locked
"Only Senders Inside My Organization" settings with DG and allow mails from applications RRS feed

  • Question

  • Hi

    We enabled the option "Only Senders Inside My Organization" with many DGs. Many of our applications are running in cloud and they are sending mails using internal smtp domain name (for eg: app-alert@mydomain.com) without authentication and we are not receiving those mails. But once we enable "Senders Inside and Outside My Organization", we are receiving mails from those applications. So is there any workaround to receive mails from those apps without changing the option?

    Thanks in advance


    LMS

    Monday, June 4, 2018 11:54 AM

Answers

  • Hi LMSU,

    The working mechanism of this setting is just checking whether this sender is an internal users, if not, this mail will be blocked. So if this DG want to receive mails from external, you should enable this setting on it. 

    This is may be a work around for you:

    1. Enable "Senders Inside and Outside My Organization"

    2. Create a transport rule to block mails from outside of organization except if the sender is xxx domain.

    Hope it will be useful to you.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    Tuesday, June 5, 2018 6:17 AM
  • Hi LMSU,

    Because it isn't a real mail client, If your application supports configure an mailbox account on it(with account and password), then use this account to send mail, it will be consider as from a internal users. However, your environment is different, so it cannot be consider as from a internal users. It just has a same SMTP address not a internal user

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by LMSU Wednesday, June 6, 2018 7:39 AM
    Tuesday, June 5, 2018 8:05 AM

All replies

  • Hi LMSU,

    The working mechanism of this setting is just checking whether this sender is an internal users, if not, this mail will be blocked. So if this DG want to receive mails from external, you should enable this setting on it. 

    This is may be a work around for you:

    1. Enable "Senders Inside and Outside My Organization"

    2. Create a transport rule to block mails from outside of organization except if the sender is xxx domain.

    Hope it will be useful to you.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    Tuesday, June 5, 2018 6:17 AM
  • Thank You Xu

    One Q. The cloud machines are not member of AD domain. Exchange and AD are in Private Data center cloud. The applications are using some group id (eg. appalerts@mydoamin.com) to send mails and we are receiving those mails only when sending to groups with settings "Senders Inside and Outside My Organization". This group is there in Exchange, but why it's not considering as an Inside user? 


    LMS

    Tuesday, June 5, 2018 7:18 AM
  • Hi LMSU,

    Because it isn't a real mail client, If your application supports configure an mailbox account on it(with account and password), then use this account to send mail, it will be consider as from a internal users. However, your environment is different, so it cannot be consider as from a internal users. It just has a same SMTP address not a internal user

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by LMSU Wednesday, June 6, 2018 7:39 AM
    Tuesday, June 5, 2018 8:05 AM
  • Thank You

    LMS

    Wednesday, June 6, 2018 7:39 AM
  • Actually the underlying mechanism is if the sender is authenticated.  That DG setting used to be a checkbox allowing anonymous mail or not.  I would suspect if the application could authenticate, and the relay could pass on the authentication, it would work.  Most of us authorize an application to use a receive connector based on source IP, but it is still treated like internet mail: no username associated.

    By default though, SMTP authentication only works with mail-enabled accounts and with the SMTP sender address matching the user account used to log into SMTP.   Permissions could be set on the connector so that the user account being used to authenticate would have "Allow Any Sender" permissions.

    Thursday, February 21, 2019 6:52 PM