Link to home
Start Free TrialLog in
Avatar of Arnold Layne
Arnold LayneFlag for United States of America

asked on

SMTP problem

Windows Server 2008 Domain with IIS and smtp enabled and no Exchange server or other email Server installed

I am using an smtp testing app. With anonymous access enabled, it finds the smtp server I entered and the test email gets sent. The test email is getting sent to an address outside of the Domain. With basic authentication or windows authentication set in the smtp server properties, it fails, even though I enter the domain administrator and password into the smtp test app. I have entered in the smtp server's ip address in the list of addresses that can relay. Ultimately, i want to send Sharepoint email alerts out from the smtp server to external email addresses Any ideas? Thanks.
Avatar of Yagya Shree
Yagya Shree
Flag of India image


You question is just answered by us in below question. Please have a look
Avatar of Arnold Layne


I think my question is about why I can't send emails of any type (even using an smtp test program rather than Sharepoint) unless I have anonymous access enabled, rather than asking if smtp can send sharepoint alerts as per my past question. I can't keep the anonymous access on for obvious reasons. After I have my basic smtp debugged and proven, then I will worry about sharepoint sending out alerts
Please have a look into below link:

Windows Server 2008 : Configuring SMTP (part 4) - Securing Access to an SMTP Virtual Server
Hi, yagyagree, thank you for the link. I am familiar with the smtp set up and relaying. I do not wish to leave anonymous access on and wish to use windows authentication for anybody connecting to the smtp server to prevent relaying of outside parties. The smtp service exists on the same machine as the DC. So I set it to be the only ip address that can relay. (basically set itself as the only address that can relay). I use a smtp test program. If anonymous access is enabled, the test software gets no errors. If I set smtp for windows authentication only, and within the test entry form, I provide the correct username and password of the default administrator's account, it fails. The test software tells me that authentication failed, and I'm assuming it means it couldn't authenticate with the smtp server. Is there some sort of smtp related group that I need to add the default admin account to?
To use Integrated Windows authentication to authenticate incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Basic Authentication check box.

For tighter security enable TLS. but do your testing before doing this.
Also set the default domain to the AD domain.

From the Help File:
"Using Integrated Authentication requires a client that supports this. Your actual password is not exchanged."
Hi Scobber. I went from windows auth to basic security and in both instances used the domain admin account and password. They both fail when using an smtp test tool downloaded on the same machine as smtp server. Basic says it can't authorize the client, Auth says unrecognized authentication method. Also note, I will not be receiving any incoming mail and 25 is closed, so this is strictly a sending problem. Since I will be receiving no incoming email and 25 is closed, can I leave this setting on anonymous access and a relay setting that only allows the smtp machine? I would still prefer to get windows auth to work as eventually, i will be sending out sharepoint alerts while receiving no incoming mail
Bob - in my opinion, you are making this way more difficult than it needs to be.  It seems like I've seen around 4 questions that you've opened related to outbound SMTP traffic in SharePoint.  This is one of the simplest topics in SharePoint...outbound email.  All you need is to start the SMTP service on a web server and point your Outgoing Email in Central Admin to that server.  That's it.  No need for dabbling with anonymous or authenticated testing, it will just work.  

I've set up probably 50 SharePoint 2010 farms, almost all of them using outbound email, and lots of those using the SMTP service on the local web server.  None of them have issue at all, it just works.

So my question back to you, why are you messing with basic/windows auth on your SMTP server?
I'm messing with it because as I understand it, if leave it set to anonymous access, I open myself up to spam relaying through my server which will cause my domain to be blacklisted. Do you have this opened on your 50 sites and have never been blacklisted or had any anonymous sources relay mail through your server?..
Just allow relay from your local server. Done.
No, if I allow anonymous access for the relay then other external sources can relay spam through my email server and I will be blacklisted. I said that anonymous access works but that I can't use that and windows or basic authentication does not work, but that is the settings that I need to use.
I've requested that this question be deleted for the following reason:

I don't think that anyone thoroughly read my question nor seem to be willing to do so. None of them addressed the fact that I clearly mentioned that I am not having problems when the relay is set to anonymous access, but instead when basic or windows authentication is required. Since this question sounded similar to others I have recently asked, nobody seems to be willing to actually read the details that actually make my question different. So I'm stuck at this point. Their answers were not acceptable because they did not address the fact that I have to use windows authentication for the relay and it is not working. Their answer involved using anonymous access when I have clearly explained that I can't use that because it is not properly secure. So I give up.
How can anyone relay from your server, if you only allow relay requests from the local server?  Someone can't make a relay request from their laptop, or server, if you only allow the local server to send messages.   I've set this up countless times for even large enterprises.

You can't just delete this question because you don't accept the answer.
Well when you say just set up the server for relay, you're not being clear at all about authentication. The default is anonymous access. Here are copy and pastes from my original post

"I am using an smtp testing app. With anonymous access enabled, it finds the smtp server I entered and the test email gets sent. The test email is getting sent to an address outside of the Domain. With basic authentication or windows authentication set in the smtp server properties, it fails, even though I enter the domain administrator and password into the smtp test app"

So this means I am trying to send things to my local smtp server for delivery. Ultimately i will be sending sharepoint alerts to the smtp server, but for right now I am using an smtp test app to debug. I don't want to open up anonymous access for relays, but if I set it to anonymous access, my smtp app can succeed. Now the app is probably not capable of windows auth, but it should be capable of basic authentication if I set the smtp server to allow relays but with basic authentication. Using my smtp test app, basic authentication gets rejected, and of course, windows auth does as well.

So when you tell me to simply enable relaying, it doesn't say anything about the actual specifics of my problem
Avatar of Justin Smith
Justin Smith
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
That's a lot different than your past answers which just said to allow relaying. Thank you.