Solved

SMTP problem

Posted on 2012-12-21
15
529 Views
Last Modified: 2012-12-28
Windows Server 2008 Domain with IIS and smtp enabled and no Exchange server or other email Server installed


I am using an smtp testing app. With anonymous access enabled, it finds the smtp server I entered and the test email gets sent. The test email is getting sent to an address outside of the Domain. With basic authentication or windows authentication set in the smtp server properties, it fails, even though I enter the domain administrator and password into the smtp test app. I have entered in the smtp server's ip address in the list of addresses that can relay. Ultimately, i want to send Sharepoint email alerts out from the smtp server to external email addresses Any ideas? Thanks.
0
Comment
Question by:BobHavertyComh
  • 8
  • 4
  • 2
  • +1
15 Comments
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38714429
Hi,

You question is just answered by us in below question. Please have a look

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/MS-SharePoint/Q_27975288.html
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38714467
I think my question is about why I can't send emails of any type (even using an smtp test program rather than Sharepoint) unless I have anonymous access enabled, rather than asking if smtp can send sharepoint alerts as per my past question. I can't keep the anonymous access on for obvious reasons. After I have my basic smtp debugged and proven, then I will worry about sharepoint sending out alerts
0
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38714534
Please have a look into below link:

Windows Server 2008 : Configuring SMTP (part 4) - Securing Access to an SMTP Virtual Server

http://mscerts.programming4.us/windows_server/windows%20server%202008%20%20%20configuring%20smtp%20(part%204)%20-%20securing%20access%20to%20an%20smtp%20virtual%20server.aspx
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38715388
Hi, yagyagree, thank you for the link. I am familiar with the smtp set up and relaying. I do not wish to leave anonymous access on and wish to use windows authentication for anybody connecting to the smtp server to prevent relaying of outside parties. The smtp service exists on the same machine as the DC. So I set it to be the only ip address that can relay. (basically set itself as the only address that can relay). I use a smtp test program. If anonymous access is enabled, the test software gets no errors. If I set smtp for windows authentication only, and within the test entry form, I provide the correct username and password of the default administrator's account, it fails. The test software tells me that authentication failed, and I'm assuming it means it couldn't authenticate with the smtp server. Is there some sort of smtp related group that I need to add the default admin account to?
0
 
LVL 7

Expert Comment

by:Scobber
ID: 38715442
To use Integrated Windows authentication to authenticate incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Basic Authentication check box.

For tighter security enable TLS. but do your testing before doing this.
Also set the default domain to the AD domain.

From the Help File:
"Using Integrated Authentication requires a client that supports this. Your actual password is not exchanged."
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38715456
Hi Scobber. I went from windows auth to basic security and in both instances used the domain admin account and password. They both fail when using an smtp test tool downloaded on the same machine as smtp server. Basic says it can't authorize the client, Auth says unrecognized authentication method. Also note, I will not be receiving any incoming mail and 25 is closed, so this is strictly a sending problem. Since I will be receiving no incoming email and 25 is closed, can I leave this setting on anonymous access and a relay setting that only allows the smtp machine? I would still prefer to get windows auth to work as eventually, i will be sending out sharepoint alerts while receiving no incoming mail
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38715960
Bob - in my opinion, you are making this way more difficult than it needs to be.  It seems like I've seen around 4 questions that you've opened related to outbound SMTP traffic in SharePoint.  This is one of the simplest topics in SharePoint...outbound email.  All you need is to start the SMTP service on a web server and point your Outgoing Email in Central Admin to that server.  That's it.  No need for dabbling with anonymous or authenticated testing, it will just work.  

I've set up probably 50 SharePoint 2010 farms, almost all of them using outbound email, and lots of those using the SMTP service on the local web server.  None of them have issue at all, it just works.

So my question back to you, why are you messing with basic/windows auth on your SMTP server?
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38716364
I'm messing with it because as I understand it, if leave it set to anonymous access, I open myself up to spam relaying through my server which will cause my domain to be blacklisted. Do you have this opened on your 50 sites and have never been blacklisted or had any anonymous sources relay mail through your server?..
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38717238
Just allow relay from your local server. Done.
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38727411
No, if I allow anonymous access for the relay then other external sources can relay spam through my email server and I will be blacklisted. I said that anonymous access works but that I can't use that and windows or basic authentication does not work, but that is the settings that I need to use.
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38727473
I've requested that this question be deleted for the following reason:

I don't think that anyone thoroughly read my question nor seem to be willing to do so. None of them addressed the fact that I clearly mentioned that I am not having problems when the relay is set to anonymous access, but instead when basic or windows authentication is required. Since this question sounded similar to others I have recently asked, nobody seems to be willing to actually read the details that actually make my question different. So I'm stuck at this point. Their answers were not acceptable because they did not address the fact that I have to use windows authentication for the relay and it is not working. Their answer involved using anonymous access when I have clearly explained that I can't use that because it is not properly secure. So I give up.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38727474
How can anyone relay from your server, if you only allow relay requests from the local server?  Someone can't make a relay request from their laptop, or server, if you only allow the local server to send messages.   I've set this up countless times for even large enterprises.

You can't just delete this question because you don't accept the answer.
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38727620
Well when you say just set up the server for relay, you're not being clear at all about authentication. The default is anonymous access. Here are copy and pastes from my original post

"I am using an smtp testing app. With anonymous access enabled, it finds the smtp server I entered and the test email gets sent. The test email is getting sent to an address outside of the Domain. With basic authentication or windows authentication set in the smtp server properties, it fails, even though I enter the domain administrator and password into the smtp test app"


So this means I am trying to send things to my local smtp server for delivery. Ultimately i will be sending sharepoint alerts to the smtp server, but for right now I am using an smtp test app to debug. I don't want to open up anonymous access for relays, but if I set it to anonymous access, my smtp app can succeed. Now the app is probably not capable of windows auth, but it should be capable of basic authentication if I set the smtp server to allow relays but with basic authentication. Using my smtp test app, basic authentication gets rejected, and of course, windows auth does as well.

So when you tell me to simply enable relaying, it doesn't say anything about the actual specifics of my problem
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 500 total points
ID: 38727658
Again, you are stating you want to use authentication because if you use anon, it will allow anyone to relay.  You are incorrect.  

SharePoint, unless you do some trickery, needs to use anon access.  There is no out of the box way for SharePoint to authenticate against an SMTP server.  You shouldn't be venturing down that path.

I don't give specifics on your problem because it's a problem you created, not SharePoint.  Just like I stated in my original response, you are making it more difficult than it needs to be.  You shouldn't use authentication for outbound SMTP traffic, period.  There isn't a need for it, and SharePoint doesn't support it by default.

Again, final answer:  You should enable anon access, and only allow relay from the local server (both are configuration settings on the SMTP service).  This will prevent any user from relaying.  Only messages generated from SharePoint will be allowed to be sent.

Clear?
0
 
LVL 9

Author Closing Comment

by:BobHavertyComh
ID: 38727687
That's a lot different than your past answers which just said to allow relaying. Thank you.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question