Exchange Online Relaying

Hey Guys,

how you are handling relaying with 365 EO? Until now we did use a Configuration described here: we had a Security Issue, a Spammer used the Network Range from EOP for Relaying Mails through our Firewall :( 

I did made a Test with a Demo Tenant und it took like 2 Minutes to use Routed Sophos Firewalls with an EO Connector...

Our Sophos Support (Distribution) told us we shoud create a Feature Request which seems crazy. I made a lot of research and I cannot find a way creating an authentificated Relay with EO. I assume the only possibility would be handling this with Headers but is there a possibility with a SG or XG?

I think many Partners are not aware of this issue and it seems also crazy that there is no Warning at this Knowledge Base Article..





  • Hi There,

    Please post your question in XG Firewall group. Or subscribe to that group and I'll move this post there.

  • In reply to Jaydeep:

    Thanks, just subscribed , could you please move this Post.



  • In reply to JonasAgius:

    SG/XG uses the Host based Relay principle to decide, which sender host is allowed to use the SG/XG as a relay. 

    If you are using a XG/SG with a public IP (like O365), SG/XG could actually be used to send mails without verification of the Sender. 

    If the sender is able to use authentication, SG/XG cannot verify, if he is allowed to relay, therefore the email will be dropped. 

    There are couple of feature requests already open in the page. 


    The best approach to a Office365 / exchange online customer would be to use Central Email. Central Email has a direct integration to both platforms to implement this solution natively.