NovaBACKUP and xSP Cloud client software can support using Office 365 for email notifications (non-TLS / non-encrypted method); however, that will not work out of the box. Office 365 SMTP only supports the TLS protocol (not SSL) natively, and these two backup clients do not support TLS as of 01/20/2020. The setup requires the creation of a mail flow connector in Office 365, otherwise the backup clients discussed will fail to relay emails. This will require setting up a non-TLS type SMTP relay connector in Office 365 Admin Center. In order to get this to work it will take an admin in your organization a few minutes to add a special connector entry to your Office 365 premise, by creating a single “Non-TLS Connector using the Exchange Admin Center” as a Non-TLS SMTP relay connector, in Office 365 Admin Center.
The third party guide detailing the mail flow connector creation steps is here. You can also view the article on Microsoft.com here to learn more about mail flow connectors.
Once the mail flow connector is set up it will support the backup clients sending email via Office 365 to recipients in the same domain as well as any external domains. Once your setup is place, the communication from the backup client to the Office 365 mail server address will not be encrypted since these backup clients do not support the TLS encryption protocol, only SSL which Office 365 does not support. Once the email is received from Office 365 from NovaBACKUP client it will be relayed your recipients with TLS encryption enabled, to whatever addresses you specified to send to – once the email is sent out by Office 365 to the target addresses those emails will be sent with TLS encryption. We have verified this will work using NovaBACKUP 19.5, xSP Cloud 19.5, and it is able to send email notifications to our Office 365 mail server "MX" address, and the emails are routed to our own domain @novastor.com and @gmail and @yahoo addresses without issue. The external firewall must allow TCP port 25 access outbound, and any local software firewall on the machine running the backup client software must allow TCP port 25 outgoing. The admin for the company / organization that needs NovaBACKUP or xSP/Cloud software to utilize Office 365 for email notifications will have to retrieve their MX server address for Office 365 for their own domain, in the format such as “novastor-com.mail.protection.outlook.com” and then they will need to spend two minutes configuring their Office 365 SMTP Relay with Connectors (“Create a Non-TLS Connector using the Exchange Admin Center”), inside Office 365 Admin Center (an admin of Office 365 in the company will have to do it). For us, the connector looks like this:
You will need to know your Exchange Online “MX” DNS address, found in 365 Admin Center > Setup > Domains area, for example:
The Office 365 SMTP Relay (Non-TLS) connector has these properties, added by an Office 365 admin, inside O365 Admin > Exchange > Mail flow > Connectors area, all you have to do is set up a new connector and specify “From: Your organization’s email server” and “To: Office 365”, for the type of connector, and then specify your organization’s static external facing IP address (you can add multiple if your company has more than one public IP address); this won’t support non-static external IP's, and then turn on the connector:
First part of the setup, adding the new connector by clicking on the + button in Connectors screen:
Second screen in the new connector setup:
Third screen in the new connector setup, enter your company's internet facing IP address(s):
Fourth and final screen in the new connector setup, showing the details to confirm:
Once the connector is created and turned on you will want to verify that your computers that have NovaBACKUP or xSP Cloud installed on them, which require email notification setup with Office 365, can reach the Office 365 MX mail server address. To verify that a machine, that has NovaBACKUP or xSP Cloud client installed on it, can connect to the Office 365 mail server MX DNS address, open a command prompt from that machine, and attempt to telnet to the MX server address that you had noted earlier (and in Step 5 of the guide here). A Telnet Client (like PuTTY) will need to be installed on the machine to do this, you can install the standard "Telnet Client" using Windows Server Manager (for a Server OS) or "Programs and Features > Turn Windows features on or off" (for a Workstation OS). Use the command: 'telnet YourMXServerAddress 25', example seen here:
If your connection to the Office 365 MX mail server at port 25 is successful, you will see information regarding the mail server that you are connected to, mentioning the full MX DNS address and the SMTP server will display some information to tell you the connection was successful, you can issue the SMTP commands "EHLO", which will output some text, and then "QUIT" to drop the connection, once you have verified the connection is good. This is what a successful SMTP server telnet connection looks like:
To avoid emails relayed through the connector being blocked as spam, it is recommended to add the external IP address(s) that you specified during the third screen section of the new connector setup, into Office 365 Admin Center's allowed IP "Connection filtering" list. This list is located in 365 Admin Center > Exchange Center > Protection > Connection Filter ("IP Allow list - Always accept messages from the following IP addresses" section). Simply add in all of the IP addresses that you entered into the third screen section of the new connector setup, that you performed prior.
After adding the "SMTP Relay (Non-TLS)" connector, used by non-TLS devices and software, in Office 365 Admin Center, and verifying the connection from the machine where the backup client is installed to successfully connect to your own MX server address, you can configure the backup client for Office 365. The SMTP based email notifications work to recipient addresses at NovaStor.com, Gmail.com, and Yahoo.com using NovaBACKUP and xSP/Cloud client, with these email settings:
Note: Do not enable the "Use SSL" or "My server requires authentication" items, as they won't work with Office 365 for these backup clients. You may want to increase the Retries from 1 to 2, and the Timeout Interval settings from the default 5 seconds to 30 seconds, as seen above. A test email sent to an external domain recipient may take longer than expected to be received in our testing, possibly up to 5 minutes. If the email does not come through please make sure to read and follow the instructions in the "To avoid emails relayed through the connector being blocked as spam" section of this guide. Also, make sure that the connector that you created is showing Status = "On". If you still have trouble here please make sure that TCP port 25 is allowed both on the local software firewall and the external firewall, which you can test with the "telnet to the MX server address" section of this guide.
Finally, verify at the recipient end that the test email(s) were received, to both your own domain recipients and to external domain recipients, at gmail.com or yahoo.com for example. Make sure to test the email configuration to send a test email to both a recipient in your own domain as well as an outside / external domain recipient, at gmail.com or yahoo.com for example.