Email Relay (SMTP) via Google Apps or Office365

This guide relates to configuration of client-hosted Schoolbox. For Schoolbox SaaS, please see https://help.schoolbox.com.au/homepage/3062.

Client-hosted Schoolbox can be configured to send email either:

1. Directly to recipients, or
2. Via an external SMTP service (eg Google Apps/ GSuite, Office365) which routes messages to recipients

In both configurations, the web server always first routes mail via a co-located local relay.

1. Sending mail directly to recipients

For Schoolbox to send mail on behalf of users, the Schoolbox mail servers must be authorised to send from your users' mail domain. For example, to send mail for john@myschool.edu.au requires Schoolbox to be authorised to send mail for myschool.edu.au.

You must include this record in your domain's SPF record,eg myschoolbox.edu.au.    300    IN    TXT    "v=spf1 a:schoolbox.myschoool.edu.au ~all". 

2. Sending mail via your relay and then to recipients

This configuration is no longer recommended.  Although this can avoid the need for a SPF record, configuring your existing email server to allow open relaying can be very difficult. It is also actively discouraged by many of the major cloud email providers including Google and Microsoft. They implement hard rate limits that can prevent the delivery of bulk emails to your entire school in a timely manner.  If you must use a relay, you can see our guides for configuring Google and Microsoft below.

In both cases, if email is sent from domains whose DNS you control, you should also configure DKIM. 

To do this there are some changes that need to be made within your Google Apps account (Administrator permissions required).

The setup Schoolbox requires is detailed here under the option "Google Apps SMTP Relay" using the SSL/TLS option.

Please follow the following instructions for configuring Google Apps for allowing Schoolbox to relay emails:SMTP relay service setting

In that document you will need to select the following:

• Step 6 - 'Any addresses'
• Step 7 - 'Only accept mail from the specified IP addresses'
• Step 8 - You will need to set the IP address that Google sees for your Schoolbox server. This is likely the external IP address for your School, though could be different if using a DMZ or offsite hosting.
• Step 9 - Please enable 'Require TLS encryption'

Once you have configured this, please send you SMTP details to Schoolbox Support so that the Schoolbox local email proxy can be configured for you.

This SMTP Relay setup requires configuration with Office365 Azure.

Please see Microsoft's documentation on this process.

Use option 3: "Option 3: Configure a connector to send mail using Office 365 SMTP relay"

You will need to ensure the the Connector is set up to use an IP Address Whitelist.

Once you have configured this, please send the SMTP address to Schoolbox Support to set up via the Schoolbox local email proxy. E.g. someschool-edu-au.mail.protection.outlook.com

Note: Although Office 365 SMTP relay uses port 25 with optional TLS, when configured via the Schoolbox local email proxy, TLS/STARTTLS is always used for security.