What are options for IIS SMTP 6.0 to relay mail to smtp.office365.com

Question

What are options for IIS SMTP 6.0 to relay mail to smtp.office365.com

Anonymous

Currently we have a number of local applications, and devices that send email to our local IIS SMTP service. That service then relays it to smtp.office365.com using TLS and Basic authentication (office 365 user id / password dedicated to this function). Our email is thru office 365.

It is my understanding that this will no longer work starting in September 2025 (please confirm). Something about requiring Oauth 2.0.

If it no longer works, what other solutions can we do?

Would prefer not to send these emails thru a third party. Is there a way to send directly thru Microsoft as we are currently doing?

Typically looking at about 10,000 emails a month.

Any help / suggestions would be apprecaited.

Thank you

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

7 additional answers

Answer 1

Hi Warren,

Thanks for following up! Yes, Microsoft has officially updated the timeline for Basic Authentication deprecation in Exchange Online for Client Submission (SMTP AUTH). Instead of the previous cutoff in September 2025, the transition will now begin on March 1, 2026, with full enforcement by April 30, 2026.

Since your current setup relies on Basic Authentication, it will continue to function until March 2026. However, after that date, Microsoft will gradually start rejecting Basic Authentication requests, leading to full deprecation by April 30, 2026.

This extension gives you more time to explore alternative solutions, such as:

Microsoft 365 SMTP Relay (no authentication required).

OAuth 2.0-based authentication for SMTP submissions.

Microsoft Graph API for email sending.

I hope my information helps you well. Please don't hesitate to reach out again if you need any further assistance.

As other users will also search information in this community, kindly mark it as an answer and upvote, your valuable vote will definitely also help other users who have similar queries easily to find the correct channel and useful information more quickly.

Greatly Appreciate again for your patience and understanding.

Best Regards,

Sora-NG - MSFT | Microsoft Community Support Specialist.

Answer 2

Hi Warren,

Thank you again for your detailed follow-up and for taking the time to implement the connector setup. I’ll address each of your questions below to help clarify the configuration and ensure your transition to Microsoft 365 SMTP Relay is smooth.

Relay Server Configuration

You're absolutely right to question the use of smtp.office365.com. For Microsoft 365 SMTP Relay using a connector, the correct relay server is:

Your MX endpoint, e.g., MyDomain.mail.protection.outlook.com

This matches the guidance shown in your screenshot and ensures that mail is routed through your tenant’s accepted domain

Sent Items Visibility

Unfortunately, SMTP relay does not store sent messages in the mailbox’s Sent Items folder. This behavior is specific to authenticated SMTP submissions (e.g., using SMTP AUTH or Microsoft Graph API). If retaining sent messages is critical, consider:

Using Microsoft Graph API for authenticated sending (supports OAuth 2.0 and logs sent mail).
Configuring a shared mailbox with SMTP AUTH (if supported by your app) to retain sent items.

Port 25 Direction

Port 25 should be open for outbound traffic from your application or device to Microsoft 365. Inbound access is not required unless you’re receiving mail directly.

IP Address Clarification

Yes, you are correct, the IP address referenced in the connector setup should be your WAN’s static IP address. This is the public IP that Microsoft 365 will use to validate the source of the relay traffic.

From Address Flexibility

You can send from any address within your verified domain, even if it’s not the mailbox used for authentication. However:

The domain must be listed in your Microsoft 365 tenant.
SPF records should reflect this usage.

SPF Record Update

If your static WAN IP is already included in your SPF record, you’re ahead of the game. Just ensure the SPF record includes:

ip4:

This helps prevent spoofing and ensures deliverability.

Connector Logging

Microsoft 365 does not provide real-time logs for SMTP relay connectors, but you can:

Use Message Trace in the Exchange Admin Center to track delivery status.
Filter by sender, recipient, or time range to confirm if messages were processed.

Hope my information helps! I’m happy to assist further!

Best regards,

Sora-NG - MSFT | Microsoft Community Support Specialist.

Answer 3

Dear Warren,

Thank you for your detailed follow-up. Since your current setup relies on IIS SMTP 6.0 with Basic Authentication, and Microsoft is requiring OAuth 2.0 starting September 2025, you’ll need to transition to a supported method. Below are tailored solutions for each of your applications and devices.

Recommended Solution – Microsoft 365 SMTP Relay

Microsoft 365 SMTP Relay is the best alternative for your setup because: It does not require authentication, making it compatible with devices that don’t support OAuth 2.0. It allows relay through Microsoft 365 without needing a third-party service. It supports high-volume email sending (10,000+ emails per month).

How to Configure Microsoft 365 SMTP Relay

To set up SMTP Relay, follow these steps:

Open Exchange Admin Center (Microsoft 365 Admin).
Navigate to Mail Flow > Connectors.
Create a new connector for SMTP relay.
Configure the connector to accept mail from your LAN’s static IP address.
Use smtp.office365.com as the relay server.
Ensure port 25 is open on your firewall.

Step-by-Step Guide for Microsoft 365 SMTP Relay

Application-Specific Adjustments

Microsoft SQL Database Mail

Modify the Database Mail profile to use Microsoft 365 SMTP Relay instead of IIS SMTP.
Update the SMTP server settings to smtp.office365.com with port 25.

Third-Party Application & Excel Macros

If the application supports SMTP configuration, update it to use Microsoft 365 SMTP Relay.
If it requires authentication, consider OAuth 2.0-based SMTP authentication.

UPS Notifications & Multifunction Printers

Most UPS systems and printers support SMTP relay without authentication.
Update the SMTP settings to use Microsoft 365 SMTP Relay with your organization’s static IP.

Alternative: Microsoft Graph API for Email Sending

If some applications require modern authentication, consider using Microsoft Graph API instead of SMTP.

Graph API supports OAuth 2.0, making it a secure alternative.
Works well for automated email sending from applications.

Hope my information finds you well. Please don't hesitate to reach out again or providing us information again.

Best Regards,

Kristen - L - MSFT | Microsoft Community Support Specialist.

Answer 4

Dear Warren,

After reviewing Microsoft’s recent announcements, Basic Authentication for SMTP will be deprecated, and starting in September 2025, OAuth 2.0 will be required to relay emails to smtp.office365.com. Since IIS SMTP 6.0 relies on Basic Authentication, it will no longer work for email relay beyond this date.

Alternative Solutions for SMTP Relay

Use Microsoft 365 SMTP Relay (Recommended)

Configure applications and devices to relay mail through Microsoft 365 SMTP relay using a connector.
Does not require authentication and works with devices that don’t support OAuth 2.0.
Setup guide: Microsoft SMTP Relay Configuration

Implement OAuth 2.0 Authentication

If applications support OAuth 2.0, configure them to authenticate using Modern Authentication instead of Basic Authentication.
Microsoft provides instructions for OAuth-based SMTP authentication.

Consider an On-Premises Exchange Server

Setting up an on-premises Exchange Server allows relaying emails to Microsoft 365 without using third-party services.
Requires additional infrastructure but provides full control over email routing.

Explore Microsoft Graph API for Email Sending

Instead of SMTP, Microsoft recommends using Microsoft Graph API for email sending.
Supports OAuth 2.0 authentication, making it a secure alternative.

Since your organization sends approximately 10,000 emails per month, Microsoft 365 SMTP relay remains the best alternative while ensuring email routing stays within Microsoft’s ecosystem.

I hope this information helps. Please don’t hesitate to reach out again if you have any further questions!

Best regards,

Chris-DKN - MSFT | Microsoft Community Support Specialist.

Answer 5

Good Morning

Thank for your reply. Let me give you some additional background that may help you provide me some additional information. First I am no longer an I.T. guy. I do some I.T. as an extra hat since I am from a small company. So I have enough older knowledge to be dangerous :).

All of the items below are within our LAN and connect to our IIS 6.0 SMTP service anonymously. The SMTP service relays it to smtp.office365.com using TLS and Basic authentication (office 365 user id / password dedicated to this function)

A number of Microsoft SQL jobs send out email via the SQL Database Mail function

One application (3rd Party)

Excel Spreadsheet Macro

Hardware - UPS's send out notifications when there are power issues

Multifunction Printer

The above items are the items sending out SMTP mail that I need to get converted to something. I am trying to find the the easiest and best solution. I am not sure how to get those items to use Microsoft 365 SMTP Relay. Any additional guidance would be greatly appreacited.

Thank you

Share via

What are options for IIS SMTP 6.0 to relay mail to smtp.office365.com

7 additional answers