Solved

SMTP problem

Posted on 2012-12-21
15
504 Views
Last Modified: 2012-12-28
Windows Server 2008 Domain with IIS and smtp enabled and no Exchange server or other email Server installed


I am using an smtp testing app. With anonymous access enabled, it finds the smtp server I entered and the test email gets sent. The test email is getting sent to an address outside of the Domain. With basic authentication or windows authentication set in the smtp server properties, it fails, even though I enter the domain administrator and password into the smtp test app. I have entered in the smtp server's ip address in the list of addresses that can relay. Ultimately, i want to send Sharepoint email alerts out from the smtp server to external email addresses Any ideas? Thanks.
0
Comment
Question by:BobHavertyComh
  • 8
  • 4
  • 2
  • +1
15 Comments
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38714429
Hi,

You question is just answered by us in below question. Please have a look

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/MS-SharePoint/Q_27975288.html
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38714467
I think my question is about why I can't send emails of any type (even using an smtp test program rather than Sharepoint) unless I have anonymous access enabled, rather than asking if smtp can send sharepoint alerts as per my past question. I can't keep the anonymous access on for obvious reasons. After I have my basic smtp debugged and proven, then I will worry about sharepoint sending out alerts
0
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38714534
Please have a look into below link:

Windows Server 2008 : Configuring SMTP (part 4) - Securing Access to an SMTP Virtual Server

http://mscerts.programming4.us/windows_server/windows%20server%202008%20%20%20configuring%20smtp%20(part%204)%20-%20securing%20access%20to%20an%20smtp%20virtual%20server.aspx
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38715388
Hi, yagyagree, thank you for the link. I am familiar with the smtp set up and relaying. I do not wish to leave anonymous access on and wish to use windows authentication for anybody connecting to the smtp server to prevent relaying of outside parties. The smtp service exists on the same machine as the DC. So I set it to be the only ip address that can relay. (basically set itself as the only address that can relay). I use a smtp test program. If anonymous access is enabled, the test software gets no errors. If I set smtp for windows authentication only, and within the test entry form, I provide the correct username and password of the default administrator's account, it fails. The test software tells me that authentication failed, and I'm assuming it means it couldn't authenticate with the smtp server. Is there some sort of smtp related group that I need to add the default admin account to?
0
 
LVL 7

Expert Comment

by:Scobber
ID: 38715442
To use Integrated Windows authentication to authenticate incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Basic Authentication check box.

For tighter security enable TLS. but do your testing before doing this.
Also set the default domain to the AD domain.

From the Help File:
"Using Integrated Authentication requires a client that supports this. Your actual password is not exchanged."
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38715456
Hi Scobber. I went from windows auth to basic security and in both instances used the domain admin account and password. They both fail when using an smtp test tool downloaded on the same machine as smtp server. Basic says it can't authorize the client, Auth says unrecognized authentication method. Also note, I will not be receiving any incoming mail and 25 is closed, so this is strictly a sending problem. Since I will be receiving no incoming email and 25 is closed, can I leave this setting on anonymous access and a relay setting that only allows the smtp machine? I would still prefer to get windows auth to work as eventually, i will be sending out sharepoint alerts while receiving no incoming mail
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38715960
Bob - in my opinion, you are making this way more difficult than it needs to be.  It seems like I've seen around 4 questions that you've opened related to outbound SMTP traffic in SharePoint.  This is one of the simplest topics in SharePoint...outbound email.  All you need is to start the SMTP service on a web server and point your Outgoing Email in Central Admin to that server.  That's it.  No need for dabbling with anonymous or authenticated testing, it will just work.  

I've set up probably 50 SharePoint 2010 farms, almost all of them using outbound email, and lots of those using the SMTP service on the local web server.  None of them have issue at all, it just works.

So my question back to you, why are you messing with basic/windows auth on your SMTP server?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38716364
I'm messing with it because as I understand it, if leave it set to anonymous access, I open myself up to spam relaying through my server which will cause my domain to be blacklisted. Do you have this opened on your 50 sites and have never been blacklisted or had any anonymous sources relay mail through your server?..
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38717238
Just allow relay from your local server. Done.
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38727411
No, if I allow anonymous access for the relay then other external sources can relay spam through my email server and I will be blacklisted. I said that anonymous access works but that I can't use that and windows or basic authentication does not work, but that is the settings that I need to use.
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38727473
I've requested that this question be deleted for the following reason:

I don't think that anyone thoroughly read my question nor seem to be willing to do so. None of them addressed the fact that I clearly mentioned that I am not having problems when the relay is set to anonymous access, but instead when basic or windows authentication is required. Since this question sounded similar to others I have recently asked, nobody seems to be willing to actually read the details that actually make my question different. So I'm stuck at this point. Their answers were not acceptable because they did not address the fact that I have to use windows authentication for the relay and it is not working. Their answer involved using anonymous access when I have clearly explained that I can't use that because it is not properly secure. So I give up.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 38727474
How can anyone relay from your server, if you only allow relay requests from the local server?  Someone can't make a relay request from their laptop, or server, if you only allow the local server to send messages.   I've set this up countless times for even large enterprises.

You can't just delete this question because you don't accept the answer.
0
 
LVL 9

Author Comment

by:BobHavertyComh
ID: 38727620
Well when you say just set up the server for relay, you're not being clear at all about authentication. The default is anonymous access. Here are copy and pastes from my original post

"I am using an smtp testing app. With anonymous access enabled, it finds the smtp server I entered and the test email gets sent. The test email is getting sent to an address outside of the Domain. With basic authentication or windows authentication set in the smtp server properties, it fails, even though I enter the domain administrator and password into the smtp test app"


So this means I am trying to send things to my local smtp server for delivery. Ultimately i will be sending sharepoint alerts to the smtp server, but for right now I am using an smtp test app to debug. I don't want to open up anonymous access for relays, but if I set it to anonymous access, my smtp app can succeed. Now the app is probably not capable of windows auth, but it should be capable of basic authentication if I set the smtp server to allow relays but with basic authentication. Using my smtp test app, basic authentication gets rejected, and of course, windows auth does as well.

So when you tell me to simply enable relaying, it doesn't say anything about the actual specifics of my problem
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 500 total points
ID: 38727658
Again, you are stating you want to use authentication because if you use anon, it will allow anyone to relay.  You are incorrect.  

SharePoint, unless you do some trickery, needs to use anon access.  There is no out of the box way for SharePoint to authenticate against an SMTP server.  You shouldn't be venturing down that path.

I don't give specifics on your problem because it's a problem you created, not SharePoint.  Just like I stated in my original response, you are making it more difficult than it needs to be.  You shouldn't use authentication for outbound SMTP traffic, period.  There isn't a need for it, and SharePoint doesn't support it by default.

Again, final answer:  You should enable anon access, and only allow relay from the local server (both are configuration settings on the SMTP service).  This will prevent any user from relaying.  Only messages generated from SharePoint will be allowed to be sent.

Clear?
0
 
LVL 9

Author Closing Comment

by:BobHavertyComh
ID: 38727687
That's a lot different than your past answers which just said to allow relaying. Thank you.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now