Resolving issues with slow Outbound mail to Office 365 in a Hybrid connection using a SmartHost or Internal Appliance

You may find that flow to Office 365 hosted users is slow after initial Hybrid Configuration.  But the answer is closer than you think and is only one Cmdlet away with Windows PowerShell.

The actual problem is the mail flow to Office 365 is slow because the connector is defaulting to using DNS for mail sending. In this scenario the server is either sending directly to an internal appliance (such as a Barracuda) or uses a Smarthost on the internet (Such as on SBS 2011 / SBS 2008) and in many SMB configurations.

Normally you would change the connector properties to point the exist SmartHost and the problem would be resolved.

What you will find in the connector created by DEFAULT with the Hybrid wizard is this does NOT solve the problem. You can see the actual problem when you view the connectors with the Get-SendConnector Cmdlet and view a full list of the properties.

Get-SendConnector -identity ‘SmartHost Connector’ | Format-List *

Get-SendConnector -identity ‘Outbound to Office365’ | Format-List *

Note the highlighted areas of the Office 365 connector. By default it’s insistent on a TLS connection and a few additional properties (which are fine if you’re hosting a live Exchange/DNS configuration)

However in the case of a SmartHost, it may not like this (Bad Smarthost on the internet with lousy Authentication ?) or you’re running an internal box to handle outbound spam which is not configured to accept TLS internally.

Three options you have. (as Yoda would say)

1. One, get a better SmartHost provider or improve your internal Device security to accept TLS.
2. The Second option is to recreate the Office 365 Connector from scratch with the same settings and point straight to the SmartHost.
3. The third (and probably quite a bit easier) is to adjust the connector through PowerShell and disable the requirement for TLS and remove the additional properties left behind by Office 365’s Hybrid wizard (which should be fine for INTERNAL devices)

First make a copy of the Connector should you need to Rollback the process

Get-SendConnector -identity ‘Outbound to Office365’ | Export-Clixml Office365Connector.xml

Then adjust the particular connector name for Office 365 outbound mailflow on your On Premise Exchange environment

Set-SendConnector -identity ‘Outbound to Office365’ -RequireTLS $False -RequireTLS $False -TlsAuthLevel $NULL -TlsDomain $NULL -ErrorPolicies Default

No restart of any services are required and the effect should be immediate. Note as always, any mail stuck in the queue under the old configuration is just good for one thing… NDR’s 😉

Cheers!

Sean

The EnergizedTech