Recently, we ran into a problem whereby a customer’s Windows 2003 R2 box that was being used as an SMTP relay to Office 365 stopped working. Parsing the IIS logs didn’t tell us much, other than the server was trying to reach 365, and the connection was almost immediately dropped on the remote side. During the testing phase, we set up an identical relay setup here internally with a Server 2012 box that worked without a hitch.
Several phone calls with Microsoft later, we learned that the servers that the smtp.office365.com DNS server points at have changed – they only support 256-bit TLS encryption now. The TLS encryption support in IIS in Server 2003 only supports a maximum of 128-bit. Server 2008 and 2012 support 256-, but 2003 does not.
I made a note in my article on Setting up an SMTP Relay to Work with Office 365, I stated that you can use smtp.outlook.com as a workaround if you get unexplainable connection drops on the outbound side. Now we have the official word from Microsoft! What I don’t know is how long this workaround will last, but for the time being, this is their official stance on getting Server 2003 SMTP relays to work: set the outbound server to smtp.outlook.com.