Resolving issues with slow Outbound mail to Office365 in a Hybrid connection using a SmartHost or Internal Appliance

on August 10, 2016


Mail flow to Office365 hosted users is slow after an initial Hybrid Configuration when the server points to a SmartHost on Exchange by default


The actual problem is the mail flow to Office365 is slow because the connector uses DNS for sending mail by default. In this scenario, the server is either sending directly to an internal appliance (such as a Barracuda) or uses a SmartHost on the internet (Such as on SBS 2011 / SBS 2008) and in many SMB configurations.

Normally you would change the connector properties to point the existing SmartHost and the problem would be resolved.

What you will find in the connector created by DEFAULT with the Hybrid wizard is this does NOT solve the problem. You can see the actual problem when you view the connectors with the Get-SendConnector Cmdlet and view a full list of the properties.

Get-SendConnector -identity ‘SmartHost Connector’ | Format-List *

Get-SendConnector -identity ‘Outbound to Office365’ | Format-List *

Note the highlighted areas of the Office365 connector. By default it’s insistent on a TLS connection and a few additional properties (which are fine if you’re hosting a live Exchnage/DNS configuration)

However in the case of a SmartHost, it may not like this (Bad Smarthost on the internet with lousy Authentication ?) or you’re running an internal box to handle outbound spam which is not configured to accept TLS internally.

There are three options to solve this:

  1. Get a better SmartHost provider or improve your internal Device security to accept TLS.
  2. Recreate the Office365 Connector from scratch with the same settings and point straight to the SmartHost.
  3. Probably the easiest – adjust the connector through PowerShell and disable the requirement for TLS and remove the additional properties left behind by Office365’s Hybrid wizard (which should be fine for INTERNAL devices)

If you chose option 3, here’s how to procede:

First make a copy of the Connector should you need to Rollback the process:

Get-SendConnector -identity ‘Outbound to Office365’ | Export-Clixml Office365Connector.xml

Then adjust the particular connector name for Office365 outbound mailflow on your On Premise Exchange environment:

Set-SendConnector -identity ‘Outbound to Office365’ -RequireTLS $False -RequireTLS $False -TlsAuthLevel $NULL -TlsDomain $NULL -ErrorPolicies Default

No restart of any services are required and the effect should be immediate. Note as always, any mail stuck in the queue under the old configuration is just good for one thing… NDR’s 😉

By Sean Kearney

Sean Kearney is a Senior Solutions Architect at Cistel Technology Inc. He lives in the world of Automation leveraging technologies such as System Center Orchestrator and will break out into song when the word “PowerShell” is used. He is a Windows PowerShell MVP, Charter Member of the Springboard Technical Experts Program and an Honorary Scripting Guy who regularly contributes content to Microsoft’s own “Scripting Guys” website.

Colin SmithResolving issues with slow Outbound mail to Office365 in a Hybrid connection using a SmartHost or Internal Appliance