry to get Unified Messaging working, I guess, and as far as I know it's still not working, so I'll follow up and see what I can find out. I am really pretty stumped on this but I still think it's some sort of internal problem.