Problem setting up smtp relay Windows Server 2008 r2

I am trying to get a smtp relay that I set up on a windows 2008 r2 server to work, and not having luck.  Installation went fine, it is the actual configuration of the relay parameters that may be my issue.  This relay is to be used by internal IoT devices for notifications, etc, outbound only. Destination is smtp port on hosted Exchange server offered by mail provider.

I'm attempting to use TLS encryption, with account login for the destination smtp server.  Most of the settings are pretty straightforward, but the section on domain information is not clear to me, as this is an internal server xxx.local.

Anyone out there familiar with this scenario?

There is a possibility that my mail provider is not accepting my mail, but I don't have any way of knowing for sure where I stand. Just know that these mail tests from one of the devices is not going out.

Thanks!
jtdalyAsked:
Who is Participating?
 
Bill BachPresidentCommented:
Both of the above suggestions are great.  Although the Internet generally frowns on open relays due to spam, you CAN set up an open SMTP relay on your internal network as recommended by ArneLovius, and configure it to relay any requests from the local LAN segment without issues.  This would not only simplify the SMTP gateway configuration, but it would also simplify the configuration on each of your IoT devices, as you won't need to enter credentials for each device.

As BugDurland recommended, enabling logging is also very helpful, as it will show you when messages are being received and where they are being forwarded to in a simple text format, giving you a lot more information about what is going wrong.

However, let's take care of the last part: "I don't have any way of knowing for sure".  An SMTP relay has two halves -- receiving the message and forwarding it along.  The logs will tell you if either is working.  However, you can eliminate the IoT devices from the mix and test it yourself with TELNET.  The process is fairly simple:
- Install the Telnet client, if not already installed on a workstation.
- From a command prompt, "TELNET <server> 25" where <server> is the servername you are entering in the IoT device configs.
- If this fails to connect, then you may have a name resolution or firewall problem, so fix those. Otherwise, you should get a welcome message.
- If you get a reply, then type "EHLO <yourmaildomain>" and press enter. You should get an OK reply.
- Type "MAIL FROM:<account>@<youremaildomain>" -- again, use the account configured on the IoT devices as a test.  You should get another OK message.
- Type "RCPT TO:<target>@<youremaildomain>" -- this time, use the target Email address.  You should get another OK message.
- Type "DATA" and hit enter to start sending the message itself.
- Type "Subject: Test", or whatever you want the subject to be.
- Enter whatever body text you want, but a simple "Test" is usually sufficient.
- When done, type a period on a blank line and hit enter.
At this point, the SMTP gateway will accept your message and happily forward it along.  You can type "QUIT" to close the SMTP connection.

With the above, you now have a manual way to eliminate the IoT devices from the testing mix.  However, you can do one better.  On the Windows server, download and install Wireshark (www.wireshark.org).  Set up a simple packet capture using the capture filter of "port 25".  This will trap EVERY packet going in and out of TCP port 25, and you'll then be able to watch the packets go back and forth, both from the telnet window AND from the outbound relay.  Note, though, that DNS issues won't be captured here, so another option is to use an empty capture filter, and then look at ALL of the network packets going in and out of the server, which might help you find a different issue altogether.  Note, though, that if you are using RDP to connect to the server, the network packets for RDP will all be captured -- in that case, add the capture filter of "port not 3389", and these will be filtered out.

Once you capture the network data, dig through each packet -- you now know how SMTP is supposed to look, and it should be a simple matter to see where the process is breaking from here, and you've got some great troubleshooting skills for the next problem you have to face.
0
 
ArneLoviusCommented:
Rather than use authenticated send from your 2008r2 relay, why not just treat it as an outbound email server with appropriate domain and spf records etc ?
0
 
BudDurlandCommented:
First, enable logging on the SMTP service so you can see what's happening when it tries to connect to the hosted exchange server.  The 'domain' in this case is the e-mail domain, not the AD domain, so if the IoT device is sending mail as 'IoTDevice@example.com', the domain for the SMTP relay is 'example.com'
0
 
jtdalyAuthor Commented:
Good suggestion guys, I'm going to do some manual sending and review the logs. I suspect the domain entries could be my area of problem as that was the one portion I was a little unsure of. We'll see.
0
 
jtdalyAuthor Commented:
Thanks guys, sorry for the delayed response but did get it working after further understanding smtp host site security requirements. Apparently in addition to authentication login credentials, the "From" name must be a legit name in the email accounts they host for my client.  Weird, I thought that would not be an additional criteria, it does mess up the IoT emails a bit as all of the emails that are using the smtp relay appear to come from the same user Name.
Appreciate the help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.