I am trying to set up Sharepoint 2010 authentication (it defaults as anonymous meaning distribution lists in 2010 by default will reject the email!). To do this you set up SMTP service in IIS on the Sharepoint 2010 server. This has been done and it forwards email on via the SMTP service fine if I leave it anonymous (the distribution groups still reject mail so I need to get authentication turned on rather than go through each dist group and remove the require authentication tick box). I have edited the SMTP server outbound security to be Integrated and also tried plain authentication and TLS - none work. I can see the SMTP server make a connection to the default Exchange 2010 connector but the message is never sent. The SMTP server appears to just sit with the connection open to Exchange. Now, could this be because of the following: In Sharepoint you set the FROM address... does this have to match a service account that will be used for authentication, or can the SMTP secure connection use any domain account to authenticate?The tick boxes for authentication on Exchange 2010 receive connector only appear to have Exchange Users, Exchange Servers, etc so I assume the Sharepoint service account HAS to have a mailbox? Is there a way round this? Will an Exchange contact be OK or simply putting the email address on the account in AD? I would prefer the service account to not have a mailbox. What about a mail enabled user? Is this enough?I have tried doing number 1 but it appears to not work when I give the service account a mailbox. Does the service account need the PRIMARY SMTP to match that of the outgoing email request? How do people normally set up an SMTP server with authentication against an INTERNAL exchange 2010 server? Do you use Integrated Authentication option or just the plain text outbound security option?

Thanks, but none of the articles advise how to set up SMTP authentication. I can't use anonymous authentication against the Exchange server.

On Mon, 20 Aug 2012 21:02:11 +0000, Exchange D wrote: >I am trying to set up Sharepoint 2010 authentication (it defaults as anonymous meaning distribution lists in 2010 by default will reject the email!). To do this you set up SMTP service in IIS on the Sharepoint 2010 server. This has been done and it forwards email on via the SMTP service fine if I leave it anonymous (the distribution groups still reject mail so I need to get authentication turned on rather than go through each dist group and remove the require authentication tick box). > >I have edited the SMTP server outbound security to be Integrated and also tried plain authentication and TLS - none work. I can see the SMTP server make a connection to the default Exchange 2010 connector but the message is never sent. The SMTP server appears to just sit with the connection open to Exchange. You can use the SMTP Receive protocol logs on the HT server to see what's happening (they're a LOT better to work with than than the IIS SMTP protocol logs). Have you modified either of the two recieve connectors on the HT server? IIRC, the default receive connector doesn't accept "exchange users" (i.e. authenticated connections). The "client" receive connector does, but that listens on port 587, not port 25. I'd suggest you add a third receive connector to your HT role and restrict it to accepting connections only from specific IP addresses and then set the "Permission Groups" on that connector to just "Exchange users" (you can also allow anonymous users). >Now, could this be because of the following: 1. In Sharepoint you set the FROM address... does this have to match a service account that will be used for authentication, or can the SMTP secure connection use any domain account to authenticate?2. The tick boxes for authentication on Exchange 2010 receive connector only appear to have Exchange Users, Exchange Servers, etc so I assume the Sharepoint service account HAS to have a mailbox? Is there a way round this? Will an Exchange contact be OK or simply putting the email address on the account in AD? I would prefer the service account to not have a mailbox. What about a mail enabled user? Is this enough?3. I have tried doing number 1 but it appears to not work when I give the service account a mailbox. Does the service account need the PRIMARY SMTP to match that of the outgoing email request? > >How do people normally set up an SMTP server with authentication against an INTERNAL exchange 2010 server? Do you use Integrated Authentication option or just the plain text outbound security option? Sticking with basic authentication is usually easier. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Thanks. With regards to the "Exchange users" permission on the receive connector, what exactly does this refer to. Technet says it is authenticated users, but do these users need to be mailbox-enabled users or just plain AD accounts?

On Tue, 28 Aug 2012 04:33:50 +0000, Exchange D wrote: >Thanks. With regards to the "Exchange users" permission on the receive connector, what exactly does this refer to. Technet says it is authenticated users, but do these users need to be mailbox-enabled users or just plain AD accounts? http://technet.microsoft.com/en-us/library/aa996395.aspx Permission Groups -------------------------------------------------------------------------------- A permission group is a predefined set of permissions that's granted to well-known security principals and assigned to a Receive connector. Security principals include users, computers, and security groups. A security principal is identified by a security identifier (SID). . . --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP