SMTP Relay Configuration to Send Emails from Total Access Emailer with Office 365

Total Access Emailer uses SMTP to send your emails from Microsoft Access. That requires you to have an SMTP email server that allows you to send emails from the FROM addresses you specify.

There are many SMTP server providers including your internal Exchange Server and public providers like Gmail, Office 365, and services from ISPs.

With Office 365, Microsoft hosts Outlook and your emails in the cloud eliminating the complexity of hosting and managing your own Exchange server. As part of the service, Office 365 includes an SMTP server that lets you send emails without using Outlook. This lets programs like Total Access Emailer send emails on your behalf.

Email from Any Email Address Based on IP Address

The Office 365 Exchange Server can be configured to allow SMTP Relay for specific IP addresses. This eliminates the need for a specific user name and password login.

For a fixed location like an office or web site, a specific IP address or set of IP addresses can be allowed to use the SMTP server. Once configured, you can send emails on behalf of all the email addresses in your account without setting delegation rules.

This lets you use the SMTP protocol with SMTP server name MyAccount.mail.protection.outlook.com.

Assuming your Office 365 account is configured, you can connect to the smtp.office365.com server with your email address and password, then email messages using your FROM address.

If you want to send emails using other email address as the FROM address (e.g. accounting@MyDomain.com, sales@MyDomain.com, etc.), those email accounts must allow the Logon Name to send messages on its behalf. This is called Mailbox Delegation.

Go to the Exchange Administrator site

From Office 365, with an administrator login, go to the Exchange Admin Center by choosing Admin from the drop down menu in the top left corner:

Office 365 Admin menu

Scroll down the left border and under Admin Centers, choose Exchange:

Office 365 Admin Center, Exchange


From the Exchange Admin Center, choose Recipients from the left border:

Exchange Administrator Center, Recipient menu

A list of mailboxes appears on the right pane. Individual email accounts appear under Mailboxes. Groups and distribution lists appear under Groups:

Exchange Mailboxes

Specify which Accounts can Send Emails for it

Select a mailbox that you want to allow another login to email on its behalf, and click the pencil (or double click it) to edit it. Then click on the Mailbox Delegation item on the left border:

Mailbox delegation

In the Send As box, the [NT AUTHORITY\SELF] indicates it can send emails on behalf of itself (this doesn't exist for Groups). To allow another account to send emails FROM this address, click on the [+] and add the email account(s). If you want to remove one, click on the [-].

Then press [Save].

Authorization by User Name and Password

This is the most common approach where you login with an email address and password that is authorized to send emails for multiple email addresses using Mailbox Delegation. The basics are:

  • Connection Type: TLS
  • Server Name: smtp.office365.com
  • Port: 587 or 25
  • The account login name (email address) and password

Using smtp.office365.com with TLS
Setting SMTP Settings in Total Access Emailer

Relay Authorization by IP Address

If your Office 365 Exchange server is authorized for your IP address, use this protocol:

  • Connection Type: SMTP
  • Server Name: MyAccount.mail.protection.outlook.com
  • Port: 25
  • No login name or password

Troubleshooting: SMTP Settings are not valid

SMTP protocol error. Could be caused by invalid or unnecessary user name and password. (Error 20162) 534 5.7.14
Error Message about protocol error 534.5.7.14. There may be other error numbers.

This may be caused by:

SMTP is Authorized by IP Address without a Logon

If no logon name is provided because the SMTP settings are authorized by IP address and not an email address as mentioned in Relay Authorization by IP Address above, make sure you created a Temail.txt file containing a valid email address for your SMTP server as mentioned in that section.

Invalid Logon

  1. The logon name (email address) and password are not valid. Make sure your values let you get into that email account. Maybe the password changed recently. Also make sure the SMTP mail server name is correct.
  2. The logon name is not authorized to relay messages. Your logon credentials may be correct, but the email account is not authorized to relay messages through the SMTP server. For instance, for Gmail, you need to set your email account to Allow less secure apps (Setting Google Gmail as the SMTP Server for Total Access Emailer).

This occurs while emails are being sent. It means the recipient (TO, Cc or Bcc address) is invalid. This occurs if the email address is on your SMTP server and does not exist (an internal email address).

This is usually a typo in the email address or an old email address for someone who is no longer active.

January 2022: Changes in Office 365 and Windows triggered this error.
This requires upgrading to TLS 1.3 which is in our latest versions:
Total Access Emailer 2022 for 365, 2021, and 2019, and versions X.8 for Total Access Emailer 2016, 2013, and 2010.

SMTP Protocol error 20162 TLS 1.0 and 1.1 are not supported

This error message may appear while sending emails from the Office365 SMTP server:

(Error 20162) SMTP protocol error. 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2.
Visit https://aka.ms/smtp_auth_tls.

This message implies Total Access Emailer does not support TLS 1.2. That is not correct. All versions of Total Access Emailer released after 2016 support TLS 1.2.

This message occurs when the email account used for TLS is not configured properly for Mailbox Delegation. The FROM address of your email cannot be sent by the email address used in the logon. It cannot send the email for any version of TLS with that FROM address.

Previously, the settings may have successfully sent your emails, but Microsoft is increasing the security on its SMTP servers over time. Your account may now need you to explicitly specify the Mailbox Delegation settings to send emails on behalf of other addresses.

Review the instructions above for configuring Mailbox Delegation so TLS can be used, or use the authorized IP address approach with SMTP and bypass TLS completely.

Read our blog post for more information on the issue, workaround and latest information: Total Access Emailer and Office 365 SMTP with TLS

SMTP Protocol Error 550 5.7.60 Client does not have permissions to send as this sender

Here's the description of this error from the Microsoft page:

This error indicates that the device is trying to send an email from an address that doesn’t match the logon credentials. An example would be if your entered login credentials for sales@contoso.com in your application settings but the application tries to send emails from salesperson1@contoso.com. If your application or printer behaves this way, use Office 365 SMTP relay because SMTP client submission does not support this scenario.

This could be due to your SMTP Server or the specific login does not allow relay (Mailbox Delegation). Make sure your login credentials allows relay.

Legacy Versions of Total Access Emailer Require a FROM address

This may fail also if you are running an older version of Total Access Emailer. If your SMTP Server is authorized by IP Address without a logon name, and a Temail.txt file was not created.

In these situations, Total Access Emailer tries to send a test email from its default taemailersample@fmsinc.com address. Your SMTP server may prevent this.

With Total Access Emailer 2021 and X.80 versions, it uses the FROM address from your most recently used email blast.

Alternatively, you can specify an email address with a Temail.txt file in the folder where Total Access Emailer is installed.

  1. Create an ASCII text file called Temail.txt containing the name of the email address you would like to use.
  2. Put the file in the folder where Total Access Emailer is installed (or the location of the Total Access Emailer runtime library). The location of the file depends on how you are running Total Access Emailer.

Total Access Emailer uses your email address for the Relay test. This must be a valid email address and Relay must be enabled on your mail server for this test to succeed.

The latest version uses another technique to validate your SMTP server without having to send an email.

Free Product Catalog from FMS