Options
office 365 emails not coming out
Good morning, we are developing a web application, where it is required to use an office 365 email account to send the emails, however they do not appear.
What are the parameters that must be enabled correctly?
Thank you.
0
Sign In to comment.
Comments
Hi @AlfonsoPC
Without knowing how you're sending those emails, it's difficult to say what is required.
-What protocol are you using? (SMTP, MAPI?)
-Do you have an outbound rule set up to allow that traffic?
-Do you see any errors for that traffic in traffic monitor on the firewall, or from where you are trying to send the email in your logs?
-James Carson
WatchGuard Customer Support
Good afternoon, SMTP is being used, port 25, and the smtp.office365.com server for sending mail, an smtp proxy with starttls was enabled in the watchguard and when doing the test sending an error is generated both in the language virus as in the SSL whatchguard FSM which is as follows:
2023-08-15 13:24:28 UIAMember1 pxy 0x75e220-15302162 5767: 192.168.8.240:58555 -> 52.96.173.178:25 [A t] {B}: Accept SSL Error [ret -1 | SSL err 1 | Details: ssl3_read_bytes/tlsv1 alert unknown ca] Domain: outlook.com PFS: ALLOWED | ALLOWED Debug
I have an application doing the same thing with O365.
You need port 587 and TLS.
I just created a custom packet filter instead of a proxy as the application just sends plain text acknowledgements. Easier that way.
It's usually something simple.
thanks, it worked.
Good job.
@AlfonsoPC If you are using TLS encryption and want the firewall to proxy that traffic, your server's SSL cert needs to be uploaded to the firewall.
See:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/smtp/proxy_smtp_tls_encryption_c.html
A packet filter will also work as it does not touch the certificate at all, but will not decrypt the traffic (and therefore won't scan the unencrypted traffic.
James Carson | Support Engineer
WatchGuard Technologies, Inc. | www.watchguard.com
Office Hours: 9:00 AM to 6:00 PM Pacific (GMT-8), Sun - Thurs
Contact us: https://www.watchguard.com/wgrd-support/support-by-phone/all
Tech Search: https://techsearch.watchguard.com/
Feedback: https://www.watchguard.com/wgrd-support/feedback
-James Carson
WatchGuard Customer Support
I have a similar issue to AlfonsoPC, plus I'm new to managing a Firebox. I've read the documentation and watched a few vids, and I think I created a custom packet filter and policy for 587 properly, however, when I test I see in traffic monitor that the traffic is blocked with a 'Unhandled internal packet-00' error.
I've tested connections over TCP 25 & 465 and both work, but the 587 just doesn't. I even included UDP 587 to see but no luck, and all other settings of the policy were left at default.
I'm wondering if order policy is an issue or did I configure incorrectly? If not, I certainly need help.
Whenever you see an "Unhandled Internal Packet-00" type log, that generally means it didn't match any of the policies you have defined.
Your screenshot shows the "587" policy matching traffic from "Any-Trusted" to "Any-External" - I am wondering if the internal system is not directly on a trusted interface (the only way that is going to match), in which case you'd need to specify that internal system IP address/subnet in the "from" rule.
Please post a sample deny log message with 'Unhandled internal packet-00' as the reason