Hi,
I'm trying to add our Exchange Online as an SMTP resource, but it can't get connected.
In Exchange Online I've setup a Connector which accepts any mail from whitelisted IP's. This is working fine when sending from MFP's in our office, etc.
I've added Retool IP's 35.90.103.132/30 and 44.208.168.68/30 to the whitelist and added the smtp server and port (25) to the resource. No authentication is required.
When I click test, it just times out. Also when I try to send from an app, it times out.
Any idea how to get this working?
I also could try to get it working through MS Graph, but I'm also struggling connecting to Graph.
SMTP would be the second best option.
Hey @mbruijnpff!
Would you mind sharing a bit more with us about how you have Exchange Online configured and what settings you're using to connect from your MFPs?
It's my understanding from these docs that Exchange Online doesn't allow sending emails with unauthenticated connections but I'm not super familiar with Exchange Online so I'm curious to hear more about how you have things set up.
SMTP client email submissions (also known as authenticated SMTP submissions or SMTP AUTH) are used in the following scenarios in Office 365 and Microsoft 365:
- POP3 and IMAP4 clients. These protocols only allow clients to receive email messages, so they need to use authenticated SMTP to send email messages.
I'm also wondering what issues in particular you ran into with MS Graph if that's a route you'd still like to explore.
Hi @Kabirdas,
We're using a mailflow connect (option 2), see this page
The only thing it requires to be configured is:
- Add IP's of sending service/device to the Exchange whitelist (done, got them from here)
- Use the smtp hostname xxxxxx.outlook.com (done)
- use port 25 ( done)
- No Smtp authentication required (done, left fields blank)
- no ssl/tls (no option to set this)
When testing I'm getting a timeout error.
The only thing I can think of is that the source IP from Retool is incorrect, as this could throw a timeout error.
I'm trying to connect to our Azure resources through Graph as well, but simply struggle with the details to fill in when creating a rest api. Tried it based on these docs but it seems to be a bit different than shown in the docs.
have you been able to connect to the web server from another external IP address? Is it possible that there's a separate security layer that's blocking access?
As for the Microsoft Graph API, this may not be the most helpful thread but it does have a couple of configurations that people have used to connect to the API. If you're comfortable sharing a screenshot of your resource setup screen with any sensitive information redacted I can take a look at that with you as well!
@Kabirdas,
I'm currently testing Retool Enterprise on-premise and just got it up and running. I've added the connector there as well and used the exact same setting. It worked instantly, so my guess is that Retool is trying to connect from another IP than whitelisted in Exchange online. However, I can't see form which Retool tries to connect. Maybe the IP's here are incorrect/incomplete?
That should be a complete list of IPs, at one point Retool was sending requests from 52.177.12.28/32 and 52.175.251.223/32 but that changed with the IP address migration and requests are no longer being sent from those addresses.
Is it possible that your on-premise deployment of Retool exists on the same VPN as your SMTP server?
No, there is no vpn beteen our office and exchange online.
I've added 52.177.12.28/32 and 52.175.251.223/32 now to the whitelist, but still no luck.
Also tried to add all the single ip addresses to the whitelist, but also this is not the solution.
I've also checked every single IP address here https://check.spamhaus.org/, but nothing is blocked.
I've checked with the dev team as well and the IP address you're looking to hit shouldn't be blocked by anything on our end. Have you tried using direct send from another IP outside of your region?
Would it be possible for someone from the dev team to try smtp over telnet from one of the ip’s and check the error?
Hi,
I took the other route, I’ve managed to get it working through MS Graph.
The reason why it’s probably not working is because most cloud providers block port 25 by default. Only if you have an ‘enterprise’ agreement they usually open it on request.
1 Like
Hey @mbruijnpff!
Glad you were able to get things working using MS Graph. After following up with the dev team about your previous question they also came to the conclusion that it's specifically traffic to port 25 that's being blocked from the Retool side.