I have a Konica Minolta bizhub 423 that I am trying to configure to allow Scan-To-Email. IP information on the Konica is correct, it can access the internet, DNS works, etc.
Additionally, the public IP of this location is not on any blacklists.
I have attempted all three options in the following article, following them exactly (including SPF records, etc.): How to set up a multifunction device or application to send email using Office 365.
None of the options work, every attempt results in a failure from the MFP.
I have performed packet captures on the firewall (which is not blocking the necessary ports, nor does it have any IPS functionalities that would block these connections).
For the following email methods allowed by Office 365, I have observed the following behaviors:
- Direct Send
- MFP resolves correct IP for the "companyname-com.mail.protection.outlook.com" MX endpoint.
- MFP sends TCP SYN several times before giving up. No SYN/ACK from the Office 365 MX endpoint.
- SMTP Relay
- MFP resolves correct IP for the "companyname-com.mail.protection.outlook.com" MX endpoint.
- MFP sends TCP SYN several times before giving up. No SYN/ACK from the Office 365 MX endpoint.
- SMTP Client
- MFP resolves correct IP for the "smtp.office365.com" SMTP server after being configured with the credentials for an existing mailbox.
- MFP creates a good TCP connection, negotiates TLS, sends/receives data, then the SMTP server sends a RST. This occurs when sending to an outside email such as gmail.com. The MFP states the send failed, but not why.
- MFP creates a good TCP connection, negotiates TLS, sends/receives data, then completes the connection with the standard series of FIN packets. This occurs when sending to an inside email such as companyname.com. The MFP states the send failed, but not why.
If anyone has any ideas before I contact Microsoft for support, I would appreciate it. I'd prefer to use Direct Send or SMTP Relay over SMTP Client for this.
Best Answer
I just had the same problem. Konica Minolta Support and Microsoft Support could not resolve the issue. From other websites i have only found solutions which did not work for our model (deleting the device certificate was not possible).
The solution I found was simple though: You have to disable all the SMTP Authentication Methods with the exception of "LOGIN".
The problem seems to be that Exchange Servers (or Exchange Online / O365) also offer authentication by certificate and the device then tries to authenticate with its self signed certificate, which obviously does not work. The device does not seem to fall back to the LOGIN method automatically and just fails with the 107 Server connection error.