Exchange Online can be used as an SMTP and POP server with Sage CRM, but some additional configuration steps may be needed.

There are two main areas that need to be considered.

  1. Establishing an SSL or TLS connection with Exchange Online
  2. Granting your Sage CRM SMTP user the SendAs right so that it can send out emails as Sage CRM users.

Connecting to the mail server using SSL / TLS

Exchange Online requires the use of SSL/TLS with SMTP / POP3. This is supported natively by Sage CRM in 2017 R1 and later. Earlier versions of Sage CRM do not support this, but this can be set up quite easily using an application named stunnel. Stunnel is free software, available from

Log into Outlook Web Access (OWA) at From OWA, go to Settings | Options. Select Settings for POP, or IMAP access...

Take a note of the server name and ports that are being used. Typically, you will need the POP settings (for Email Manager), and the SMTP settings (for sending emails). The default settings are as follows:

POP setting
Server name:
Port: 995
Encryption method: SSL

SMTP setting
Server name:
Port: 587
Encryption method: TLS

Once you have your connection settings, you can use them to set up email with Sage CRM. The method by which this is done will differ depending on which version of Sage CRM you are using.


1: Sage CRM 2017 R1 and later

To enable the sending of emails to Exchange Online from Sage CRM, enable the Use TLS for SMTP option when entering your connection details. These settings are found in Administration | E-mail and Documents | E-mail Configuration.

In order to enable the retrieval of emails from Exchange Online using the Email Manager, enable the Use TLS for POP option under Administration | E-mail and Documents | E-mail Management Server Options.

There is no separate SSL configuration option available. Sage CRM will automatically negotiate the correct version of TLS or SSL with Exchange Online.


2: Sage CRM 7.3 SP3 and earlier

Download and install stunnel (this can be done on the CRM server, or on another server within your network). Edit the stunnel.conf, and replace the values in the appendix below with those listed in OWA. Once done, start stunnel.exe. If you run into issues starting stunnel.exe, check that no other applications (e.g. the SMTP service) are running on the listening ports (default 25 and 110). Once stunnel is running, an icon will appear in the system tray. An example stunel.conf is provided at the end of this article.

In CRM, set your SMTP server to be whichever server has stunnel installed. Usually, this will be on the same server as the CRM server, so the SMTP server will be localhost. By default, you'll connect to stunnel on port 25. If you're using Email Manager, you can also use the stunnel server for POP (default port is 110). 


Granting Send As rights

Finally, you will need to give the user that CRM will be using to send the emails (the SMTP User Name under Administration | E-mail and Documents | E-mail Configuration) rights to send emails as the other CRM users. If this is not done, all emails sent from Sage CRM will be send from the same email address. These steps still need to be carried out even if you have a version of Sage CRM that supports TLS/SSL, since this is a configuration option set on the Exchange server.

There are two options for accomplishing this.

  1. Set up an AD group (or distribution group) for your Exchange users and add them to it, then give the SendAs right on the group. This is a good option if you want a distribution group anyway, or you will want to do something else to your list of users.
  2. Grant the SendAs right on all mailboxes (probably only applicable for small organisations).

This is done using PowerShell. If you need to learn how to use PowerShell to connect to your Exchange Online instance, please refer to KBA 492-16618.

These instructions make use of the pipe operator (|), which allows you to get array of mailbox objects, then send them to your command. This allows you to quickly grant this right over a large number of mailboxes, without having to select them all individually.

For example 1, we have set up a distribution list called CRMUsers for two Exchange users who happen to use Sage CRM.

New-DistributionGroup -Name "CRMUsers" -IgnoreNamingPolicy

"","" | %{ Add-DistributionGroupMember -Identity "CRMUsers" -Member $_ }

We can then list the members of that distribution group:

Get-DistributionGroupMember "CRMUsers"

This should return something like this:

Name        RecipientType
----        -------------
ebdenm      UserMailbox
mayes       UserMailbox

Setting the access rights then becomes a matter of getting the members of the distribution group, then sending them to the Get-Mailbox command. We do this by forwarding the array of resolved mailboxes to the Add-RecipientPermission cmdlet:

Get-DistributionGroupMember "CRMUsers" | Get-Mailbox | Add-RecipientPermission -AccessRights SendAs -Trustee

The Sage CRM user will now have the right to send out emails as if they have come from the members of the new distribution group.

The second method is quicker, but typically would not be done for large Exchange deployments, where only a small subset of users might be using Sage CRM. All that's required is that you run the last command, but without filtering by the distribution group:

Get-Mailbox | Add-RecipientPermission -AccessRights SendAs -Trustee

Once these commands have been run, you should be able to send emails from Sage CRM as any user in the Exchange organisation.

Appendix I: Example stunnel.conf:

# Stunnel configuration file for Microsoft Online POP3 and SMTP
client = yes
output = stunnel-log.txt

[POP3 Incoming]
#Accept connections on port 110 and send to Microsoft Online on port 995 over SSL
accept =
connect =

[SMTP Outgoing]
#Accept connections on port 25 and send to Microsoft Online on port 587 over TLS
protocol = smtp
accept =
connect =