Skip to Content

SAP SMTP service with Office365 online exchange

Nowadays more companies are preferring online exchange servers which saves infrastructure & maintenance costs and as a SAP Netweaver Administrator we have to configure it in SAP system for sending emails. If your mailboxes are in Office365, then there are a few options available to setup in SAP and other third part applications : SMTP relay,or client SMTP submission, or Direct Send.

For SAP, we can use two options – 1.Client SMTP submission and 2. SMTP Relay.

Lets configure Office365 in SAP SMTP with ‘Client SMTP submission‘ option.

1. Make sure network connection is open from your SAP server to Office365 host and you are able to ping & telnet Office365 host.

2. Set ICM parameter in instance profile icm/server_port_1 : PROT=SMTP,PORT=0,TIMEOUT=120,PROCTIMEOUT=120,TLS=1, here PROT is protocol, with PORT option you can specify port for incoming connection, if it is 0 then no inbound connections for SMTP and TLS have different options, it depends on what you select in SCOT-

     0: A TLS prompt does not take place.

     1: The server prompts the client to encrypt using TLS. If this is not possible, the connection via SMTP is accepted without TLS.

     2: The client has to use TLS for encryption; otherwise, the connection is terminated.

ICM parameter.jpg

3. From SMICM transaction, restart ICM after setting up above parameter and also check ICM services, SMTP service should be active.

ICM SMTP service.jpg

4. From SICF transaction, activate SAPconnect service.

SICF.jpg

5. In SCOT transaction, select SMTP Nodes as shown below and from menu choose Nodes -> Create .

SCOT1.jpg

You will get new window to fill up SMTP node details –

Scot2.jpg

From Office365 you can find out the mail host and mail port details.

Login to your office365 account -> Setting button -> Options -> Mail -> Accounts -> POP and IMAP  -> Under SMTP Setting you will get required details.

Now click on Settings button in front of Security field, here select the TLS option as explained in point 2, make sure your ICM parameter is set accordingly.

Under Authentication, you need to provide valid office365 account email ID and password, <xxxxxx@yourdomain.com>. You have to use same email ID for SAP user with which you are going to send emails outside SAP.

/wp-content/uploads/2015/03/scot3_673985.jpg

On first screen under Supported Address Types -> Click on Internet (if you want to setup only email), in Address area you can restrict to which domain you want to send emails, with * option will allow to send emails to all domains without restriction.

/wp-content/uploads/2015/03/scot5_673986.jpg

Now set domain for SMTP, on SCOT screen choose from menu Settings -> Default Domain

/wp-content/uploads/2015/03/scot_domain_673987.jpg

6. Scheduling email send job- From Scot screen double click on Send Jobs. Click on Schedule Job button and select Job to be scheduled.

Send job.jpg

Provide details as Job Name, Period, User and Variant if you want to change default, click on Continue and save the job.

/wp-content/uploads/2015/03/sendjob2_673992.jpg

Done.!!

Now try sending email from SBWP and check status in SOST.

With older version of SAP(lower than 7.31 Support Package 6 and 7.21 kernel) where TLS functionality is not available, we can use other option of ‘SMTP Relay’. In that option, we have to setup IIS service as SMTP relay on local windows server and then use this server details in SCOT. Link is provided in references on how to do it.

References :

SAP Notes-

     1747180 – SMTP via TLS and SMTP authentication

     1724704 – SCOT: Settings for TLS and SMTP AUTH

     1702785 – Error diagnosis SMTP via TLS and SMTP authentication

Other links –

     How to Allow a Multi-function Device or Application to Send E-mail through Office 365 Using SMTP

     How to configure Internet Information Server (IIS) for relay with Office 365

22 Comments
You must be Logged on to comment or reply to a post.
  • Hello,

    We would like that all the emails our users send have their own email address as sender.
    Now all the emails we send have the sender that is specified in the SMTP AUTH instead of the user address email. Is it possible?

    Thanks and regards,

    Anna. 

  • Hello,

    After configurig SCOT to send emails using office 365, we have found that all the emails have the SMTP AUTH user as sender.

    Is it possible to send emails with the individual users email address and not the SMPT AUTH email address?

    Regards,
    Anna.

  • Dear All

    I am getting following error. Can someone help me to resolve this issue.

     

    No delivery to XXXXX@yahoo.com

    Message no. XS812

    Diagnosis

    The message was processed correctly in the SAP system. An error occurred in a subsequent system. The message was not delivered to the recipient XXXXX@yahoo.com.

    Information from external system (if available)

    smtp.office365.com:587

    554 5.2.0 STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to p

     

    Regards

    Tahir

      • Hi Raph

        The method described in this blog post only works when your end-users mail address equals the mail address used in the SCOT configuration for the connection to Office356. Thus it can give a false positive in terms of someone thinking this setup works properly but in fact it won’t work for any other given user-id’s e-mail address unless you give everyone in the system that specific e-mail address which is in my opinion something you shouldn’t do.

        The SAP system wants to send out the e-mail using the sender e-mail address of the user-id that creates the mail in the system as a sender. So it will use my personal user-id’s e-mail address if I generate an e-mail or send one from lets say my business workplace in SAP. That’s the behaviour you also want to have from a technical perspective so that the person who receives the mail knows from who’m the mail came.

        The problem is that the option 1 (in Microsoft’s documentation) SMTP authentication method is made for mobile devices for example, each user has his/her own authentication against office356. That’s not how SAP functions.

        So this method is really not suitable to be used as a generic technical configuration for sending mail via Office356 when you have many user-id’s and you want to send mails in their name when they process something in the system.

        Their are multiple solutions or alternatives but here are the two most viable if you would ask me:

        Option one

        Use option 3 in Microsoft’s documentation – Configure a SMTP relay – can be done without the connector option I’ve noticed
        https://docs.microsoft.com/nl-nl/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3#option-3-configure-a-connector-to-send-mail-using-office-365-smtp-relay

        This comes down to setting target server nessi-be.mail.protection.outlook.com on port 25 where in my case our domain is nessi.be so for “example.com” as office356 domain name it would then be example-com.mail.protection.outlook.com as target server

        The user-id (mailbox) user for the technical connection in SCOT configuration doesn’t have to have a specific license, a mailbox is sufficient in this configuration so any mailbox you have in your office 356 configuration (or you can create a new one) noreply@yourdomain.com for example and fill in it’s user/password.

        You would still need a mail flow connector though also on Office356 – Exchange configuration. This is not always accepted by IT admin staff and option two is preferable in the end really.

        I would also recommend to enforce TLS for security reasons.

        Option two

        Use a SMTP relay server (IIS can be used for this on a Windows server). Then configure SCOT against this SMTP relay server.
        I would also recommend to enforce TLS for security reasons.
        Best regards
        Tom
  • Hi

     

    We are getting the same error as well. Did you find the solution for this?

    I am wondering about this part:

    Under Authentication, you need to provide valid office365 account email ID and password, <xxxxxx@yourdomain.com>. You have to use same email ID for SAP user with which you are going to send emails outside SAP.

    It said, same email ID for SAP User, what if we all users in our SAP system will emails. Then we are getting the error “554 5.2.0 STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to p”

     

    Regards,

    Florence

    • Hi Florence

      The method described in this blog post only works when your end-users mail address equals the mail address used in the SCOT configuration for the connection to Office356. Thus it can give a false positive in terms of someone thinking this setup works properly but in fact it won’t work for any other given user-id’s e-mail address unless you give everyone in the system that specific e-mail address which is in my opinion something you shouldn’t do.

      The SAP system wants to send out the e-mail using the sender e-mail address of the user-id that creates the mail in the system as a sender. So it will use my personal user-id’s e-mail address if I generate an e-mail or send one from lets say my business workplace in SAP. That’s the behaviour you also want to have from a technical perspective so that the person who receives the mail knows from who’m the mail came.

      The problem is that the option 1 (in Microsoft’s documentation) SMTP authentication method is made for mobile devices for example, each user has his/her own authentication against office356. That’s not how SAP functions.

      So this method is really not suitable to be used as a generic technical configuration for sending mail via Office356 when you have many user-id’s and you want to send mails in their name when they process something in the system.

      Their are multiple solutions or alternatives but here are the two most viable if you would ask me:

      Option one

      Use option 3 in Microsoft’s documentation – Configure a SMTP relay – can be done without the connector option I’ve noticed
      https://docs.microsoft.com/nl-nl/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3#option-3-configure-a-connector-to-send-mail-using-office-365-smtp-relay

      This comes down to setting target server nessi-be.mail.protection.outlook.com on port 25 where in my case our domain is nessi.be so for “example.com” as office356 domain name it would then be example-com.mail.protection.outlook.com as target server

      The user-id (mailbox) user for the technical connection in SCOT configuration doesn’t have to have a specific license, a mailbox is sufficient in this configuration so any mailbox you have in your office 356 configuration (or you can create a new one) noreply@yourdomain.com for example and fill in it’s user/password.

      You would still need a mail flow connector though also on Office356 – Exchange configuration. This is not always accepted by IT admin staff and option two is preferable in the end really.

      I would also recommend to enforce TLS for security reasons.

      Option two

      Use a SMTP relay server (IIS can be used for this on a Windows server). Then configure SCOT against this SMTP relay server.
      I would also recommend to enforce TLS for security reasons.
      Best regards
      Tom