SMTP Relay Configuration to Send Emails from Total Access Emailer with Office 365

Total Access Emailer uses SMTP to send your emails from Microsoft Access. That requires you to have an SMTP email server that allows you to send emails from the FROM addresses you specify.

There are many SMTP server providers including your internal Exchange Server and public providers like Gmail, Office 365, and services from ISPs.

With Office 365, Microsoft hosts Outlook and your emails in the cloud eliminating the complexity of hosting and managing your own Exchange server. As part of the service, Office 365 includes an SMTP server that lets you send emails without using Outlook. This lets programs like Total Access Emailer send emails on your behalf.

Email from Any Email Address Based on IP Address

The Office 365 Exchange Server can be configured to allow SMTP Relay for specific IP addresses. This eliminates the need for a specific user name and password login.

For a fixed location like an office or web site, a specific IP address or set of IP addresses can be allowed to use the SMTP server. Once configured, you can send emails on behalf of all the email addresses in your account without setting delegation rules.

This lets you use the SMTP protocol with SMTP server name MyAccount.mail.protection.outlook.com.

Assuming your Office 365 account is configured, you can connect to the smtp.office365.com server with your email address and password, then email messages using your FROM address.

If you want to send emails using other email address as the FROM address (e.g. accounting@MyDomain.com, sales@MyDomain.com, etc.), those email accounts must allow the Logon Name to send messages on its behalf. This is called Mailbox Delegation.

Go to the Exchange Administrator site

Go to https://admin.exchange.microsoft.com


Specify which Accounts can Send Emails for it

Select a mailbox that you want to allow another login to email on its behalf, and click the pencil (or double click it) to edit it. Then click on the Mailbox Delegation item on the left border:

Mailbox delegation

In the Send As box, the [NT AUTHORITY\SELF] indicates it can send emails on behalf of itself (this doesn't exist for Groups). To allow another account to send emails FROM this address, click on the [+] and add the email account(s). If you want to remove one, click on the [-].

Then press [Save].

Authorization by User Name and Password

This is the most common approach where you login with an email address and password that is authorized to send emails for multiple email addresses using Mailbox Delegation. The basics are:

  • Connection Type: TLS
  • Server Name: smtp.office365.com
  • Port: 587 or 25
  • The account login name (email address) and password
    Your password may need to be an App Password.

Using smtp.office365.com with TLS
Setting SMTP Settings in Total Access Emailer

Relay Authorization by IP Address

If your Office 365 Exchange server is authorized for your IP address, use this protocol:

  • Connection Type: SMTP
  • Server Name: MyAccount.mail.protection.outlook.com
  • Port: 25
  • No login name or password

Microsoft Office 365 is increasing security over time and your email password may no longer be allowed for SMTP. This can happen with security settings such as requiring Multi-Factor Authentication (MFA) or organization policy changes.

Fortunately, Office 365 offers App Passwords that you can create for SMTP relay without disclosing your real password to the app.

  1. Visit https://myaccount.microsoft.com and log into your account.
  2.  Click Security info on the left menu:
    Microsoft MyAccount Security Info menu
  3. That opens the Security info screen showing your list of App Passwords and other security settings. Click [+ Add sign-in method] to open the form:
    Office365 Security Add App PasswordSelect App password and click Add.
  4. Enter a name to identify it, such as TA Emailer (the name is for you to remember it and is not used by Total Access Emailer) and click Next:
    Office365 SMTP App Password Name
  5. A screen appears with your App Password. Make sure to copy and save it because it is never shown again. This is the password you use in Total Access Emailer.
    Office365 SMTP App Password
  6. After you click Done, the App Password Name shows up in your list. If you forget the password, just delete it and create a new one.

Troubleshooting: SMTP Settings are not valid

SMTP Protocol Error 550 5.7.60 Client does not have permissions to send as this sender

Here's the description of this error from the Microsoft page:

This error indicates that the device is trying to send an email from an address that doesn’t match the logon credentials. An example would be if your entered login credentials for sales@contoso.com in your application settings but the application tries to send emails from salesperson1@contoso.com. If your application or printer behaves this way, use Office 365 SMTP relay because SMTP client submission does not support this scenario.

This could be due to your SMTP Server or the specific login does not allow relay (Mailbox Delegation). Make sure your login credentials allows relay.

Legacy Versions of Total Access Emailer Require a FROM address

This may fail also if you are running an older version of Total Access Emailer. If your SMTP Server is authorized by IP Address without a logon name, and a Temail.txt file was not created.

In these situations, Total Access Emailer tries to send a test email from its default taemailersample@fmsinc.com address. Your SMTP server may prevent this.

With Total Access Emailer 2021 and X.80 versions, it uses the FROM address from your most recently used email blast.

Alternatively, you can specify an email address with a Temail.txt file in the folder where Total Access Emailer is installed.

  1. Create an ASCII text file called Temail.txt containing the name of the email address you would like to use.
  2. Put the file in the folder where Total Access Emailer is installed (or the location of the Total Access Emailer runtime library). The location of the file depends on how you are running Total Access Emailer.

Total Access Emailer uses your email address for the Relay test. This must be a valid email address and Relay must be enabled on your mail server for this test to succeed.

The latest version uses another technique to validate your SMTP server without having to send an email, so upgrade to avoid this workaround.

SMTP protocol error. Could be caused by invalid or unnecessary user name and password. (Error 20162) 534 5.7.14
Error Message about protocol error 534.5.7.14. There may be other error numbers.

This may be caused by:

Invalid Logon

  1. The logon name (email address) and password are not valid. Make sure your values let you get into that email account. Maybe the password changed recently. Also make sure the SMTP mail server name is correct.
  2. Security settings prevent using your account password, and you need create a separate App Password.
  3. The logon name is not authorized to relay messages. Your logon credentials may be correct, but the email account is not authorized to relay messages through the SMTP server. For instance, for Gmail, you need to set your email account to Allow less secure apps (Setting Google Gmail as the SMTP Server for Total Access Emailer).

SMTP is Authorized by IP Address without a Logon

For older versions, if no logon name is provided because the SMTP settings are authorized by IP address and not an email address as mentioned in Relay Authorization by IP Address above, make sure you create a Temail.txt file containing a valid email address for your SMTP server. This is described in legacy section of the previous error.

This occurs while emails are being sent. It means the recipient (TO, Cc or Bcc address) is invalid. This occurs if the email address is on your SMTP server and does not exist (an internal email address).

This is usually a typo in the email address or an old email address for someone who is no longer active.

January 2022: Changes in Office 365 and Windows triggered this error.
This requires upgrading to TLS 1.3 which is in our latest versions:
Total Access Emailer 2022 for 365, 2021, and 2019, and versions X.8 for Total Access Emailer 2016, 2013, and 2010.

SMTP Protocol error 20162 TLS 1.0 and 1.1 are not supported

This error message may appear while sending emails from the Office365 SMTP server:

(Error 20162) SMTP protocol error. 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2.
Visit https://aka.ms/smtp_auth_tls.

This message implies Total Access Emailer does not support TLS 1.2. That is not correct. All versions of Total Access Emailer released after 2016 support TLS 1.2.

This message occurs when the email account used for TLS is not configured properly for Mailbox Delegation. The FROM address of your email cannot be sent by the email address used in the logon. It cannot send the email for any version of TLS with that FROM address.

Previously, the settings may have successfully sent your emails, but Microsoft is increasing the security on its SMTP servers over time. Your account may now need you to explicitly specify the Mailbox Delegation settings to send emails on behalf of other addresses.

Review the instructions above for configuring Mailbox Delegation so TLS can be used, or use the authorized IP address approach with SMTP and bypass TLS completely.

Read our blog post for more information on the issue, workaround and latest information: Total Access Emailer and Office 365 SMTP with TLS

Free Product Catalog from FMS