In case you are not following the EHLO blog, you might have missed an announcement made recently regarding some changes coming to SMTP authenticated submission (or SMTP authentication) in Exchange Online. In a nutshell:
- Sent email will now be stored in the Sent Items folder of the mailbox.
- Only three concurrent connections to our service per mailbox will be allowed. Additional connections will be rejected with the error: 4.3.2 STOREDRV.ClientSubmit; sender thread limit exceeded.
In addition to the changes mentioned above, another set of changes has been rolled out to the service, allowing us to control the SMTP authenticated submission protocol on the organizational or per-mailbox level. Here’s how to do this.
The organization-wide settings are controlled via the Set-TransportConfig cmdlet. To disable SMTP authenticated submission on the company level, use:
Set-TransportConfig -SmtpClientAuthenticationDisabled $true
To enable SMTP authenticated submission on the company level, use
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
As the default value for this setting is $false, as in SMTP authenticated submission enabled, you don’t need to make any changes unless you want to disable it. To check the currently set value, use:
Get-TransportConfig | ft SmtpClientAuthenticationDisabled
To control SMTP authenticated submission on the per-mailbox level, use the Get-CASMailbox cmdlet. For example, to disable SMTP authenticated submission on a specific mailbox:
Set-CASMailbox mailboxname -SmtpClientAuthenticationDisabled $true
To enable SMTP authenticated submission , use:
Set-CASMailbox mailboxname -SmtpClientAuthenticationDisabled $false
To check the status of SMTP authenticated submission for particular user, use:
Get-CASMailbox mailboxname | ft SmtpClientAuthenticationDisabled
Any ideas why NT AUTHORITY\System would have run this command and disabled SMTP on its own?
Microsoft is in the process of toggling off basic auth across the board, which also includes disabling SMTP auth for tenants that do not use it. If you have Security defaults enabled, that would also toggle SMTP auth off. So you’re likely seeing the background process responsible for that.
Friend. You save me!!
I was becoming crazy because I could not config Gmail to send messages using Office365 account, Gmail inform a password error. Same situation using Thunderbird.
Microsoft now set the parameter SmtpClientAuthenticationDisabled to TRUE by default!!!!
They want force user to use Outlook clients applications and not others.
Only three concurrent connections to our service per mailbox will be allowed. Additional connections will be rejected with the error: 4.3.2 STOREDRV.ClientSubmit; sender thread limit exceeded.
How can i imcrease the limit of mails at a time upto 100 mails ?
Hi @Anmol Bhardwaj,
Any clue regrading three concurrent connections issue?
Can you disable this feature at the company level and then enable at the user level?
Yes, you can. Disable it via the first cmdlet, then enable it per-mailbox via Set-CASMailbox.
Awesome, thanks Vasil.
Hi Vasil,
I made the change at the company level but it did not reflect on anyone’s mailbox (the toggles still say enabled).
Should this take a while to apply?
The per-mailbox attribute value will not get updated by toggling the org-wide one. It’s all explained in the documentation 🙂
Thanks Vasil, I must have missed that. (Still can’t find where it states that though).
To confirm, is this correct?
Unlike using CASMailboxPlan to disable POP, IMAP and Activesync for any NEW mailboxes created and leaving those mailboxes already existing with POP, IMAP and Activesync enabled…
Using Set-TransportConfig -SmtpClientAuthenticationDisabled $true will disable SMTP for every mailbox existing and new?
Yes, it’s a company-wide setting.
When used in a hybrid setup – will this also impact the on premise servers as well? Or is the scope just limited to Exchange online?
That’s for Exchange Online only