SAP SMTP service with Office365 online exchange
Nowadays more companies are preferring online exchange servers which saves infrastructure & maintenance costs and as a SAP Netweaver Administrator we have to configure it in SAP system for sending emails. If your mailboxes are in Office365, then there are a few options available to setup in SAP and other third part applications : SMTP relay,or client SMTP submission, or Direct Send.
For SAP, we can use two options – 1.Client SMTP submission and 2. SMTP Relay.
Lets configure Office365 in SAP SMTP with ‘Client SMTP submission‘ option.
1. Make sure network connection is open from your SAP server to Office365 host and you are able to ping & telnet Office365 host.
2. Set ICM parameter in instance profile icm/server_port_1 : PROT=SMTP,PORT=0,TIMEOUT=120,PROCTIMEOUT=120,TLS=1, here PROT is protocol, with PORT option you can specify port for incoming connection, if it is 0 then no inbound connections for SMTP and TLS have different options, it depends on what you select in SCOT-
0: A TLS prompt does not take place.
1: The server prompts the client to encrypt using TLS. If this is not possible, the connection via SMTP is accepted without TLS.
2: The client has to use TLS for encryption; otherwise, the connection is terminated.
3. From SMICM transaction, restart ICM after setting up above parameter and also check ICM services, SMTP service should be active.
4. From SICF transaction, activate SAPconnect service.
5. In SCOT transaction, select SMTP Nodes as shown below and from menu choose Nodes -> Create .
You will get new window to fill up SMTP node details –
From Office365 you can find out the mail host and mail port details.
Login to your office365 account -> Setting button -> Options -> Mail -> Accounts -> POP and IMAP -> Under SMTP Setting you will get required details.
Now click on Settings button in front of Security field, here select the TLS option as explained in point 2, make sure your ICM parameter is set accordingly.
Under Authentication, you need to provide valid office365 account email ID and password, <xxxxxx@yourdomain.com>. You have to use same email ID for SAP user with which you are going to send emails outside SAP.
On first screen under Supported Address Types -> Click on Internet (if you want to setup only email), in Address area you can restrict to which domain you want to send emails, with * option will allow to send emails to all domains without restriction.
Now set domain for SMTP, on SCOT screen choose from menu Settings -> Default Domain
6. Scheduling email send job- From Scot screen double click on Send Jobs. Click on Schedule Job button and select Job to be scheduled.
Provide details as Job Name, Period, User and Variant if you want to change default, click on Continue and save the job.
Done.!!
Now try sending email from SBWP and check status in SOST.
With older version of SAP(lower than 7.31 Support Package 6 and 7.21 kernel) where TLS functionality is not available, we can use other option of ‘SMTP Relay’. In that option, we have to setup IIS service as SMTP relay on local windows server and then use this server details in SCOT. Link is provided in references on how to do it.
References :
SAP Notes-
1747180 – SMTP via TLS and SMTP authentication
1724704 – SCOT: Settings for TLS and SMTP AUTH
1702785 – Error diagnosis SMTP via TLS and SMTP authentication
Other links –
How to Allow a Multi-function Device or Application to Send E-mail through Office 365 Using SMTP
How to configure Internet Information Server (IIS) for relay with Office 365
Excelent post Ashish Kasat!
I have a question, what happend if I need to configure 2 differents mails with this configuration? for example:
I have donotreply@domain.com to user1 and reply@domain.com to user2. I want the receiver see reply@domain.com if the user2 send a mail.
Is it posible?
Thank you Carlos.
I tried with provided scenario but I get an error Message No. XS812 (Client does not have permissions to send as this sender) while sending email through user2 with different email id for example - reply@mydomain.com.
Once I changed email id for user2 to which we have provided in scot setting, email started flowing in system.
There should be some option available for this scenario, will search on it.
Hi Ashish,
I found a solution that is using a local smtp relay server. I haven't test it, because I have port 587 closed but maybe this is the way.
I followed these links to configure SMTP server.
How to configure Internet Information Server (IIS) for relay with Office 365: Exchange Online Help
Setup Windows Server 2008 SMTP Relay for Office 365 - Configure Office 365Configure Office 365
I'll comment when I test it.
Regards!
Yes that also works.!! For that you need to use port 25 in SCOT setting, refer table provided in below KBA-
How to set up a multi-function device or application to send email using Office 365: Exchange Online Help
For using Online exchange server in Solman we have to use same method.
Hi Asish,
If you want to send emails with user2 you have to grant the "Send as" permission to user1(donotreplay@domain.com) in the user2's mailbox (reply@domain.com)
Kind regards.
Thank you, I tried this it also works.
Hi Francisco.
I can't find this option in user2’s mailbox (reply@domain.com) I mean office365 mailbox.
Regards.
Ashish,
do you know some about using office 365 SMTP with TLS on Netweaver Java (>=7.31)?
Thanks
Hello,
Sorry, I do not have any Java system >=NW7.3 to test this. Kindly check below help.sap
link it has good information on same.
Configuring Mail, Notification Messages, and Forms Services - Configuring Business Process Management - SAP Library
Regards,
Ashish
Hello,
We would like that all the emails our users send have their own email address as sender.
Now all the emails we send have the sender that is specified in the SMTP AUTH instead of the user address email. Is it possible?
Thanks and regards,
Anna.
Hello,
After configurig SCOT to send emails using office 365, we have found that all the emails have the SMTP AUTH user as sender.
Is it possible to send emails with the individual users email address and not the SMPT AUTH email address?
Regards,
Anna.
Hello Anna,
It is possible, If you want to send emails with user2 you have to grant the “Send as” permission to user1(donotreplay@domain.com) in the user2’s office365 mailbox (reply@domain.com) .
Regards,
Ashish
Hello, is it possible to set up such configuration using Outlook.com server? They are reside on Office 365 servers now.
Hello everyone, did somebody know how to configure SAP B1 HANA SMTP with office 365 ?
Very useful. Thank you (y).
Dear All
I am getting following error. Can someone help me to resolve this issue.
No delivery to XXXXX@yahoo.com
Message no. XS812
Diagnosis
The message was processed correctly in the SAP system. An error occurred in a subsequent system. The message was not delivered to the recipient XXXXX@yahoo.com.
Information from external system (if available)
smtp.office365.com:587
554 5.2.0 STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to p
Regards
Tahir
Hi Hamdan,
I am having the same error. Did you resolve this error?
Thank you,
Raph
Hi Raph
The method described in this blog post only works when your end-users mail address equals the mail address used in the SCOT configuration for the connection to Office356. Thus it can give a false positive in terms of someone thinking this setup works properly but in fact it won’t work for any other given user-id’s e-mail address unless you give everyone in the system that specific e-mail address which is in my opinion something you shouldn’t do.
The SAP system wants to send out the e-mail using the sender e-mail address of the user-id that creates the mail in the system as a sender. So it will use my personal user-id’s e-mail address if I generate an e-mail or send one from lets say my business workplace in SAP. That’s the behaviour you also want to have from a technical perspective so that the person who receives the mail knows from who’m the mail came.
The problem is that the option 1 (in Microsoft’s documentation) SMTP authentication method is made for mobile devices for example, each user has his/her own authentication against office356. That’s not how SAP functions.
So this method is really not suitable to be used as a generic technical configuration for sending mail via Office356 when you have many user-id’s and you want to send mails in their name when they process something in the system.
Their are multiple solutions or alternatives but here are the two most viable if you would ask me:
Option one
Use option 3 in Microsoft’s documentation – Configure a SMTP relay – can be done without the connector option I’ve noticed
https://docs.microsoft.com/nl-nl/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3#option-3-configure-a-connector-to-send-mail-using-office-365-smtp-relay
This comes down to setting target server nessi-be.mail.protection.outlook.com on port 25 where in my case our domain is nessi.be so for “example.com” as office356 domain name it would then be example-com.mail.protection.outlook.com as target server
The user-id (mailbox) user for the technical connection in SCOT configuration doesn’t have to have a specific license, a mailbox is sufficient in this configuration so any mailbox you have in your office 356 configuration (or you can create a new one) noreply@yourdomain.com for example and fill in it’s user/password.
You would still need a mail flow connector though also on Office356 - Exchange configuration. This is not always accepted by IT admin staff and option two is preferable in the end really.
I would also recommend to enforce TLS for security reasons.
Option two
Hi
We are getting the same error as well. Did you find the solution for this?
I am wondering about this part:
Under Authentication, you need to provide valid office365 account email ID and password, <xxxxxx@yourdomain.com>. You have to use same email ID for SAP user with which you are going to send emails outside SAP.
It said, same email ID for SAP User, what if we all users in our SAP system will emails. Then we are getting the error "554 5.2.0 STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to p"
Regards,
Florence
Hi Florence
The method described in this blog post only works when your end-users mail address equals the mail address used in the SCOT configuration for the connection to Office356. Thus it can give a false positive in terms of someone thinking this setup works properly but in fact it won’t work for any other given user-id’s e-mail address unless you give everyone in the system that specific e-mail address which is in my opinion something you shouldn’t do.
The SAP system wants to send out the e-mail using the sender e-mail address of the user-id that creates the mail in the system as a sender. So it will use my personal user-id’s e-mail address if I generate an e-mail or send one from lets say my business workplace in SAP. That’s the behaviour you also want to have from a technical perspective so that the person who receives the mail knows from who’m the mail came.
The problem is that the option 1 (in Microsoft’s documentation) SMTP authentication method is made for mobile devices for example, each user has his/her own authentication against office356. That’s not how SAP functions.
So this method is really not suitable to be used as a generic technical configuration for sending mail via Office356 when you have many user-id’s and you want to send mails in their name when they process something in the system.
Their are multiple solutions or alternatives but here are the two most viable if you would ask me:
Option one
Use option 3 in Microsoft’s documentation – Configure a SMTP relay – can be done without the connector option I’ve noticed
https://docs.microsoft.com/nl-nl/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3#option-3-configure-a-connector-to-send-mail-using-office-365-smtp-relay
This comes down to setting target server nessi-be.mail.protection.outlook.com on port 25 where in my case our domain is nessi.be so for “example.com” as office356 domain name it would then be example-com.mail.protection.outlook.com as target server
The user-id (mailbox) user for the technical connection in SCOT configuration doesn’t have to have a specific license, a mailbox is sufficient in this configuration so any mailbox you have in your office 356 configuration (or you can create a new one) noreply@yourdomain.com for example and fill in it’s user/password.
You would still need a mail flow connector though also on Office356 - Exchange configuration. This is not always accepted by IT admin staff and option two is preferable in the end really.
I would also recommend to enforce TLS for security reasons.
Option two
Hello,
By using this option, will the mails sent from SAP be also visible in "sent" items of O365 mailbox.?
Thanks,
HI Ashish
Nice writeup above, i have one query , can i pass expiry date for outlook mails generated from SAP ..
https://answers.sap.com/questions/13079293/sap-smtp-integration-with-ms-outlook-and-email-exp.html
i have asked this question in community also.
What about Inbound? Say, if I want to receive an e-Mail from Internet on SAPs Internal SMTP Server (using dummy@outlook.com) which is Office 365 account, Possible and/or what are the steps?
I'm able to send mails from SAP System but couldn't receive any. via Telnet, I can see the mails in SAPs Inbox (SOIN) but from my outlook or GMail, I cannot.
Any hint would be appreciable?
KR,
~ Mahendra
Find the official docs on Azure docs for SAP.
Ashish Kasat could you update your references?
KR
Martin
needs to reflect Oauth 2.0 requirements defined by MS
Any update on this for Inbound to SolMan with Exchange Online?