{"id":163,"date":"2018-04-05T17:17:28","date_gmt":"2018-04-05T15:17:28","guid":{"rendered":"http:\/\/zupertails.be\/wur\/?p=163"},"modified":"2018-04-05T17:33:32","modified_gmt":"2018-04-05T15:33:32","slug":"smtp-relay-on-your-windows-server-for-use-with-office-365","status":"publish","type":"post","link":"https:\/\/zupertails.be\/wur\/?p=163","title":{"rendered":"SMTP relay on your Windows server for use with Office 365"},"content":{"rendered":"

Antique software ? No TLS\/SSL support for outgoing mail ?<\/h2>\n

No problem !<\/h3>\n

If you stumble upon this article through a Google search (who uses Bing, anyway…), you’re probably wondering how to solve the following issue (or something similar) :<\/p>\n

\"\"
It’s all about the Pentiums, baby !<\/figcaption><\/figure>\n

You have this old invoicing software that doesn’t get updates anymore ever since 2008 and relies on port 25 – unauthenticated – to send mails through your ISP’s outgoing mail server.<\/p>\n

You happen to have this beautiful product called ‘Office 365’ and use its mail functionality for your own domain name. This domain name is used as outgoing mail domain in your software.<\/p>\n

Luckily, you still have a Windows Server randomly lying about (hopefully 2008 R2 or higher, but this trick works with older stuff as well – also : this works on a Windows 7\/8\/10 , even though the IIS install method will be different<\/a>)<\/p>\n

Installing SMTP in IIS<\/h2>\n
    \n
  1. 2012 R2 Server
    \n\"\"Install Internet Information Services (IIS)<\/b><\/p>\n
      \n
    1. In Server Manager, select\u00a0Add Roles<\/b>.<\/li>\n
    2. On the Before you begin page in the Add Roles Wizard, select\u00a0Next<\/b>.<\/li>\n
    3. On the Select Installation Type page, select\u00a0Role-based or Feature-based installation<\/b>.<\/li>\n
    4. On the Select destination server page, choose\u00a0Select a server from the server pool<\/b>, and select the server that will be running SMTP services. Select\u00a0Next<\/b>.<\/li>\n
    5. On the Select Server Roles page, select\u00a0Web Server (IIS)<\/b>, and then select\u00a0Next<\/b>. If a page that requests additional features is displayed, select\u00a0Add Features<\/b>\u00a0and then select\u00a0Next<\/b>.<\/li>\n
    6. On the Select Role Services page, make sure that Basic Authentication under Security is selected, and then select\u00a0Next<\/b>.<\/li>\n
    7. On the Confirm Installation Steps page, select\u00a0Install<\/b>.
      \n
      \nInstall SMTP<\/b><\/p>\n
        \n
      1. Open Server Manager and select\u00a0Add Roles and Features<\/b>.<\/li>\n
      2. Select\u00a0Server Selection\u00a0<\/b>and make sure that the server that will be running the SMTP server is selected and then select Features.<\/li>\n
      3. On the Select Features screen, choose\u00a0SMTP Server<\/b>. You may be prompted to install additional components. If that\u2019s the case, select\u00a0Add Required Features<\/b>\u00a0and select\u00a0Next<\/b>.<\/li>\n
      4. \n

        Select\u00a0Install<\/b>. After the installation is finished, you may have to start the SMTP service by using the Services snap-in for the Microsoft Management Console (MMC).<\/p>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n

      5. 2008 R2 Server
        \n\"\"Install Internet Information Services (IIS)<\/b><\/p>\n
          \n
        1. In Server Manager, select\u00a0Add Roles<\/b>.<\/li>\n
        2. On the Before you begin page in the Add Roles Wizard, select\u00a0Next<\/b>.<\/li>\n
        3. On the Select Server Roles page, select\u00a0Web Server (IIS)<\/b>\u00a0and select\u00a0Install<\/b>.<\/li>\n
        4. Select Next until you get to the Select Role Services page.<\/li>\n
        5. In addition to what is already selected, make sure that\u00a0ODBC Logging, IIS Metabase Compatibility, and IIS 6 Management Console\u00a0<\/b>are selected and then select\u00a0Next<\/b>.<\/li>\n
        6. When you\u2019re prompted to install IIS, select Install. You may need to restart the server after the installation is finished.Install SMTP<\/b>\n
            \n
          1. Open Server Manager and select\u00a0Add Roles and Features<\/b>.<\/li>\n
          2. On the Select Features screen, choose\u00a0SMTP Server<\/b>. You may be prompted to install additional components. If that\u2019s the case, select\u00a0Add Required Features<\/b>\u00a0and select\u00a0Next<\/b>.<\/li>\n
          3. Select\u00a0Install<\/b>. After the installation is finished, you may have to start the SMTP service by using the Services snap-in for the Microsoft Management Console (MMC).<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n
          4. Windows 10 \/ 8 \/ 7Use the instructions on\u00a0https:\/\/www.howtogeek.com\/112455\/how-to-install-iis-8-on-windows-8\/<\/a>
            \nYou’re probably oing to need at least the ‘Professional’ version of the operating system to be able to pull this one off.<\/li>\n<\/ol>\n

            Configuring the SMTP Service for use with O365<\/h2>\n
              \n
            1. Set up SMTP<\/b>\n
                \n
              1. Select\u00a0Start > Administrative Tools > Internet Information Services (IIS) 6.0<\/b>.<\/li>\n
              2. Expand the current server, right-click the\u00a0SMTP Virtual Server<\/b>, and then select\u00a0Properties<\/b>.<\/li>\n
              3. On the General tab, select\u00a0Advanced > Add<\/b>.<\/li>\n
              4. In the IP Address box, specify the address of the server that\u2019s hosting the SMTP server.<\/li>\n
              5. In the Port box, enter\u00a0587<\/b>\u00a0and select\u00a0OK<\/b>.<\/li>\n
              6. On the Access tab, do the following:\n
                  \n
                1. Select Authentication and make sure that\u00a0Anonymous Access<\/b>\u00a0is selected.<\/li>\n
                2. Select\u00a0Connection > Only the List Below<\/b>, and then specify the IP addresses of the devices that will be connecting to the SMTP server, such as printers.<\/li>\n
                3. Select\u00a0Relay > Only the List Below<\/b>, and then specify the IP address of the devices relaying through this SMTP server<\/li>\n<\/ol>\n<\/li>\n
                4. On the Delivery tab, select\u00a0Outbound Security<\/b>, and then do the following:\n
                    \n
                  1. Select\u00a0Basic Authentication<\/b>.<\/li>\n
                  2. Enter the credentials of the Office 365 user who you want to use to relay SMTP mail.<\/li>\n
                  3. Select\u00a0TLS Encryption<\/b>.<\/li>\n
                  4. Select\u00a0Outbound Connections<\/b>\u00a0and in the TCP Port box, enter\u00a0587<\/b>\u00a0and select\u00a0OK<\/b>.<\/li>\n
                  5. Select\u00a0Advanced<\/b>\u00a0and specify\u00a0SMTP.office365.com<\/b>\u00a0as the Smart Host.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

                    \/!\\<\/span> Restart the IIS service and the SMTP service.\u00a0\u00a0\/!\\<\/span><\/b><\/h3>\n

                     <\/p>\n

                    Actually testing, before applying<\/h2>\n

                    You can test SMTP relay services without using your software that needed it in the first place.<\/p>\n

                    To test SMTP relay services, use the following steps.<\/p>\n

                      \n
                    1. Create a text file using Notepad or another text editor. The file should contain the following code. Replace the source and destination email addresses with the addresses you will use to relay SMTP<\/strong>.<\/code>\n
                      FROM: <source email address>\r\nTO: <destination email address>\r\nSUBJECT: Test email\r\n\r\nThis is a test email sent from my SMTP server\r\n<\/pre>\n<\/li>\n
                    2. Save the text file as Email.txt.<\/li>\n
                    3. Copy<\/strong> the Email.txt file into the following folder: C:\\InetPub\\MailRoot\\Pickup.<\/strong>
                      \nTry to copy it instead of just moving it. The mail file will disappear.<\/li>\n
                    4. After a short time, the file should automatically be moved to the C:\\InetPub\\MailRoot\\Queue<\/strong> folder. When the SMTP server delivers the mail, the file is automatically deleted from the local folder.\n
                      \n
                      Warning:<\/b>\u00a0If the SMTP server can\u2019t deliver the message, a non-delivery report (NDR) is created in the C:\\InetPub\\MailRoot\\BadMail<\/strong> folder. You can use this NDR to diagnose delivery issues.<\/p>\n<\/div>\n
                       <\/li>\n<\/ol>\n
                      Troubleshooting<\/h2>\n
                      This is where most guides fall short.<\/p>\n
                        \n
                      1. Read the mails, that appear in the Badmail folder.Usually there will be a reason for refusal or non-delivery explained in these files.
                        \nIf you have ‘show file extensions’ turned on, they will appear as .BAD files.
                        \nOpen with Notepad or a similar pogram to see something like this :<\/p>\n
                        \"\"
                        \nSelf-explanatory, I guess.<\/li>\n
                      2. If mails were to actually arrive at their destinaton, but marked as “phishing<\/strong>” or appear in the spam folder<\/strong> of your recipient, chances are pretty high, your software package is still sending out through the wrong outgoing mailserver.
                        \nSeeing as I’m not a psychic, I can’t know how to configure outgoing mail in every piece of software.Press F1\u00a0\"\"<\/strong><\/p>\n
                        An other reason for your mails being marked as “phising” (and I deliberately left this near the end of this article), is also related to the above (still sending out through your ISP’s SMTP server using an Office 365 mail address).
                        \nHOWEVER…<\/strong><\/p>\n
                        When the mail arrives – even though its marked as spam –\u00a0 this means your ISP was able to actually deliver it. In Office 365 cases, this usually means that your ISP is not allowed to send out as your O365-linked domain name.
                        \nI’ll provide a detailed how-to on interpreting mail headers<\/a> in a later post, but for the purpose of this exercise, let’s presume the mails are being marked because of the above.<\/p>\n
                        In this case, just adding\/editing an SPF record that relates to your ISP will be enough.<\/p>\n
                        I hear a couple of muffled hillbilly-sounding voices in the background asking me ‘what in tarnation is an SPF record’ and how does that work ?
                        \nRead and weep :\u00a0                        https:\/\/blog.returnpath.com\/how-to-explain-spf-in-plain-english\/<\/a><\/p>\n
                        For all you Belgians out there, these are the values you need to include in your SPF record for the bigger ISP’s :<\/p>\n
                        Telenet<\/strong> <\/span>
                        \n\u00a0 \u00a0 \u00a0 include:_spf.telenet-ops.be<\/em><\/p>\n
                        Proximus<\/strong> <\/span>
                        \n\u00a0 \u00a0 \u00a0 include:ispmail.spf.secure-mail.be <\/em>
                        \n\u00a0 \u00a0 \u00a0 include:bgc.spf.secure-mail.be<\/p>\n
                        <\/em>The somewhat attentive reader might be asking himself ‘if I could just add an SPF record using the records for my ISP, then why did I even bother reading this article ?<\/p>\n
                        <\/span>I’ll keep the answer very simple : EVERY user of this ISP will have the ability to send mail as your domain name, without passing some form of verification in this case.<\/p>\n
                        <\/span>AAaaaaand we’re back to the 80’s\/90’s , where it was common fun and games to change your mail address in Outlook Express or other old mail software.<\/p>\n
                        <\/span>Random :
                        \n<\/strong>Did you know that Outlook Express’ executable file\u00a0 \u00a0<\/span>msimn.exe<\/em> was named, because it’s short for <\/span>MicroSoft Internet Mail and News<\/em> ?<\/p>\n
                        <\/span><\/li>\n
                      3. Mail does not arrive and the NDR gives an authentication error :\n
                        Did you change your O365 password for the account that you use to authenticate for the SMTP connection ?
                        \nYes you did. (or you just made a typo)<\/li>\n
                      4. Mail does not arrive and the NDR gives a ‘does not permit to send as’ error :\n
                        Most often, this occurs when not sending as the account that is the SMTP relayer.
                        \nYour fancy 80’s software probably sends as (e.g., which is latin for                         exempli grati\u0101<\/a>\u00a0and is often translated as example given – just sayin’<\/em>) invoicing@shortstraw.be, while your SMTP’er is oliver@shortstraw.be.<\/p>\n
                        To solve this, either change your outgoing mail address in your 80’s software, change the authenticating O365 in your SMTP relay server OR…. *drumrolls* add ‘send as’ permissions to the invoicing mailbox for Oliver’s account.<\/p>\n
                        What’s that ? invoicing@shortstraw.be does not exist in your O365 tenant ?
                        \nYeah… I figured as much…
                        \nAdd is as an alias to Oliver’s box or create a new box. Choice is yours.<\/li>\n<\/ol>\n
                         <\/p>\n
                        Oh, and in a footnote : you will not find the mails sent through your relay’er in the resp. mailbox’ Sent Items.
                        \nHandy for troubleshooting… NOT<\/p>\n","protected":false},"excerpt":{"rendered":"
                        Antique software ? No TLS\/SSL support for outgoing mail ? No problem ! If you stumble upon this article through a Google search (who uses Bing, anyway…), you’re probably wondering how to solve the following issue (or something similar) : You have this old invoicing software that doesn’t get updates<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,6,9],"tags":[12,10,18,17],"_links":{"self":[{"href":"https:\/\/zupertails.be\/wur\/index.php?rest_route=\/wp\/v2\/posts\/163"}],"collection":[{"href":"https:\/\/zupertails.be\/wur\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zupertails.be\/wur\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zupertails.be\/wur\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zupertails.be\/wur\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=163"}],"version-history":[{"count":3,"href":"https:\/\/zupertails.be\/wur\/index.php?rest_route=\/wp\/v2\/posts\/163\/revisions"}],"predecessor-version":[{"id":171,"href":"https:\/\/zupertails.be\/wur\/index.php?rest_route=\/wp\/v2\/posts\/163\/revisions\/171"}],"wp:attachment":[{"href":"https:\/\/zupertails.be\/wur\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zupertails.be\/wur\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zupertails.be\/wur\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}