Knowledgebase : Technical, Configuration and Devices > Email

If emails are not being received by the intended recipient there are a number of items to consider.  Usually, if there is a problem with sending the email out of your mail server, you would receive quite a detailed error message which will include, somewhere in the text, the reason that the emails are not going out of your server.

Check the following:

1. Are the settings for your outgoing mail server correct.
    Use http://mxtoolbox.com/diagnostic.asp to check that your SMTP (outgoing) mail server details are correct.

 

Sending emails through Office365 sometimes causes message send failure with an error of 550 5.7.64 TenantAttribution; Relay Access Denied.

  1. In Office Admin go to Exchange
  2. In 'Mail Flow' go to  Connectors
  3. Use the wizard to complete the Connector process.

Make sure the external IP is recorded as an allowed address on the Inbound Connector in Office 365:

InboundConnector2

 

 

 

 

 

 

 

 

 

Also, add the IP address to the SPF record in Public DNS like this:

v=spf1 ip4:, include:spf.protection.outlook.com ~all

One other possible cause of this issue is if the application, when it composes the email, uses a domain other than what is on the accepted domains list. For example, if your tenant has 3 defined domains – BobsGarage.Com, TimsGarage.Com andJohnsGarage.Com and the application sending the email uses a domain like GaragePower.Com, then the connector in Office 365 will reject the email. If you receive the relay error, here is the order I would take for troubleshooting:

  • Verify Sender address is using an accepted Domain (in the application, or message header)
  • Send the email to an internal recipient – check headers for IPs to match in the connector
  • Check your SPF record to make sure all IP addresses are listed as well

 

Setting up Gmail as an SMTP account for a Provider

 

To setup Email for a Provider using a Gmail account, go into;

-Setup   -Provider   -Email    (as below).

 

When you try to Test Connection it will fail and the Gmail account will receive a Security alert.

 

You will need to get the client to login to the Gmail account to do the next steps.

  1. There will be a security alert email in the inbox.

2.   Click on “Yes it was me” and you will go to the Less secure app blocked Click on “Learn more”

3.    From the Less secure apps page, click on “Less secure app access” link.

4.   Change the setting to ON.

5.    If you retry Test Connection, it should now allow emails through.

  • With upcoming security changes by Google, new application connections will not be able to be made after July 2020.
  • Existing connections will stop after Feb 2021.

Socket Error: WSAEWOULDBLOCK

NOTE: If this error occurred while trying to establish an FTP data connection, also see this: http://cknotes.com/?p=282

A WSAEWOULDBLOCK error when trying to establish a TCP/IP socket connection indicates one of the following conditions:

  1. A firewall at either the client or server side is blocking the connection.
  2. There is no server listening at the remote host:port to accept the connection
  3. Some other software, such as an anti-virus or anti-spyware program is blocking the connection.
  4. The server was too slow in accepting the connection.  Increase the value of the ConnectTimeout property.

You may open a DOS prompt and try to telnet to the remote host:port to test connectivity. This page provides more information: WSAEWOULDBLOCK

Note: It is impossible for the client to distinguish between any of the cases described above.  It’s similar to if you were knocking on a door and nobody answers — you have no information — you don’t know if the person simply chose not to answer the door, if the person is not home, or if the person simply cannot hear the knocking.  In all cases, the client’s knowledge is the same: there is no response and you have to decide how long you’re willing to wait…

This is the link for reference on how to setup SMTP Relaying with Office 365
How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft Docs

If they are using “Direct Send” option, it should not work for sending emails to external addresses like Gmail. Direct Send should only be used to send emails to your own Office 365 tenant. These are the direct send SMTP Settings:

Graphical user interface, text, application  Description automatically generated

If you want to send emails from Office 365 to External Domains, then they must use either “Authenticated SMTP” or “SMTP Relay”. If you use “Authenticated SMTP”, then they need to make sure the account they use is not blocked to use this protocol. Places to check are:

  1. Azure AD Conditional Access or Azure Security Defaults (Azure Active Directory security defaults | Microsoft Docs)
  2. Authenticated SMTP on the Mailbox Level via Exchange Admin Centre or Microsoft 365 Admin Centre.

 

We recommend to use “SMTP Relay” method if they want to email outside of Office 365 and these are the steps they should look into get this working properly and be trusted by external email servers:

  1. Add the IP Address to Exchange Connector
  2. Add the IP Address to SPF record
  3. Enable Dkim in Office 365
  4. Have a Dmarc record (Preferably the policy is set to either quarantine or reject)

 

 

Emails can be sent through Office365 email servers using either:

  • Authenticated Client SMTP, or
  • SMTP Relay (using an Outlook connector)

In the new 409.6 release of SPM & PHM Incisive have made some changes to allow the SMTP Relay correctly communicate with Exchange Online (Office365).

If you are using 409.4 or earlier you will need to use the Authenticated Client SMTP option. 

SMTP Relay

In SPM/PHM (release 409.6 or newer) configure the options in Setup > Provider > Email   (for each Provider)

SMTP Server Settings

SMTP Server Name:    <your-domain>.mail.protection.outlook.com
SMTP Encryption:       TLS
SMTP Server Port:      25  (needs to be an open Outgoing port)

Account Authentication

SMTP Authentication NOT required

Authenticated SMTP

Authenticated SMTP requires authentication to be enabled at the Tenant and the Mailbox level.  It is disabled by default.
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission

In SPM/PHM configure the options in Setup > Provider > Email   (for each Provider)

SMTP Server Settings

SMTP Server Name:    smtp.office365.com
SMTP Encryption:       TLS
SMTP Server Port:      587  (needs to be an open Outgoing port)

Account Authentication

SMTP Authentication required
Authentication Method:     AUTO or LOGIN
Account Username:          The email address of a user account
Account Password:           The password for the user account

Troubleshooting

  • Use the Check Connection and Send Test Email.
    Look at the log as it will explain the problem.  Scroll to the bottom of the log for the most recent entry.
  • Check port 25 or 587 are open  (Use Telnet if you are not sure)
  • Check .NET Framework 4.8 or newer is installed.
  • Get your Office365 administrator to go to the Azure Active Directory and check the Sign-In logs to view the connection attempts.

  • Try to use the same domain name for your 'From' address, 'Reply-To' address and also the 'SMTP Server Name' (Setup > Provider > Email).  Some email servers will compare the domain names used in the out-going email and if they differ they rank the email for spam accordingly.
  • Add the relevant SPF and DKIM settings to your domain host (talk to your IT provider)
  • Create a free account at Google Postmaster Tools. This will give you the ability to see various metrics that Google/Gmail keeps for your domain name and will let you see if there is a problem. Note: it will take a few days for any stats to appear after you create an account with them.
  • Check that your domain name isn't on a domain blacklist.  You can search for your domain name at MXToolbox. Also search for your domain name at URLVoid.
  • Search for your domain name at BorderWare Watchguard. This will show BorderWare's assessment of the reputation of all IP addresses that are sending emails from your domain name. Any servers that have a bad reputation may have become compromised, or may be sending out emails that have generated spam complaints in the past, and should be investigated. You can do a similar search for your domain name at SenderScore.org.
  • If you're sending from a free email service such as Hotmail, Yahoo, etc. your emails are often treated more suspiciously by recipient spam filters. It is always better - and more professional - to send emails from your own (or your business') domain name. You should never send emails from a Yahoo or AOL email address (as of April 2014) as these domains are now restricted by their DMARC policies. You should also not send from a Gmail email address as of June 2016 due to Gmail's new DMARC policy.
  • If you place links in an HTML email, it is best to not display the actual link (http://www.etc...) in your email. Many email programs now have anti-phishing technology which treats such links suspiciously. If the underlying URL of your link is different from the URL displayed, then your email will be marked as spam by email clients such as Thunderbird. And never use an IP address in a link.
  • Never use URL shorteners in an email.

You can test the likelihood of your email being regarded as Spam by using email checking sites such as https://www.mail-tester.com/   You will be provided with a unique email address like test-ilg76rjn5@srv1.mail-tester.com  that you can put as the patient's email address and then try sending emails from different locations in the Incisive application.  You will be provided with a score.  Anything with a score of -5 or less is likely to be marked as Spam.  Scores of -1 or -2 should see the emails successfully delivered to the recipient's Inbox.

Advanced email routing through the Google Gmail servers

https://support.google.com/a/answer/6140680#invalidcreds6-20020a17090302c600b0015eca1bc518sm78521plk.143%20-%20gsmtp

SMTP relay: Route outgoing non-Gmail messages through Google

If your organization uses Microsoft Exchange or another non-Gmail SMTP service, you can configure the SMTP relay service to route outgoing mail through Google. You can use the SMTP relay service setting to filter messages for spam and viruses before they reach external contacts. You can also apply Google Workspace email security and advanced Gmail settings to outgoing messages

https://support.google.com/a/answer/2956491 

Microsoft and Google are changing the connection requirements for third-party applications (like Incisive) to send emails through their SMTP (out-going) email services.  These connections now require a token to be requested and passed back to Incisive application, instead of just requiring your encrypted login & password, for the Microsoft & Google services to allow the email to go through.  It is possible that these security requirements are being enforced in consideration of the current world-wide tensions.

The symptom may appear as an error message with text of 'Bad Credentials' or 'Username and Password not accepted' and your emails can no longer be delivered.

It is possible that you will notice that emailing functions, outside of the Incisive applications, such as 'Scan to Email' from your multi-function device (scanner/printer), are also likely to run into the same problem sending emails.

Previously, Gmail had an option to allow 'less secure' applications to send emails through their SMTP service, however this option has now been disabled.  There is a different security option called 'App Password' which may work for you, but is only available if you have 2FA authentication enabled on your Google account.

We have provided Knowledgebase articles with references to the relevant Google, Microsoft & Apple app-password support information and how to add it to the Incisive application.

As an alternative SMTP email delivery service, you could look to use a third-party SMTP service such as SMTP2Go.com, which we have used for many years and are quite happy with.  Their pricing is very reasonable, with it being free for up to 1000 emails per month or US$10 per month for up to 10,000 emails per month.  If you're not sure how many you send, start with the free plan and they will notify you if you need to move to the next level. 

There are many other SMTP providers such as SendGrid (who we have also used) or others like ClickSend or Mailgun. Your IT technician may also recommend others.

It is possible these SMTP providers will require you to use a private domain address (not @gmail @yahoo @outlook @me etc.).  You can acquire your own domain address and use it just for emails.  A domain name may cost about $30 per year and email services can often be available for about $5-10 per month.  Domain address and hosting services are available from many providers like crazydomains.co.nz   It will be important to ask your IT technicians to configure your domain to use the SPF, Dmarc & DKIM settings, to ensure better reliability of getting your emails to the patient's Inbox.  The Incisive Helpdesk does not provide these services.

If you do use SMTP2Go, or a similar service, your emails will still be delivered using your usual email From: and ReplyTo: email addresses, which you have entered in the Incisive application.

Microsoft and Google are changing the connection requirements for third-party applications (like Incisive) to send emails through their SMTP (out-going) email services.  These connections now require a token to be requested and passed back to Incisive application, instead of just requiring your encrypted login & password, for the Microsoft & Google services to allow the email to go through.

Previously, Gmail had an option to allow 'less secure' applications to send emails through their SMTP service, however this option has now been disabled.  There is a different security option called 'App Password' which may work for you, but is only available if you have 2FA authentication enabled on your Google account.

Google Support provides the following knowledgebase article https://support.google.com/accounts/answer/185833?hl=en