Here is the SMTP Email relay server we set up so it never goes down with cloud provider changes.
Download/Install HMAIL on a always on Windows server or PC that has a static INTERNAL IP
https://www.hmailserver.com/download (Attached to this Article below)
Set it up to allow RELAY out (Network should be your internal network)
Because it's internal you can turn off authentication so anything can relay through it (Copiers, Phones, Local Programs, etc.)
You need to add the outside Internet WAN IP address to your SPF record for the domain name being relayed. For example ITI's SPF record is this with the highlighted part the external IP your relay can use. This tells the world that the email is legit.
YOU DO NOT NEED A INBOUND FIREWALL RULE, DO NOT CREATE AN INBOUND FIREWALL RULE TO YOUR HMAIL RELAY SERVER. Just keep it behind the firewall like every other device on your network. If you block SMTP out by default, you will need to open up SMTP OUTBOUND for the HMAIL server. By default SMTP is NOT BLOCKED by default outbound firewall rules.
Alternatively if all of the emails are going to a domain you control you can whitelist your Internet WAN IP in your domain's mail settings (O365/Google Workspace).
On the client side you would use these settings.
SMTP Server: [TheServerYouInstalledHmailOn]
SMTP Port: 25
TLS: no
SSL: no
Authentication: none.
A note: So email going from the phone system to the relay server will be unencrypted on your local LAN, but when HMAIL relays it to the email provider like O365/Google it will transfer there securely (TLS) over the internet. As shown in this log snip.
