-1

I have a successful and working 365 install (it's just family, but we're an Enterprise tenant because we have multiple domains.) Everything is working fine and I've recently been reviewing and tightening SPF/DKIM/DMARC practices and routing. (E.g. now the homelab systems all email via 365 SMTP so they get DKIM signatures.)

Today's question: User-me has a Gmail address; this Gmail address is forwarded using Gmail forwarding to end up at my canonical email address on 365. (Let's call these [email protected] and [email protected].)

I'd like to be able to use the Outlook or OWA clients (signed in as [email protected]) to send From [email protected], and have the outgoing email go via Google's email servers (thus getting the expected DKIM, etc.).

Based on some thinking and this Reddit thread I think I should be able to set up an outgoing connector that routes to aspmx.l.google.com‎ and a transport rule that sends to the connector only when the From address is [email protected].

Creating the connector and the rule seems to work, but send attempts with [email protected] as the From address get rejected by Exchange, apparently before ever hitting the rule and the connector:

ROP Associated: ropTransportSend (74)
Microsoft.Exchange.Data.Storage.SendAsDeniedException: Can't send message.
 ---> Microsoft.Mapi.MapiExceptionSendAsDenied: MapiExceptionSendAsDenied: Unable to send message. (hr=0x80070005, ec=1244)

Do I need to add [email protected] as a permitted SendAs to the truefoo user, or to the [email protected] mailbox... somehow? Can I do it within EAC? Or do I have the wrong end of the stick entirely?

Improve this question

2 Answers 2

Reset to default
1

You can't send an email from Office 365 from an email address that isn't from one of your Office 365 accepted/verified domains. So... can you send an email from your Office 365 mailbox ([email protected]) as [email protected]? No, you cannot.

Improve this answer
1
  • Generally true, but a clarification: You can only originate emails from 365 that have a matching domain to your verified/accepted domains — but you can send emails through 365, from entirely arbitrary addresses, using SMTP Relay.
    – lairdb
    Commented Feb 28 at 14:49
0

I have the wrong end of the stick, sortof. Here's the flaw in my underlying logic: at no point have I authenticated to GMail as an authorized user. If there was a way for me to have E365 use an SMTP user/password to send the email via GMail, that would work (or at least, be a step forward), but there doesn't appear to be such a thing as an SMTP outbound connector.

Also, a clarification: You can only originate emails from 365 that have a matching domain to your verified/accepted domains — but you can send emails through 365, from entirely arbitrary addresses, using SMTP Relay. The originating device must authenticate to 365 via cert or via preauthorised IP, and the originating device’s IP is the message’s source IP for SPF purposes.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .