Skip to Content
Author's profile photo Ashish Kasat

SAP SMTP service with Office365 online exchange

Nowadays more companies are preferring online exchange servers which saves infrastructure & maintenance costs and as a SAP Netweaver Administrator we have to configure it in SAP system for sending emails. If your mailboxes are in Office365, then there are a few options available to setup in SAP and other third part applications : SMTP relay,or client SMTP submission, or Direct Send.

For SAP, we can use two options – 1.Client SMTP submission and 2. SMTP Relay.

Lets configure Office365 in SAP SMTP with ‘Client SMTP submission‘ option.

1. Make sure network connection is open from your SAP server to Office365 host and you are able to ping & telnet Office365 host.

2. Set ICM parameter in instance profile icm/server_port_1 : PROT=SMTP,PORT=0,TIMEOUT=120,PROCTIMEOUT=120,TLS=1, here PROT is protocol, with PORT option you can specify port for incoming connection, if it is 0 then no inbound connections for SMTP and TLS have different options, it depends on what you select in SCOT-

     0: A TLS prompt does not take place.

     1: The server prompts the client to encrypt using TLS. If this is not possible, the connection via SMTP is accepted without TLS.

     2: The client has to use TLS for encryption; otherwise, the connection is terminated.

ICM parameter.jpg

3. From SMICM transaction, restart ICM after setting up above parameter and also check ICM services, SMTP service should be active.

ICM SMTP service.jpg

4. From SICF transaction, activate SAPconnect service.

SICF.jpg

5. In SCOT transaction, select SMTP Nodes as shown below and from menu choose Nodes -> Create .

SCOT1.jpg

You will get new window to fill up SMTP node details –

Scot2.jpg

From Office365 you can find out the mail host and mail port details.

Login to your office365 account -> Setting button -> Options -> Mail -> Accounts -> POP and IMAP  -> Under SMTP Setting you will get required details.

Now click on Settings button in front of Security field, here select the TLS option as explained in point 2, make sure your ICM parameter is set accordingly.

Under Authentication, you need to provide valid office365 account email ID and password, <xxxxxx@yourdomain.com>. You have to use same email ID for SAP user with which you are going to send emails outside SAP.

/wp-content/uploads/2015/03/scot3_673985.jpg

On first screen under Supported Address Types -> Click on Internet (if you want to setup only email), in Address area you can restrict to which domain you want to send emails, with * option will allow to send emails to all domains without restriction.

/wp-content/uploads/2015/03/scot5_673986.jpg

Now set domain for SMTP, on SCOT screen choose from menu Settings -> Default Domain

/wp-content/uploads/2015/03/scot_domain_673987.jpg

6. Scheduling email send job- From Scot screen double click on Send Jobs. Click on Schedule Job button and select Job to be scheduled.

Send job.jpg

Provide details as Job Name, Period, User and Variant if you want to change default, click on Continue and save the job.

/wp-content/uploads/2015/03/sendjob2_673992.jpg

Done.!!

Now try sending email from SBWP and check status in SOST.

With older version of SAP(lower than 7.31 Support Package 6 and 7.21 kernel) where TLS functionality is not available, we can use other option of ‘SMTP Relay’. In that option, we have to setup IIS service as SMTP relay on local windows server and then use this server details in SCOT. Link is provided in references on how to do it.

References :

SAP Notes-

     1747180 – SMTP via TLS and SMTP authentication

     1724704 – SCOT: Settings for TLS and SMTP AUTH

     1702785 – Error diagnosis SMTP via TLS and SMTP authentication

Other links –

     How to Allow a Multi-function Device or Application to Send E-mail through Office 365 Using SMTP

     How to configure Internet Information Server (IIS) for relay with Office 365

Assigned tags

      22 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Excelent post Ashish Kasat!

      I have a question, what happend if I need to configure 2 differents mails with this configuration? for example:

      I have donotreply@domain.com to user1 and reply@domain.com to user2. I want the receiver see reply@domain.com if the user2 send a mail.

      Is it posible?

      Author's profile photo Ashish Kasat
      Ashish Kasat
      Blog Post Author

      Thank you Carlos.

      I tried with provided scenario but I get an error Message No. XS812 (Client does not have permissions to send as this sender) while sending email through user2 with different email id for example - reply@mydomain.com.


      Once I changed email id for user2 to which we have provided in scot setting, email started flowing in system.

      There should be some option available for this scenario, will search on it.

      Author's profile photo Former Member
      Former Member

      Hi Ashish,

      I found a solution that is using a local smtp relay server. I haven't test it, because I have port 587 closed but maybe this is the way.

      I followed these links to configure SMTP server.

      How to configure Internet Information Server (IIS) for relay with Office 365: Exchange Online Help

      Setup Windows Server 2008 SMTP Relay for Office 365 - Configure Office 365Configure Office 365

      I'll comment when I test it.

      Regards!

      Author's profile photo Ashish Kasat
      Ashish Kasat
      Blog Post Author

      Yes that also works.!! For that you need to use port 25 in SCOT setting, refer table provided in below KBA-

      How to set up a multi-function device or application to send email using Office 365: Exchange Online Help

      For using Online exchange server in Solman we have to use same method.

      Author's profile photo Former Member
      Former Member

      Hi Asish,

      If you want to send emails with user2 you have to grant the "Send as" permission to user1(donotreplay@domain.com) in the user2's mailbox (reply@domain.com)

      Kind regards.

      Author's profile photo Ashish Kasat
      Ashish Kasat
      Blog Post Author

      Thank you, I tried this it also works.

      Author's profile photo Jorge Velásquez
      Jorge Velásquez

      Hi Francisco.

       

      I can't find this option in user2’s mailbox (reply@domain.com) I mean office365 mailbox.

       

      Regards.

      Author's profile photo Former Member
      Former Member

      Ashish,

      do you know some about using office 365 SMTP  with TLS on Netweaver Java (>=7.31)?

      Thanks

      Author's profile photo Ashish Kasat
      Ashish Kasat
      Blog Post Author

      Hello,

      Sorry, I do not have any Java system >=NW7.3 to test this. Kindly check below help.sap

      link it has good information on same.

      Configuring Mail, Notification Messages, and Forms Services - Configuring Business Process Management - SAP Library

      Regards,

      Ashish

      Author's profile photo Former Member
      Former Member

      Hello,

      We would like that all the emails our users send have their own email address as sender.
      Now all the emails we send have the sender that is specified in the SMTP AUTH instead of the user address email. Is it possible?

      Thanks and regards,

      Anna. 

      Author's profile photo Former Member
      Former Member

      Hello,

      After configurig SCOT to send emails using office 365, we have found that all the emails have the SMTP AUTH user as sender.

      Is it possible to send emails with the individual users email address and not the SMPT AUTH email address?

      Regards,
      Anna.

      Author's profile photo Ashish Kasat
      Ashish Kasat
      Blog Post Author

      Hello Anna,

      It is possible, If you want to send emails with user2 you have to grant the “Send as” permission to user1(donotreplay@domain.com) in the user2’s office365 mailbox (reply@domain.com) .

      Regards,
      Ashish

      Author's profile photo Pavel Astashonok
      Pavel Astashonok

      Hello, is it possible to set up such configuration using Outlook.com server? They are reside on Office 365 servers now.

      Author's profile photo John Helling
      John Helling

      Hello everyone, did somebody know how to configure SAP B1 HANA SMTP with office 365 ?

      Author's profile photo Former Member
      Former Member

      Very useful. Thank you (y).

       

      Author's profile photo Hamdan Khalid
      Hamdan Khalid

      Dear All

      I am getting following error. Can someone help me to resolve this issue.

       

      No delivery to XXXXX@yahoo.com

      Message no. XS812

      Diagnosis

      The message was processed correctly in the SAP system. An error occurred in a subsequent system. The message was not delivered to the recipient XXXXX@yahoo.com.

      Information from external system (if available)

      smtp.office365.com:587

      554 5.2.0 STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to p

       

      Regards

      Tahir

      Author's profile photo Raph Dumape
      Raph Dumape

      Hi Hamdan,

       

      I am having the same error. Did you resolve this error?

       

      Thank you,

      Raph

      Author's profile photo Tom Cenens
      Tom Cenens

      Hi Raph

      The method described in this blog post only works when your end-users mail address equals the mail address used in the SCOT configuration for the connection to Office356. Thus it can give a false positive in terms of someone thinking this setup works properly but in fact it won’t work for any other given user-id’s e-mail address unless you give everyone in the system that specific e-mail address which is in my opinion something you shouldn’t do.

      The SAP system wants to send out the e-mail using the sender e-mail address of the user-id that creates the mail in the system as a sender. So it will use my personal user-id’s e-mail address if I generate an e-mail or send one from lets say my business workplace in SAP. That’s the behaviour you also want to have from a technical perspective so that the person who receives the mail knows from who’m the mail came.

      The problem is that the option 1 (in Microsoft’s documentation) SMTP authentication method is made for mobile devices for example, each user has his/her own authentication against office356. That’s not how SAP functions.

      So this method is really not suitable to be used as a generic technical configuration for sending mail via Office356 when you have many user-id’s and you want to send mails in their name when they process something in the system.

      Their are multiple solutions or alternatives but here are the two most viable if you would ask me:

      Option one

      Use option 3 in Microsoft’s documentation – Configure a SMTP relay – can be done without the connector option I’ve noticed
      https://docs.microsoft.com/nl-nl/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3#option-3-configure-a-connector-to-send-mail-using-office-365-smtp-relay

      This comes down to setting target server nessi-be.mail.protection.outlook.com on port 25 where in my case our domain is nessi.be so for “example.com” as office356 domain name it would then be example-com.mail.protection.outlook.com as target server

      The user-id (mailbox) user for the technical connection in SCOT configuration doesn’t have to have a specific license, a mailbox is sufficient in this configuration so any mailbox you have in your office 356 configuration (or you can create a new one) noreply@yourdomain.com for example and fill in it’s user/password.

      You would still need a mail flow connector though also on Office356 - Exchange configuration. This is not always accepted by IT admin staff and option two is preferable in the end really.

      I would also recommend to enforce TLS for security reasons.

      Option two

      Use a SMTP relay server (IIS can be used for this on a Windows server). Then configure SCOT against this SMTP relay server.
      I would also recommend to enforce TLS for security reasons.
      Best regards
      Tom
      Author's profile photo Florence Mae Guzon
      Florence Mae Guzon

      Hi

       

      We are getting the same error as well. Did you find the solution for this?

      I am wondering about this part:

      Under Authentication, you need to provide valid office365 account email ID and password, <xxxxxx@yourdomain.com>. You have to use same email ID for SAP user with which you are going to send emails outside SAP.

      It said, same email ID for SAP User, what if we all users in our SAP system will emails. Then we are getting the error "554 5.2.0 STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to p"

       

      Regards,

      Florence

      Author's profile photo Tom Cenens
      Tom Cenens

      Hi Florence

      The method described in this blog post only works when your end-users mail address equals the mail address used in the SCOT configuration for the connection to Office356. Thus it can give a false positive in terms of someone thinking this setup works properly but in fact it won’t work for any other given user-id’s e-mail address unless you give everyone in the system that specific e-mail address which is in my opinion something you shouldn’t do.

      The SAP system wants to send out the e-mail using the sender e-mail address of the user-id that creates the mail in the system as a sender. So it will use my personal user-id’s e-mail address if I generate an e-mail or send one from lets say my business workplace in SAP. That’s the behaviour you also want to have from a technical perspective so that the person who receives the mail knows from who’m the mail came.

      The problem is that the option 1 (in Microsoft’s documentation) SMTP authentication method is made for mobile devices for example, each user has his/her own authentication against office356. That’s not how SAP functions.

      So this method is really not suitable to be used as a generic technical configuration for sending mail via Office356 when you have many user-id’s and you want to send mails in their name when they process something in the system.

      Their are multiple solutions or alternatives but here are the two most viable if you would ask me:

      Option one

      Use option 3 in Microsoft’s documentation – Configure a SMTP relay – can be done without the connector option I’ve noticed
      https://docs.microsoft.com/nl-nl/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3#option-3-configure-a-connector-to-send-mail-using-office-365-smtp-relay

      This comes down to setting target server nessi-be.mail.protection.outlook.com on port 25 where in my case our domain is nessi.be so for “example.com” as office356 domain name it would then be example-com.mail.protection.outlook.com as target server

      The user-id (mailbox) user for the technical connection in SCOT configuration doesn’t have to have a specific license, a mailbox is sufficient in this configuration so any mailbox you have in your office 356 configuration (or you can create a new one) noreply@yourdomain.com for example and fill in it’s user/password.

      You would still need a mail flow connector though also on Office356 - Exchange configuration. This is not always accepted by IT admin staff and option two is preferable in the end really.

      I would also recommend to enforce TLS for security reasons.

      Option two

      Use a SMTP relay server (IIS can be used for this on a Windows server). Then configure SCOT against this SMTP relay server.
      I would also recommend to enforce TLS for security reasons.
      Best regards
      Tom

       

      Author's profile photo Karthik Arvind
      Karthik Arvind

      Hello,

      By using this option, will the mails sent from SAP be also visible in "sent" items of O365 mailbox.?

       

      Thanks,

       

      Author's profile photo Kuldeep Kataria
      Kuldeep Kataria

      HI Ashish

      Nice writeup above, i have one query , can i pass expiry date for outlook mails generated from SAP ..

      https://answers.sap.com/questions/13079293/sap-smtp-integration-with-ms-outlook-and-email-exp.html

       

      i have asked this question in community also.