SMTP authentication from a seperate server running IIS SMTP service
I am trying to set up Sharepoint 2010 authentication (it defaults as anonymous meaning distribution lists in 2010 by default will reject the email!). To do this you set up SMTP service in IIS on the Sharepoint 2010 server. This has been done
and it forwards email on via the SMTP service fine if I leave it anonymous (the distribution groups still reject mail so I need to get authentication turned on rather than go through each dist group and remove the require authentication tick box).
I have edited the SMTP server outbound security to be Integrated and also tried plain authentication and TLS - none work. I can see the SMTP server make a connection to the default Exchange 2010 connector but the message is never sent. The SMTP
server appears to just sit with the connection open to Exchange.
Now, could this be because of the following:
In Sharepoint you set the FROM address... does this have to match a service account that will be used for authentication, or can the SMTP secure connection use any domain account to authenticate?The tick boxes for authentication on Exchange 2010 receive connector only appear to have Exchange Users, Exchange Servers, etc so I assume the Sharepoint service account HAS to have a mailbox? Is there a way round this? Will an Exchange
contact be OK or simply putting the email address on the account in AD? I would prefer the service account to not have a mailbox. What about a mail enabled user? Is this enough?I have tried doing number 1 but it appears to not work when I give the service account a mailbox. Does the service account need the PRIMARY SMTP to match that of the outgoing email request?
How do people normally set up an SMTP server with authentication against an INTERNAL exchange 2010 server? Do you use Integrated Authentication option or just the plain text outbound security option?
August 20th, 2012 5:02pm
Thanks, but none of the articles advise how to set up SMTP authentication. I can't use anonymous authentication against the Exchange server.
Free Windows Admin Tool Kit Click here and download it now
August 27th, 2012 7:50pm
On Mon, 20 Aug 2012 21:02:11 +0000, Exchange D wrote:
>I am trying to set up Sharepoint 2010 authentication (it defaults as anonymous meaning distribution lists in 2010 by default will reject the email!). To do this you set up SMTP service in IIS on the Sharepoint 2010 server. This has been done and it forwards
email on via the SMTP service fine if I leave it anonymous (the distribution groups still reject mail so I need to get authentication turned on rather than go through each dist group and remove the require authentication tick box).
>
>I have edited the SMTP server outbound security to be Integrated and also tried plain authentication and TLS - none work. I can see the SMTP server make a connection to the default Exchange 2010 connector but the message is never sent. The SMTP server
appears to just sit with the connection open to Exchange.
You can use the SMTP Receive protocol logs on the HT server to see
what's happening (they're a LOT better to work with than than the IIS
SMTP protocol logs).
Have you modified either of the two recieve connectors on the HT
server? IIRC, the default receive connector doesn't accept "exchange
users" (i.e. authenticated connections). The "client" receive
connector does, but that listens on port 587, not port 25.
I'd suggest you add a third receive connector to your HT role and
restrict it to accepting connections only from specific IP addresses
and then set the "Permission Groups" on that connector to just
"Exchange users" (you can also allow anonymous users).
>Now, could this be because of the following: 1. In Sharepoint you set the FROM address... does this have to match a service account that will be used for authentication, or can the SMTP secure connection use any domain account to authenticate?2. The tick
boxes for authentication on Exchange 2010 receive connector only appear to have Exchange Users, Exchange Servers, etc so I assume the Sharepoint service account HAS to have a mailbox? Is there a way round this? Will an Exchange contact be OK or simply putting
the email address on the account in AD? I would prefer the service account to not have a mailbox. What about a mail enabled user? Is this enough?3. I have tried doing number 1 but it appears to not work when I give the service account a mailbox. Does the service
account need the PRIMARY SMTP to match that of the outgoing email request?
>
>How do people normally set up an SMTP server with authentication against an INTERNAL exchange 2010 server? Do you use Integrated Authentication option or just the plain text outbound security option?
Sticking with basic authentication is usually easier.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
August 27th, 2012 8:23pm
Thanks. With regards to the "Exchange users" permission on the receive connector, what exactly does this refer to. Technet says it is authenticated users, but do these users need to be mailbox-enabled users or just plain AD accounts?
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2012 12:33am
On Tue, 28 Aug 2012 04:33:50 +0000, Exchange D wrote:
>Thanks. With regards to the "Exchange users" permission on the receive connector, what exactly does this refer to. Technet says it is authenticated users, but do these users need to be mailbox-enabled users or just plain AD accounts?
http://technet.microsoft.com/en-us/library/aa996395.aspx
Permission Groups
--------------------------------------------------------------------------------
A permission group is a predefined set of permissions that's granted
to well-known security principals and assigned to a Receive connector.
Security principals include users, computers, and security groups. A
security principal is identified by a security identifier (SID). . .
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
August 28th, 2012 10:52am