Description
Shield does not support SMTP relay for devices or applications. Mailprotector recommends using a service designed for this purpose for SMTP relay. However, some tenants successfully used Microsoft SMTP relay for their use case before onboarding to Shield.
Shield connectors and transport rules are added in Step 3 of onboarding, before clicking Activate users. Although mail flow is in pass-through mode, relayed mail may fail to deliver because Shield does not support SMTP relay.
This article outlines the change that must be made for the relay to continue working once Shield connectors and transport rules are added to the Microsoft 365 tenant.
Please review Microsoft's sending limits to know if your use case is supported by Microsoft.
Determine the List of Relay IP Addresses
For an existing Microsoft SMTP Relay, a connector will already exist showing all of the IP addresses and ranges used for relay. These will be copied into a Shield transport rule.
Modify the Shield - Send to Outpost Transport Rule
- From within Exchange Admin Center click on Mail Flow > Rules.
- Click on the Shield - Send to Outpost rule rule then click on Edit rule conditions.
- In the Except If section, choose:
- The sender
- IP address is any of these ranges or exactly matches
- Enter each of the IP addresses or address ranges and click Add
- Click Save
The IP address and range above are examples. Please add your environment's IP addresses and ranges.
- Review the rule to ensure that all relay IP addresses and ranges are correctly entered.
- Test all devices and applications to ensure they are able to send and deliver in Microsoft message trace.
Getting Help
If you need assistance with Shield Organization Setup, please contact the Partner Success team.
Related to
Updated