SMTP problem

Windows Server 2008 Domain with IIS and smtp enabled and no Exchange server or other email Server installed


I am using an smtp testing app. With anonymous access enabled, it finds the smtp server I entered and the test email gets sent. The test email is getting sent to an address outside of the Domain. With basic authentication or windows authentication set in the smtp server properties, it fails, even though I enter the domain administrator and password into the smtp test app. I have entered in the smtp server's ip address in the list of addresses that can relay. Ultimately, i want to send Sharepoint email alerts out from the smtp server to external email addresses Any ideas? Thanks.
LVL 9
BobHavertyComhAsked:
Who is Participating?
 
Justin SmithSr. System EngineerCommented:
Again, you are stating you want to use authentication because if you use anon, it will allow anyone to relay.  You are incorrect.  

SharePoint, unless you do some trickery, needs to use anon access.  There is no out of the box way for SharePoint to authenticate against an SMTP server.  You shouldn't be venturing down that path.

I don't give specifics on your problem because it's a problem you created, not SharePoint.  Just like I stated in my original response, you are making it more difficult than it needs to be.  You shouldn't use authentication for outbound SMTP traffic, period.  There isn't a need for it, and SharePoint doesn't support it by default.

Again, final answer:  You should enable anon access, and only allow relay from the local server (both are configuration settings on the SMTP service).  This will prevent any user from relaying.  Only messages generated from SharePoint will be allowed to be sent.

Clear?
0
 
Yagya ShreeCommented:
Hi,

You question is just answered by us in below question. Please have a look

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/MS-SharePoint/Q_27975288.html
0
 
BobHavertyComhAuthor Commented:
I think my question is about why I can't send emails of any type (even using an smtp test program rather than Sharepoint) unless I have anonymous access enabled, rather than asking if smtp can send sharepoint alerts as per my past question. I can't keep the anonymous access on for obvious reasons. After I have my basic smtp debugged and proven, then I will worry about sharepoint sending out alerts
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Yagya ShreeCommented:
Please have a look into below link:

Windows Server 2008 : Configuring SMTP (part 4) - Securing Access to an SMTP Virtual Server

http://mscerts.programming4.us/windows_server/windows%20server%202008%20%20%20configuring%20smtp%20(part%204)%20-%20securing%20access%20to%20an%20smtp%20virtual%20server.aspx
0
 
BobHavertyComhAuthor Commented:
Hi, yagyagree, thank you for the link. I am familiar with the smtp set up and relaying. I do not wish to leave anonymous access on and wish to use windows authentication for anybody connecting to the smtp server to prevent relaying of outside parties. The smtp service exists on the same machine as the DC. So I set it to be the only ip address that can relay. (basically set itself as the only address that can relay). I use a smtp test program. If anonymous access is enabled, the test software gets no errors. If I set smtp for windows authentication only, and within the test entry form, I provide the correct username and password of the default administrator's account, it fails. The test software tells me that authentication failed, and I'm assuming it means it couldn't authenticate with the smtp server. Is there some sort of smtp related group that I need to add the default admin account to?
0
 
ScobberCommented:
To use Integrated Windows authentication to authenticate incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Basic Authentication check box.

For tighter security enable TLS. but do your testing before doing this.
Also set the default domain to the AD domain.

From the Help File:
"Using Integrated Authentication requires a client that supports this. Your actual password is not exchanged."
0
 
BobHavertyComhAuthor Commented:
Hi Scobber. I went from windows auth to basic security and in both instances used the domain admin account and password. They both fail when using an smtp test tool downloaded on the same machine as smtp server. Basic says it can't authorize the client, Auth says unrecognized authentication method. Also note, I will not be receiving any incoming mail and 25 is closed, so this is strictly a sending problem. Since I will be receiving no incoming email and 25 is closed, can I leave this setting on anonymous access and a relay setting that only allows the smtp machine? I would still prefer to get windows auth to work as eventually, i will be sending out sharepoint alerts while receiving no incoming mail
0
 
Justin SmithSr. System EngineerCommented:
Bob - in my opinion, you are making this way more difficult than it needs to be.  It seems like I've seen around 4 questions that you've opened related to outbound SMTP traffic in SharePoint.  This is one of the simplest topics in SharePoint...outbound email.  All you need is to start the SMTP service on a web server and point your Outgoing Email in Central Admin to that server.  That's it.  No need for dabbling with anonymous or authenticated testing, it will just work.  

I've set up probably 50 SharePoint 2010 farms, almost all of them using outbound email, and lots of those using the SMTP service on the local web server.  None of them have issue at all, it just works.

So my question back to you, why are you messing with basic/windows auth on your SMTP server?
0
 
BobHavertyComhAuthor Commented:
I'm messing with it because as I understand it, if leave it set to anonymous access, I open myself up to spam relaying through my server which will cause my domain to be blacklisted. Do you have this opened on your 50 sites and have never been blacklisted or had any anonymous sources relay mail through your server?..
0
 
Justin SmithSr. System EngineerCommented:
Just allow relay from your local server. Done.
0
 
BobHavertyComhAuthor Commented:
No, if I allow anonymous access for the relay then other external sources can relay spam through my email server and I will be blacklisted. I said that anonymous access works but that I can't use that and windows or basic authentication does not work, but that is the settings that I need to use.
0
 
BobHavertyComhAuthor Commented:
I've requested that this question be deleted for the following reason:

I don't think that anyone thoroughly read my question nor seem to be willing to do so. None of them addressed the fact that I clearly mentioned that I am not having problems when the relay is set to anonymous access, but instead when basic or windows authentication is required. Since this question sounded similar to others I have recently asked, nobody seems to be willing to actually read the details that actually make my question different. So I'm stuck at this point. Their answers were not acceptable because they did not address the fact that I have to use windows authentication for the relay and it is not working. Their answer involved using anonymous access when I have clearly explained that I can't use that because it is not properly secure. So I give up.
0
 
Justin SmithSr. System EngineerCommented:
How can anyone relay from your server, if you only allow relay requests from the local server?  Someone can't make a relay request from their laptop, or server, if you only allow the local server to send messages.   I've set this up countless times for even large enterprises.

You can't just delete this question because you don't accept the answer.
0
 
BobHavertyComhAuthor Commented:
Well when you say just set up the server for relay, you're not being clear at all about authentication. The default is anonymous access. Here are copy and pastes from my original post

"I am using an smtp testing app. With anonymous access enabled, it finds the smtp server I entered and the test email gets sent. The test email is getting sent to an address outside of the Domain. With basic authentication or windows authentication set in the smtp server properties, it fails, even though I enter the domain administrator and password into the smtp test app"


So this means I am trying to send things to my local smtp server for delivery. Ultimately i will be sending sharepoint alerts to the smtp server, but for right now I am using an smtp test app to debug. I don't want to open up anonymous access for relays, but if I set it to anonymous access, my smtp app can succeed. Now the app is probably not capable of windows auth, but it should be capable of basic authentication if I set the smtp server to allow relays but with basic authentication. Using my smtp test app, basic authentication gets rejected, and of course, windows auth does as well.

So when you tell me to simply enable relaying, it doesn't say anything about the actual specifics of my problem
0
 
BobHavertyComhAuthor Commented:
That's a lot different than your past answers which just said to allow relaying. Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.