Configuring Outgoing mail Server in Office 365 as Relay Server

Principle of Operation

In this section, you will learn how to configure Office 365 to act like a relay server.

Why is it needed?

Odoo ERP is trying to operate as a relay server. Meaning that it is used as an intermediate layer to send emails from ANY mail address to ANY mail address. For example, after this mail configuration Odoo will be able to send emails from any email (for example somename@anydomain.com)

A little bit of clarification on why Odoo acts like this

Let’s imagine that you are getting an email from a potential lead to the address hello@company.com. Imagine that potential lead’s email address is john@example.com. Odoo ERP catches this email and creates a new Opportunity in the CRM Pipeline. And after Odoo creates it – it needs to send automatic emails to all followers, to inform everybody about the new Opportunity. As it is now implemented in Odoo ERP, the email will attempt to send FROM the email of the lead (e.g. john@example.com) and not from some generic email like erp@company.com. The reason why Odoo is doing it is to make sure that this email will be beautifully displayed as belonging to a real person and not to look like an automatic notification from ERP. And obviously when you respond to the person through Odoo CRM, your lead will also see that email is coming from realperson@company.com instead of some generic email erp@company.com. So the intention of Odoo is clear – they want to ensure all messages from ERP are personal and do not look like an automatic notification. But that gives additional headache relating to the mailing system configuration.

Configuring of a SMTP relay connector

The configuration of the outgoing mail server is based on the following documentation.

1. Login with your Global Admin user account to https://admin.microsoft.com and click on the “Admin centers -> Exchange” menu in the left panel

2.  In the Opened Window click on the section “Mail flow -> Connectors”

3. Click the “Add a connector” on the opened page to add a new connector.
4. On the first screen with mail flow scenario, select the following values and click “Next”

From = “Your organization’s email server”

To = “Office 365”

5. Give a name to the connector. E.g. “OdooMail”. All checkboxes should be checked (default behavior). And click Next

6. Select checkbox to verify allowed senders by IP address and add IP addresses of all your Odoo ERP instances. That is a type of whitelist. Office 365 will trust messages sent from those IP addresses as safe.

7. After clicking “Create Connector” you should get the following screen with an already created connector

Configuring of a Anti-spam thread policy

1. Go back to Admin center click on the “Admin centers -> Security” menu in the left panel.

2. In the Opened Window move by following path “Policies & rules -> Threat policies -> Anti-spam -> Connection filter policy (Default)” and click on “Edit connection filter policy”

3. Add to “Always allow messages from the following IP addresses or addresses range” field IP addresses of all your Odoo ERP instances and click on “Save”.

Configuring of a Domain DNS records

1. You need to make sure that your domain has required DNS records. For this go back to Admin center and move by following path: “Settings -> Domains -> Your Domain -> DNS records”

2. We are interested in MX and SPF records. Check that the MX record looks like following structure:

<subdomain(optional)>-<second level domain(SLD)>-<top level domain (TDL)>.mail.protection.outlook.com

Example: contoso-com.mail.protection.outlook.com (domain with replaced dots to dash before .mail.protection.outlook.com).

If the MX DNS record does not match with mentioned structures, you should add them by the Admin panel of your domain provider. 

3. Check that SPF record contain IP addresses of all your Odoo ERP instances and looks like following structure:

v=spf1 ip4:<your_ip> ip4:<your_other_ip(optional)>  include:spf.protection.outlook.com ~all

If the SPF DNS record does not match with mentioned structures, you should add them by the Admin panel of your domain provider. 

IMPORTANT!

If you are trying to integrate Office 365 emails with Amazon EC2, you will need to follow this article additionally. The reason why you need this – Amazon has additional protection to prevent spammers to send emails from their servers. So you have to explicitly request from them allowance to do that.

Configuring Catchall Email in Office 365

Principle of Operation

In this section, you will learn how to create a special mail address in Office 365 that will collect emails sent to unknown receivers (meaning no User exists in Office 365).

Why is it needed?

In Odoo ERP it is possible to configure multiple Sales Teams, Projects and etc. Any objects you want. For example, you may want to have a Sales Team with the name “Initial Processing Team”. That sales team should process leads that are received to the email address “hello@company.com”. Also, you may want to have separate Sales Teams which will be responsible for processing emails sent to addresses “asia-sales@company.com” and “europe-sales@company.com” or more. 

You may configure as many email addresses as you want and obviously those email addresses will not be real emails in your Office 365 Portal.

So to avoid lots of manipulations in the Office 365 Portal when you are adding something new in Odoo ERP (new project, new sales team and etc.), it is better to configure single email addresses that will be the only endpoint for all emails sent to nonexistent mailboxes. That way Odoo ERP can easily process them, and no emails will be lost.

Configuring of a Catchall mailbox user

1. Sign into https://admin.microsoft.com, go to menu “Users -> Active users” to see list of already created users

If you don’t have the user which will be used like Catchall mailbox, create it by clicking on the button “Add a user”.The name of the user you can write  like “ERP Notification” with email info@your-domain.com (recommended alias is ‘catchall’’ but you cat use any one except ‘bounce’, as example we use ‘info’). Note that Role of this user should be “User (no administrator access)” and Product License should have the status Exchange Online or higher.

If you have the user which will be used like Catch All mailbox, you need to make sure that it has required configuration.

2. First of all you should go to the “Licenses and apps” tab and make sure that the user’s  Product License has the status Exchange Online or higher.

3. After that you should go to the “Mail” tab and make sure that the user has permissions for connections by SMTP, IMAP and POP protocols.

Configuring of a Dynamic Distribution Group

1. Go to the menu “Admin Center -> Exchange -> Recipients -> Groups”, choose the “Dynamic Distribution list” tab and click “Add a group”.

4. Choose the “Dynamic distribution” point and click “Next”.

5. Now enter the following values in the fields and click “Next”:
   • Name = “Dynamic All Users” (you can use any you want)
   • Description = “Dynamic All Users” (you can use any you want)

6. Choose the following values in the fields and click “Next”:
   • Members = “Users with Exchange mailboxes” and “Mail-enabled groups”

7. Enter the following values in the fields and click “Next”:
   • Alias = “alldynamicusers” (you can use any you want)
   • Domain = the same domain like for Catchall mailbox

8. Confirm the group creation by clicking “Create group”

As result you can see the same as at examples below:

Configuring of a Mail Flow Rule

1. Go to the menu “Admin Center -> Exchange -> Mail flow -> Rules”. In this section we are going to create a special mail flow rule that will allow you to catch all emails to unknown email addresses and will forward them to info@your-domain.com, so Odoo ERP can process and analyze them. Click the “Add a rule” and choose the “Create a new rule”.

2. In opened form enter the following values in the fields and click “Next”:
   • Name = “Catchall for Odoo”
   • Apply this rule if = “Apply to all messages”
   • Do the following = Redirect the message to your Catchall user (here you can select email address created in earlier stages)
   • Except if = The recipient is located “NotInOrganization” OR The recipient is a Member of All Dynamic Users group (those rules are needed not to do anything with messages that are sent to external email addresses or that are sent to real users in your organization)

3. Then enter the following values in the fields and click “Next”:
   • Rule mode = “Enforce”
   • Severity = “High” (if any issues we want to debug this)
   • Stop Processing more rules = Selected

4. As a result, after saving your rule it will look like the screens below.

Configuring of a Internal Relay for Accepted Domain

1. Note that after executing the above, the process is not finished yet. Now if you try to send email to non-existent email addresses, Microsoft will bounce back this email to the user saying that “Such email address does not exist”. We need to switch off this feature of Microsoft on our domain (but later we will need to replicate it on Odoo side, but that is next steps). For now, we should go to the menu “Admin Center -> Exchange -> Mail flow -> Accepted domains” and find our domain

2. Now edit your domain and set its type to be an “Internal Relay” as shown on the image below

Configuring of a Azure App for connection to Catchall mailbox

1. To have the possibility to connect to the Catchall mailbox from Odoo it is needed to create an entrypoint with special permissions. To do this we should go to the menu “Admin Center -> Azure Active Directory admin center -> Azure Active Directory -> App registration” and click “New registration”.

2. Enter the following values in the fields and click “Register”:
   • Name = “OdooMail” (you can use any you want)
   • Supported account types = “Accounts in any organization directory and personal Microsoft accounts”
   • Redirect URI = “Web” and “https://your-domain.com/microsoft_outlook/confirm” (domain of your odoo instance, it can be not same as mail domain)

In the result we see a new app. Be sure to copy and save the “Application (client) ID”, it will be required in configuring of a connection to Catchall mailbox from Odoo. 

3. Then we should give the app special permissions. For this go to the “App permissions” and click “Add a permission”.

4. In the form go to the “Microsoft APIs” tab and click “Microsoft Graph”.

5. After that choose “Delegated permissions”, find and check “SMTP.Send”, “IMAP.AccessAsUser.All”, “IMAP.AccessAsUser.All” and then click “Add permissions”.

As a result we will see the same as in the example below.

6. Now we should create the app secret key. For this go to “Certificates & secrets”, choose the “Client secrets” tab and click “New client secrets”.

7. Enter the following values in the fields and click “Add”:
   • Description = “OdooMail” (you can use any you want)
   • Expiries = Choose any secret expires you want

As a result we will see the same as in the example below. Be sure to copy and save the “Value” of the created “Client secret”, it will be required in configuring of a connection to Catchall mailbox from Odoo. 

Note. If the domain of your odoo instance was changed you should update “Redirect URL” as shown below.