Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SMTP problem

Posted on 2012-12-21
15
Medium Priority
?
545 Views
Last Modified: 2012-12-28
Windows Server 2008 Domain with IIS and smtp enabled and no Exchange server or other email Server installed


I am using an smtp testing app. With anonymous access enabled, it finds the smtp server I entered and the test email gets sent. The test email is getting sent to an address outside of the Domain. With basic authentication or windows authentication set in the smtp server properties, it fails, even though I enter the domain administrator and password into the smtp test app. I have entered in the smtp server's ip address in the list of addresses that can relay. Ultimately, i want to send Sharepoint email alerts out from the smtp server to external email addresses Any ideas? Thanks.
0
Comment
Question by:BobHavertyComh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 2
  • +1
15 Comments
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38714429
Hi,

You question is just answered by us in below question. Please have a look

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/MS-SharePoint/Q_27975288.html
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38714467
I think my question is about why I can't send emails of any type (even using an smtp test program rather than Sharepoint) unless I have anonymous access enabled, rather than asking if smtp can send sharepoint alerts as per my past question. I can't keep the anonymous access on for obvious reasons. After I have my basic smtp debugged and proven, then I will worry about sharepoint sending out alerts
0
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38714534
Please have a look into below link:

Windows Server 2008 : Configuring SMTP (part 4) - Securing Access to an SMTP Virtual Server

http://mscerts.programming4.us/windows_server/windows%20server%202008%20%20%20configuring%20smtp%20(part%204)%20-%20securing%20access%20to%20an%20smtp%20virtual%20server.aspx
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38715388
Hi, yagyagree, thank you for the link. I am familiar with the smtp set up and relaying. I do not wish to leave anonymous access on and wish to use windows authentication for anybody connecting to the smtp server to prevent relaying of outside parties. The smtp service exists on the same machine as the DC. So I set it to be the only ip address that can relay. (basically set itself as the only address that can relay). I use a smtp test program. If anonymous access is enabled, the test software gets no errors. If I set smtp for windows authentication only, and within the test entry form, I provide the correct username and password of the default administrator's account, it fails. The test software tells me that authentication failed, and I'm assuming it means it couldn't authenticate with the smtp server. Is there some sort of smtp related group that I need to add the default admin account to?
0
 
LVL 7

Expert Comment

by:Scobber
ID: 38715442
To use Integrated Windows authentication to authenticate incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Basic Authentication check box.

For tighter security enable TLS. but do your testing before doing this.
Also set the default domain to the AD domain.

From the Help File:
"Using Integrated Authentication requires a client that supports this. Your actual password is not exchanged."
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38715456
Hi Scobber. I went from windows auth to basic security and in both instances used the domain admin account and password. They both fail when using an smtp test tool downloaded on the same machine as smtp server. Basic says it can't authorize the client, Auth says unrecognized authentication method. Also note, I will not be receiving any incoming mail and 25 is closed, so this is strictly a sending problem. Since I will be receiving no incoming email and 25 is closed, can I leave this setting on anonymous access and a relay setting that only allows the smtp machine? I would still prefer to get windows auth to work as eventually, i will be sending out sharepoint alerts while receiving no incoming mail
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38715960
Bob - in my opinion, you are making this way more difficult than it needs to be.  It seems like I've seen around 4 questions that you've opened related to outbound SMTP traffic in SharePoint.  This is one of the simplest topics in SharePoint...outbound email.  All you need is to start the SMTP service on a web server and point your Outgoing Email in Central Admin to that server.  That's it.  No need for dabbling with anonymous or authenticated testing, it will just work.  

I've set up probably 50 SharePoint 2010 farms, almost all of them using outbound email, and lots of those using the SMTP service on the local web server.  None of them have issue at all, it just works.

So my question back to you, why are you messing with basic/windows auth on your SMTP server?
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38716364
I'm messing with it because as I understand it, if leave it set to anonymous access, I open myself up to spam relaying through my server which will cause my domain to be blacklisted. Do you have this opened on your 50 sites and have never been blacklisted or had any anonymous sources relay mail through your server?..
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38717238
Just allow relay from your local server. Done.
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38727411
No, if I allow anonymous access for the relay then other external sources can relay spam through my email server and I will be blacklisted. I said that anonymous access works but that I can't use that and windows or basic authentication does not work, but that is the settings that I need to use.
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38727473
I've requested that this question be deleted for the following reason:

I don't think that anyone thoroughly read my question nor seem to be willing to do so. None of them addressed the fact that I clearly mentioned that I am not having problems when the relay is set to anonymous access, but instead when basic or windows authentication is required. Since this question sounded similar to others I have recently asked, nobody seems to be willing to actually read the details that actually make my question different. So I'm stuck at this point. Their answers were not acceptable because they did not address the fact that I have to use windows authentication for the relay and it is not working. Their answer involved using anonymous access when I have clearly explained that I can't use that because it is not properly secure. So I give up.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38727474
How can anyone relay from your server, if you only allow relay requests from the local server?  Someone can't make a relay request from their laptop, or server, if you only allow the local server to send messages.   I've set this up countless times for even large enterprises.

You can't just delete this question because you don't accept the answer.
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38727620
Well when you say just set up the server for relay, you're not being clear at all about authentication. The default is anonymous access. Here are copy and pastes from my original post

"I am using an smtp testing app. With anonymous access enabled, it finds the smtp server I entered and the test email gets sent. The test email is getting sent to an address outside of the Domain. With basic authentication or windows authentication set in the smtp server properties, it fails, even though I enter the domain administrator and password into the smtp test app"


So this means I am trying to send things to my local smtp server for delivery. Ultimately i will be sending sharepoint alerts to the smtp server, but for right now I am using an smtp test app to debug. I don't want to open up anonymous access for relays, but if I set it to anonymous access, my smtp app can succeed. Now the app is probably not capable of windows auth, but it should be capable of basic authentication if I set the smtp server to allow relays but with basic authentication. Using my smtp test app, basic authentication gets rejected, and of course, windows auth does as well.

So when you tell me to simply enable relaying, it doesn't say anything about the actual specifics of my problem
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 2000 total points
ID: 38727658
Again, you are stating you want to use authentication because if you use anon, it will allow anyone to relay.  You are incorrect.  

SharePoint, unless you do some trickery, needs to use anon access.  There is no out of the box way for SharePoint to authenticate against an SMTP server.  You shouldn't be venturing down that path.

I don't give specifics on your problem because it's a problem you created, not SharePoint.  Just like I stated in my original response, you are making it more difficult than it needs to be.  You shouldn't use authentication for outbound SMTP traffic, period.  There isn't a need for it, and SharePoint doesn't support it by default.

Again, final answer:  You should enable anon access, and only allow relay from the local server (both are configuration settings on the SMTP service).  This will prevent any user from relaying.  Only messages generated from SharePoint will be allowed to be sent.

Clear?
0
 
LVL 9

Author Closing Comment

by:BobHavertyComh
ID: 38727687
That's a lot different than your past answers which just said to allow relaying. Thank you.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A while back, I ran into a situation where I was trying to use the calculated columns feature in SharePoint 2013 to do some simple math using values in two lists. Between certain data types not being accessible, and also with trying to make a one to…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question