Graph and PowerShell Blog

Having recently setup Microsoft HVE for mail relay via client submission it was now time to update the settings on the approx. 40 apps that relay on my network.

To start with it's worth noting a few things with HVE. Currently, it doesn't support OAuth, but will in September 2024 when it is fully released. It only supports TLS 1.2 and 1.3, so any apps that haven't been updated in a while may only support a lower version.

Server/Endpoint: smtp-hve.office365.com
Port: 587
TLS: STARTTLS
TLS 1.2 and TLS 1.3 are supported
Authentication: Username and password
OAuth not supported in preview

I had already done some checks to verify that only a couple didn't support a username and password, but what I didn't realize is that's only half the story.

If an app defaults to port 465 for SSL then it doesn't support client submission (port 587), this occurred on the first app I checked, Tree Size Pro.

↑ TreeSize Pro defaults to port 465 for SSL, it does not support client submission.

From there it got even worse, apps that don't have a test button, apps that seem to have the correct settings but then give a basic error message without the needed detail to troubleshoot.

On the server itself, you also need to make sure that port 587 is not blocked by the Windows Firewall.

The first app I did get to work was Nessus by Tenable.

↑ Lots of authentication methods with Nessus.

↑ All apps should have a 'Send Test Email' button, but many don't.

With scripts, it is possible to send to HVE but there are a few things to check. PowerShell by default will not use TLS 1.2 so you will need to add the following to your script.

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12

A working example using PowerShell, with HTML body and an attachment:

# Before starting you want to save your credentials encrypted

$credential = Get-Credential
$credential | Export-CliXml -Path 'C:\scripts\creds.xml'

$creds = Import-CliXml 'c:\scripts\creds.xml'

$EmailTo = "user@domain.com,user2@domain.com"
$EmailFrom = "relay@domain.com"
$Subject = "Test"
$body = "HTML mail"
$SMTPServer = "smtp-hve.office365.com"
$file = "c:\scripts\hvetest.txt"
$att = new-object Net.Mail.Attachment($file)

$SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom,$EmailTo,$Subject,$Body)
#$SMTPMessage.cc.Add("user3@domain.com")
#$SMTPMessage.bcc.Add("user4domain.com")
$SMTPMessage.IsBodyHtml = $true
$SMTPMessage.Attachments.Add($att)

$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
$SMTPClient.EnableSsl = $true
$SMTPClient.Credentials = $creds
$SMTPClient.Send($SMTPMessage)

While I could ask the script owners to use Graph instead, the above code is easier to edit.

Graph and PowerShell Blog	Articles 2024 Installing Exchange 2019 in Azure Landing Zone Upgrading PHP on Windows Adding a Postfix server for relay to O365 O365 Integrated Apps troubleshooting Domino and O365 Co-existence Delegate Control in AD App mail relay via HVE Setting up Mail Relay with HVE Getting BIMI certified Orbea Occam SL H30 Installing FreeSat and Saorview Changing broadband provider Replacing a DIN timer on fuseboard Outlook Desktop Notifications stop working Outlook folders keep moving sort order Teams report uploading to SharePoint with Runbooks Teams PowerShell module can't run CS cmd as App 2023 Cannot map new Shared Mailboxes in O365 Renewing an Exchange 2016 certificate Connect to Compliance PowerShell behind a Proxy Sensitivity Label not shown in Outlook Client Room Finder Error in Outlook Teams not showing Rooms Teams unable to open file Unable to review quarantined mails for shared mailbox Set Locale for various Apps Delegate Sent Items placed into external Tenant Overview of Microsoft Support cases When centralized mail sends via O365 Cleaning up your Windows DNS server Set OneDrive for Business Locale O365 Migration Tips Reporting on successful Azure logons IIS Mapi Queue full with NetScaler Secure Office365 reports with a certificate Using Graph to send emails with inline images Visualizing Graph data with Google Charts Keeping a log of NetScaler AlwaysON connections \| About \| Links

App mail relay via HVE 22-May-24 Having recently setup Microsoft HVE for mail relay via client submission it was now time to update the settings on the approx. 40 apps that relay on my network. To start with it's worth noting a few things with HVE. Currently, it doesn't support OAuth, but will in September 2024 when it is fully released. It only supports TLS 1.2 and 1.3, so any apps that haven't been updated in a while may only support a lower version. Server/Endpoint: smtp-hve.office365.com Port: 587 TLS: STARTTLS TLS 1.2 and TLS 1.3 are supported Authentication: Username and password OAuth not supported in preview I had already done some checks to verify that only a couple didn't support a username and password, but what I didn't realize is that's only half the story. If an app defaults to port 465 for SSL then it doesn't support client submission (port 587), this occurred on the first app I checked, Tree Size Pro. ↑ TreeSize Pro defaults to port 465 for SSL, it does not support client submission. From there it got even worse, apps that don't have a test button, apps that seem to have the correct settings but then give a basic error message without the needed detail to troubleshoot. On the server itself, you also need to make sure that port 587 is not blocked by the Windows Firewall. The first app I did get to work was Nessus by Tenable. ↑ Lots of authentication methods with Nessus. ↑ All apps should have a 'Send Test Email' button, but many don't. With scripts, it is possible to send to HVE but there are a few things to check. PowerShell by default will not use TLS 1.2 so you will need to add the following to your script. [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 A working example using PowerShell, with HTML body and an attachment: # Before starting you want to save your credentials encrypted $credential = Get-Credential $credential \| Export-CliXml -Path 'C:\scripts\creds.xml' $creds = Import-CliXml 'c:\scripts\creds.xml' $EmailTo = "user@domain.com,user2@domain.com" $EmailFrom = "relay@domain.com" $Subject = "Test" $body = "HTML mail" $SMTPServer = "smtp-hve.office365.com" $file = "c:\scripts\hvetest.txt" $att = new-object Net.Mail.Attachment($file) $SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom,$EmailTo,$Subject,$Body) #$SMTPMessage.cc.Add("user3@domain.com") #$SMTPMessage.bcc.Add("user4domain.com") $SMTPMessage.IsBodyHtml = $true $SMTPMessage.Attachments.Add($att) $SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 587) $SMTPClient.EnableSsl = $true $SMTPClient.Credentials = $creds $SMTPClient.Send($SMTPMessage) While I could ask the script owners to use Graph instead, the above code is easier to edit.