Options

office 365 emails not coming out

AlfonsoPCAlfonsoPC
in Firebox - Proxies

Good morning, we are developing a web application, where it is required to use an office 365 email account to send the emails, however they do not appear.

What are the parameters that must be enabled correctly?

Thank you.

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @AlfonsoPC
    Without knowing how you're sending those emails, it's difficult to say what is required.

    -What protocol are you using? (SMTP, MAPI?)
    -Do you have an outbound rule set up to allow that traffic?
    -Do you see any errors for that traffic in traffic monitor on the firewall, or from where you are trying to send the email in your logs?

    -James Carson
    WatchGuard Customer Support

  • Options
    AlfonsoPCAlfonsoPC
    edited August 2023

    Good afternoon, SMTP is being used, port 25, and the smtp.office365.com server for sending mail, an smtp proxy with starttls was enabled in the watchguard and when doing the test sending an error is generated both in the language virus as in the SSL whatchguard FSM which is as follows:

    2023-08-15 13:24:28 UIAMember1 pxy 0x75e220-15302162 5767: 192.168.8.240:58555 -> 52.96.173.178:25 [A t] {B}: Accept SSL Error [ret -1 | SSL err 1 | Details: ssl3_read_bytes/tlsv1 alert unknown ca] Domain: outlook.com PFS: ALLOWED | ALLOWED Debug

  • Options
    shaazaminatorshaazaminator

    I have an application doing the same thing with O365.
    You need port 587 and TLS.
    I just created a custom packet filter instead of a proxy as the application just sends plain text acknowledgements. Easier that way.

    It's usually something simple.

  • Options
    AlfonsoPCAlfonsoPC

    thanks, it worked.

    Good job.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    @AlfonsoPC If you are using TLS encryption and want the firewall to proxy that traffic, your server's SSL cert needs to be uploaded to the firewall.

    See:
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/smtp/proxy_smtp_tls_encryption_c.html

    A packet filter will also work as it does not touch the certificate at all, but will not decrypt the traffic (and therefore won't scan the unencrypted traffic.

    James Carson | Support Engineer
    WatchGuard Technologies, Inc. | www.watchguard.com
    Office Hours: 9:00 AM to 6:00 PM Pacific (GMT-8), Sun - Thurs
    Contact us: https://www.watchguard.com/wgrd-support/support-by-phone/all
    Tech Search: https://techsearch.watchguard.com/
    Feedback: https://www.watchguard.com/wgrd-support/feedback

    -James Carson
    WatchGuard Customer Support

Sign In to comment.