Office 365 settings

Hi,

after one day of trying, I have a solution now, that I want to document here:

I use Office 365 as an Email provider in my company. In this tutorial I explain how to set it up. I assume, that you are the owner & admin of the office 365 company account.

Email Server
goto: admin.microsoft.com → Exchange
goto ‘Mail Flow’ → Connectors

Add a Connector
From: E-Mail Server of your company
To: Office 365
Add the IP of your ERP-next Server

While setting up you Domain, you will create a MX-record that looks something like:
YOURCOMAPNYNAME01i.mail.protection.outlook.com

Preparing the Email Account
Your Email Account can not be a admin in your organisation! If that is the case you have to deactivate the azure security defaults: Bereitstellen eines Standardsicherheitsniveaus in Azure Active Directory - Microsoft Entra | Microsoft Learn

Create a non-admin Email account.

Goto https://aad.portal.azure.com/ >> Users >> Multi-Factor-Authentication
Click on your user and deactivate MFA in the quicksteps.

ERPnext >> Settings >> Email Domain
Email Server: outlook.office365.com
Use IMAP: true
Use SSL: true
Port: 993

SMTP Server: YOURCOMAPNYNAME01i.mail.protection.outlook.com
Use TLS: true
Use SSL: false
Port: 25

ERPnext >> Settings >> Email Account
Email Address: foo@bar.com
Password: YourPassword

(…)

Disable SMTP server authentication: true

Let me know if that worked for you. I spend one day figuring out what to set up - hopfully this post helps you to do it quicker.

I am well aware, that you can use MFA and create an APP-Password. Feel free to contribute a tutorial if you need that.
You can set up App passwords here, after you have activated MFA.
https://account.activedirectory.windowsazure.com/AppPasswords.aspx

Cheers
Jan

Thanks for this guide. It works partially for me. All outgoing email is marked as Spam as it fails the SPF checks.

Now I need to configure the SPF domain settings to add the ERPNext hosted servers as permitted senders for my domain. I’ve asked ERPNext on a support ticket for these details.

I have created a no-reply@domain.com for this. Can we set up? Need help @JanMrlth
Stuck after this process:
Add the IP of your ERP-next Server

Hi,
how to add an email account if we are using Gmail as a mailing service.
Because, when I am creating an email account, it shows an error.

Server Error

Close Report

TypeError: Object of type ‘error’ is not JSON serializable

How to resolve this error?

what exactly is the problem?
Goto Sign in to your account
And follow these instructions: SMTP Relay

You might want to check, if your IP is blocked by Microsoft.

Login to the machine, that runs erpnext and is used to send the emails.

open a telnet connection:

telnet http://YOURCOMAPNYNAME01i.mail.protection.outlook.com 25
220

HELO [your domain]
250

MAIL FROM: [sender email]
250

RCPT TO: [recipient email ]
550 5.7.511 Access denied, banned sender[YOUR IP ADDRESS]. To request removal from this list please forward this message to delist@messaging.microsoft.com. For more information please go to Email non-delivery reports and SMTP errors in Exchange Online | Microsoft Learn. AS(1410) [BE0DEU01FT009.eop-deu01.prod.protection.outlook.com]

Contact Microsoft Support, if you get a 550 here.

Cheers
Jan

Hi Jan,

I tried everything you have described also I have read the SMTP Relay manual, but no luck.
I keep getting the following error when I try to send an email:

smtplib.SMTPSenderRefused: (530, b'5.7.57 Client not authenticated to send mail. [ZR0P278CA0015.CHEP278.PROD.OUTLOOK.COM]', 'Mert Somun ')

Sincerely,
Mert Somun

As long as your company has the ‘security defaults’ enabled, this overrides all settings and does not allow you to use ‘legacy authentication’.

The only way to send mail, is via the SMTP relay. Have you created the connector? The IP is the only check, if you are allowed to send mail. There is no other AUTH for the SMTP relay.

Hi Jan,

Did I mis something? I also don’t have error log. Also when i do send email I dont get an error.

Domain settings:

domain-settings746×786 14.7 KB

Email Account Settings:

email%20account-settings-01808×813 10.8 KB

email%20account-settings-02721×743 12.4 KB

Connector added:

connector%20created565×553 7.32 KB

Azure security defaults:

Disabled SMTP AUTH:

Hi Jan,

Now it is working I don’t know if it has to do something with time or with my latest move; delist portal:

https://sender.office.com/

Sincerely,
Mert Somun

I never got a useful reply to my request for support on this and I had no time spare to devote to it.

The email servers used by ERPNext (for my hosted instance) are at poneytelecom.eu.
Their IP blocks are listed on their website: http://poneytelecom.eu/
I created a DNS TXT record for my domain like this:
v=spf1 include:spf.protection.outlook.com ip4:62.210.0.0/16 ip4:195.154.0.0/16 ip4:212.129.0.0/18 ip4:62.4.0.0/19 ip4:212.83.128.0/19 ip4:212.83.160.0/19 ip4:212.47.224.0/19 ip4:163.172.0.0/16 ip4:51.15.0.0/16 ip4:151.115.0.0/16 ip4:51.158.0.0/15 ip6:2001:bc8::/32 -all

This contains all the poneytelecom IP space (to mark ERPNext originating emails as permitted) and the Office 365 mail servers.

It’s covering a very large IP space, but I can’t narrow it down any further without help from ERPNext support.

Hi Jan
Please if you can clarify which password: regular or App password
I have tried with App password, attached config

image1359×741 48.8 KB

It give me invalid outgoing mail server or port?

Where is the problem!

I have tried this but no luck so far.

this is seriously frustrating … I get the following error:

Error connecting via SMTP: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:997)

I am using bench 5.15.2, and I generated the SSL certificates through the bench lets encrypt script.

does anybody have any idea what I might do?

Probably related to end of support of basic auth from Microsoft, just OAuth from now.

Work in progress on this PR:

I think it is near to merge.
Be patient.

Sigh. Thanks

Hi @JanMrlth,

I have followed your guide but I seem to get an error.

Invalid Outgoing Mail Server or Port: SMTP AUTH extension not supported by server.

What I’m I doing wrong?