How to configure IIS SMTP cloud relay


If you have on-premises Line of Business (LOB) applications that need to send email and you no longer have an on-premises Messaging environment (Exchange or otherwise), you can use Exchange Online (EXO365) to send these messages. Below are the steps needed to accomplish this task:

Note: You must send SMTP Relay mail to using an online activated user with an ExO Mailbox.

Note: You can send ALL MAIL to this endpoint and the SMTP Relay server WILL deliver mail to the proper location (i.e. EXO365 mail is delivered along with Internet Mail being routed out and delivered)


General SMTP Relay settings for Office 365

  • User with mailbox
  • SMTP Port = 587
  • TLS Encryption required
  • Server is (However, it is recommended that you use the server where the mailbox is located)
  1. Sign into Outlook Web App
  2. Navigate to Options, then select See All Options
  3. Under Account, My Account, Account Information, click the link Settings for POP, IMAP, and SMTP access...
  4. Information provided will be your SMTP settings


Configuring IIS


1. Create a user with an Exchange Online mailbox

    • You can either create the user in your Active Directory, run Directory Synchronization, Activate user with Exchange Online license. (The user must not have an on-premise mailbox)
    • Or you can create the user using Microsoft Online Portal or via Microsoft Online Services PowerShell Module and assign the user an Exchange Online license.

      2. Configure either the LOB or IIS SMTP Relay server. In this example I am using an IIS SMTP Relay server that other applications can use to send mail:

      1. Install IIS onto an internal server, selecting to install the SMTP components
      2. Expand the Default SMTP Virtual Server and click the domains node
        1. Right-click Domains and select New > Domain > Remote
        2. Name = *.com and click Finish
      3. Double-click the newly created domain
        1. Ensure “Allow incoming mail to be relayed to this domain” is checked
        2. For Forward all mail to smart host, type

          4. Click Outbound Securityand configure the following settings

            1. Select Basic Authentication
            2. For User, type the user name and password of the Office 365 mailbox user
            3. Check the TLS encryption option
            4. Click OK


            5. Right-click the Default SMTP Virtual Server node and select Properties

              1. Click the Delivery tab

              2. Click Outbound Connections

                  1. TCP Port = 587
                  2. Click OK

               3. Click Outbound Security

                1. Select Basic Authentication
                2. For User, type the user name and password of the Office 365 mailbox user
                3. Check the TLS encryption option
                4. Click OK


                4. Click the Access tab

                  a. Then select Authentication tab, select Anonymous access, Then click OK

                    b. Then select Relay tab, then select Only the list below, Add the IP addresses of the client Line-of-Business machines which will be sending the email messages.

                    You should now be ready to go and your Line of Business applications can send email messages


                    Applies To:

                    Microsoft Office 365 for Enterprise

                    Comments (2)
                    1. Acropia says:

                      I want to do the same thing, but my SMTP relay server keeps saying the TLS server certificate is missing in Event Log: "No usable TLS server certificate for SMTP virtual server instance '1' could be found. TLS will be disabled for this virtual-server." Any ideas?

                    2. Mikkel H says:

                      Hi Acropia Create a self signed certificate in IIS with your servername, this should work

                    Comments are closed.

                    Skip to main content