flex 500 emailing myself notifications using Microsoft 365

I cant seem to get my firewall to email me notifications...

Does anyone have details of working settings to enable my flex 500 to email me via m365 ?

All Replies

  • Hello,
    it works for me.
    on 365 You have to first enable smtp with authentification in Your account.

    on the FLEX or USG
    smtp.office365.com
    port: 587
    TLS and STARTLS checked   do not check authenticated server
    check smtp authntication and fill user and password.
  • RoyCruse
    RoyCruse Posts: 8
    First Anniversary First Comment
    I dont want to / cant use authentication as all our accounts have 2FA enabled.

    I simply want to send a mail from my own address to my own address without authentication - i use the same method for our scanners here in the office and they work fine - just cant get this firewall to do the same :(
  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    RoyCruse said:
    I simply want to send a mail from my own address to my own address without authentication - i use the same method for our scanners here in the office and they work fine 
    Which settings are you using from your scanners? Did you apply the same to the firewall?
    Maybe emails or user agents are managed differently, and Microsoft (not you) decide what to allow access and what not...
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @RoyCruse,
    Can you post error log in "MONITOR > Log > View Log"?
    It should have fail reason when device send notification mail fail.

  • RoyCruse
    RoyCruse Posts: 8
    First Anniversary First Comment
    Hi,   I dont get an error which would be really useful...

    Instead I get an info line saying my address is not accepted by the server.

    The addresses are 100% correct


  • RoyCruse
    RoyCruse Posts: 8
    First Anniversary First Comment
    edited April 2022
    I have checked and double checked mail server details and tried multiple different sender and recipients including exactly the same setup as our scanner

    Ive also tried with and without TLS/StartTLS (as this is specified as optional in the m365 instructions here)

    heres my mail server config



    We have a connector setup in M365 allowing mail from our entire ip range, ive also added our ip range to our spf record as this helped stop mails from the scanner going to spam

    I run a message trace from M365 and there's no entries for the mail from the firewall at all so cannot get any errors from that side.

    As i said our scanners can scan and email using the exact same settings and have done for years...
  • RoyCruse
    RoyCruse Posts: 8
    First Anniversary First Comment
    Ok so i eventually ran a packet capture and it would appear the external ip used by the firewall is blacklisted with M365 and was returning the following error

    550 5.7.606 Access denied, banned sending IP [xxx.xxx.xxx.xxx]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to  http://go.microsoft.com/fwlink/?LinkID=526655

    So it would seem theres a bug in the logging on the firewall as the issue is being reported in the logs as "recipient address not accepted by the server" 

    If only you had displayed the error code that you were returned by the mail server as is:- 550 5.7.606 - i would have known the exact problem right from the get go.   

    perhapse an update for the next firmware release. ?
  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Thanks for digging into.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Thanks for valuable feedback. :p 
    We will evaluate if it is doable in gateway to parse return message in system log. 

Security Highlight