We installed SEPM 14 MP2 but never got Auto email notification working. After working with Symantec support, it was very frustrating and requested to close the case as it was going no where. Recently I had some time to work on it. Key environment:
1) Email Server: Office 356 and all emails are scanned by Message Lab Email Security.Cloud
2) Web Security.Cloud
Error messages "Symantec Endpoint Protection Manager cannot send a test email using the settings you specified. Verify your email server settings. For more information, see the knowledgebase article: How to configure email server settings"
I was not sure what address to define in Admin >> Server >> Edit Server Properties >> Email Server >> Server address. Symantec supported tried with different O365 addresses like: outlook.office365.com, smtp.office365.com etc. and none worked. TECH240170 was not so helpful and scm-ui*.err log was showing error like this:
26/09/2017 2:09:58 PM STDOUT: Sending test email ...
26/09/2017 2:10:27 PM Email INFO: Start to send email to [secteam@abc.com] using server: cluster4.us.messagelabs.com.
26/09/2017 2:10:27 PM STDOUT: Start to send email to [secteam@abc.com] using server: cluster4.us.messagelabs.com.
26/09/2017 2:10:27 PM Email INFO: Sending email...
26/09/2017 2:10:28 PM Email SEVERE: Valid unsent addresses: [secteam@abc.com]
26/09/2017 2:10:28 PM Email SEVERE: Fail to send email to secteam@abc.com using server: cluster4.us.messagelabs.com.
secteam@abc.com was indeed a valid address.
What I figured out: in Admin >> Server >> Edit Server Properties >> Email Server >> Server address - maker sure it matches with the address of O365 Admin Console >> Setup >> Domains >> Required DNS settings >> MX
Now this should obviously match in Message Lab under Services >> Email Services >> Inbound Routes.
Further running a packet capture on SEPM, I found this very interesting:
220 ME1AUS01FT008.mail.protection.outlook.com Microsoft ESMTP MAIL Service ready at Tue, 26 Sep 2017 04:35:30 +0000
EHLO SYD.corp.abc.com
250-ME1AUS01FT008.mail.protection.outlook.com Hello [X.Y.255.70]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250 CHUNKING
MAIL FROM:<moin.sobhan@abc.com>
250 2.1.0 Sender OK
RCPT TO:<secteam@abc.com>
550 5.7.606 Access denied, banned sending IP [X.Y.255.70]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 (AS16012609) [ME1AUS01FT008.eop-AUS01.prod.protection.outlook.com]
RSET
250 2.0.0 Resetting
QUIT
221 2.0.0 Service closing transmission channel
Now the address X.Y.266.70 is our registered IP assigned for our domain in Message Lab under Services > Web Security Services > Web Routes. Further going to the link https://sender.office.com/, I came across our IP was blocked. It gives the option to delist the IP and issue was resolved.