{"id":455,"date":"2017-03-30T15:04:24","date_gmt":"2017-03-30T19:04:24","guid":{"rendered":"https:\/\/www.ccrossan.com\/blog\/?p=455"},"modified":"2017-06-01T11:28:25","modified_gmt":"2017-06-01T15:28:25","slug":"sharepoint-2016-smtp-authentication","status":"publish","type":"post","link":"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/","title":{"rendered":"SharePoint 2016 SMTP Authentication"},"content":{"rendered":"\n<div class=\"twitter-share\"><a href=\"https:\/\/twitter.com\/intent\/tweet?via=crossan007\" class=\"twitter-share-button\">Tweet<\/a><\/div>\n<p><strong>Edit:\u00a0<\/strong>It appears that this has been fixed in <a href=\"https:\/\/support.microsoft.com\/help\/3191880\">KB 3191880<\/a>\u00a0:<\/p>\n<blockquote><p>SharePoint outbound email messages\u00a0incorrectly try to authenticate to SMTP servers that support Generic Security Service Application Program Interface (GSSAPI), Kerberos, or NTLM authentication. This may prevent email messages\u00a0from being sent. After you install this update, SharePoint sends email messages\u00a0anonymously without authentication.<\/p>\n<hr \/>\n<\/blockquote>\n<p>Recently I encountered an issue where SharePoint designer workflow&#8217;s emails not being delivered.<\/p>\n<p>Additional inspection revealed that the messages in question were addressed to an Exchange Distribution group with &#8220;Permitted Senders.&#8221; \u00a0This designation meant that messages sent to this distribution group must be received from an authenticated sender (which SharePoint does not support by default:\u00a0<a href=\"https:\/\/www.ccrossan.com\/blog\/microsoft-sharepoint\/sharepoint-2016-outbound-smtp-failures\/\">SHAREPOINT 2016 OUTBOUND SMTP FAILURES<\/a>).<\/p>\n<h1>Old Solution<\/h1>\n<p>One solution I&#8217;ve used in the past is to <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/cc263462.aspx\">setup Microsoft&#8217;s SMTP server on one of the SharePoint servers, and use that to relay (authenticated) messages to the Exchange server.<\/a> \u00a0 This has generally worked fine in the past, but \u00a0has always felt a little kludgey.<\/p>\n<p>Seriously, Microsoft? \u00a0You&#8217;re recommending that we install IIS6 tools on a modern server?<\/p>\n<h1>The Problem<\/h1>\n<p>Anyway, the above solution breaks down with SharePoint 2016 in certain scenarios: \u00a0When sharing documents in SP2016, the &#8220;invitation&#8221; is sent\u00a0<span style=\"text-decoration: underline;\">as the user who initiated the invitation!!!<\/span><\/p>\n<p>By default, Exchange only allows authenticated users to send as the account who&#8217;s credentials were supplied.<\/p>\n<p>This presents a &#8220;Catch 22:&#8221;<\/p>\n<ul>\n<li>Enable IIS6.0 SMTP relay to send Authenticated messages to Exchange and be able to relay to groups (and external domains)<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-OR&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<\/li>\n<li>Configure SharePoint to send through an unauthenticated receive connector, and be allowed to send as\u00a0<strong>any user<\/strong>, but not able to relay otuside the domain, or to groups which require authentication.<\/li>\n<\/ul>\n<p>I went down a few different solution paths trying to solve this:<\/p>\n<h1>Failed Attempt 1: Grant Send-As Permission to SharePoint<\/h1>\n<p>Attempt to grant the \u00a0SharePoint SMTP service account (since I was already sending authenticated mail) &#8220;send-as&#8221; permissions on all mailboxes in the domain.<\/p>\n<p>This just felt kludgey, and I was ultimately not able to get it to work.<\/p>\n<p>I may have not waited the recommended 2 hours for the Mailbox Cache Idle Limit to expire: \u00a0<strong><a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/aa996988(EXCHG.80).aspx\">https:\/\/technet.microsoft.com\/en-us\/library\/aa996988(EXCHG.80).aspx<\/a><\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/campus.barracuda.com\/product\/messagearchiver\/article\/BMA\/MSXEmailServiceAccount\/\">https:\/\/campus.barracuda.com\/product\/messagearchiver\/article\/BMA\/MSXEmailServiceAccount\/<\/a><\/li>\n<li><a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/bb676368(v=exchg.141).aspx\">https:\/\/technet.microsoft.com\/en-us\/library\/bb676368(v=exchg.141).aspx<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h1>Successful Attempt: Configure Externally Secured Exchange Connector<\/h1>\n<p>The solution for me was to create a new &#8220;Externally Secured&#8221; Exchange Receive connector:\u00a0<a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/mt668454(v=exchg.160).aspx\">https:\/\/technet.microsoft.com\/en-us\/library\/mt668454(v=exchg.160).aspx<\/a><\/p>\n<p>Essentially, this allows the hosts defined in the receive connector&#8217;s scope to deliver &#8220;unauthenticated&#8221; SMTP traffic\u00a0<strong><em>as if it were authenticated. \u00a0<\/em><\/strong><\/p>\n<p>This fulfills my SharePoint requirements:<\/p>\n<ul>\n<li>\u00a0To &#8220;send-as&#8221; on behalf of users in a document sharing scenario.<\/li>\n<li>To send email as SharePoint to distribution groups which require the sender to be authenticated<\/li>\n<li>To send email to users outside of my domain.<\/li>\n<\/ul>\n<p>I hope this helps someone (even if it&#8217;s me in the future).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Edit:\u00a0It appears that this has been fixed in KB 3191880\u00a0: SharePoint outbound email messages\u00a0incorrectly try to authenticate to SMTP servers that support Generic Security Service Application Program Interface (GSSAPI), Kerberos, or NTLM authentication. This may prevent email messages\u00a0from being sent. After you install this update, SharePoint sends email messages\u00a0anonymously without authentication. Recently I encountered an &hellip; <a href=\"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SharePoint 2016 SMTP Authentication<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[14],"tags":[195,196,30,10,183],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SharePoint 2016 SMTP Authentication - Charles&#039; Blog\" \/>\n<meta property=\"og:description\" content=\"Edit:\u00a0It appears that this has been fixed in KB 3191880\u00a0: SharePoint outbound email messages\u00a0incorrectly try to authenticate to SMTP servers that support Generic Security Service Application Program Interface (GSSAPI), Kerberos, or NTLM authentication. This may prevent email messages\u00a0from being sent. After you install this update, SharePoint sends email messages\u00a0anonymously without authentication. Recently I encountered an &hellip; Continue reading SharePoint 2016 SMTP Authentication &rarr;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"Charles&#039; Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-03-30T19:04:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-06-01T15:28:25+00:00\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"crossan007\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/crossan007.dev\/blog\/#website\",\"url\":\"https:\/\/crossan007.dev\/blog\/\",\"name\":\"Charles&#039; Blog\",\"description\":\"SharePoint | PowerShell | Exchange | SCCM | Ubuntu | PHP | JavaScript | A\/V Live Production | More...\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/crossan007.dev\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/#webpage\",\"url\":\"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/\",\"name\":\"SharePoint 2016 SMTP Authentication - Charles&#039; Blog\",\"isPartOf\":{\"@id\":\"https:\/\/crossan007.dev\/blog\/#website\"},\"datePublished\":\"2017-03-30T19:04:24+00:00\",\"dateModified\":\"2017-06-01T15:28:25+00:00\",\"author\":{\"@id\":\"https:\/\/crossan007.dev\/blog\/#\/schema\/person\/bd99569cd81332c8fd866d023848b979\"},\"breadcrumb\":{\"@id\":\"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/crossan007.dev\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SharePoint 2016 SMTP Authentication\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/crossan007.dev\/blog\/#\/schema\/person\/bd99569cd81332c8fd866d023848b979\",\"name\":\"crossan007\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/crossan007.dev\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fff72c74fb6a0da29accf0db83ad4b4b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fff72c74fb6a0da29accf0db83ad4b4b?s=96&d=mm&r=g\",\"caption\":\"crossan007\"},\"url\":\"https:\/\/crossan007.dev\/blog\/author\/crossan007\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/","og_locale":"en_US","og_type":"article","og_title":"SharePoint 2016 SMTP Authentication - Charles&#039; Blog","og_description":"Edit:\u00a0It appears that this has been fixed in KB 3191880\u00a0: SharePoint outbound email messages\u00a0incorrectly try to authenticate to SMTP servers that support Generic Security Service Application Program Interface (GSSAPI), Kerberos, or NTLM authentication. This may prevent email messages\u00a0from being sent. After you install this update, SharePoint sends email messages\u00a0anonymously without authentication. Recently I encountered an &hellip; Continue reading SharePoint 2016 SMTP Authentication &rarr;","og_url":"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/","og_site_name":"Charles&#039; Blog","article_published_time":"2017-03-30T19:04:24+00:00","article_modified_time":"2017-06-01T15:28:25+00:00","twitter_misc":{"Written by":"crossan007","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/crossan007.dev\/blog\/#website","url":"https:\/\/crossan007.dev\/blog\/","name":"Charles&#039; Blog","description":"SharePoint | PowerShell | Exchange | SCCM | Ubuntu | PHP | JavaScript | A\/V Live Production | More...","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/crossan007.dev\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/#webpage","url":"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/","name":"SharePoint 2016 SMTP Authentication - Charles&#039; Blog","isPartOf":{"@id":"https:\/\/crossan007.dev\/blog\/#website"},"datePublished":"2017-03-30T19:04:24+00:00","dateModified":"2017-06-01T15:28:25+00:00","author":{"@id":"https:\/\/crossan007.dev\/blog\/#\/schema\/person\/bd99569cd81332c8fd866d023848b979"},"breadcrumb":{"@id":"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/crossan007.dev\/blog\/microsoft-sharepoint\/sharepoint-2016-smtp-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/crossan007.dev\/blog\/"},{"@type":"ListItem","position":2,"name":"SharePoint 2016 SMTP Authentication"}]},{"@type":"Person","@id":"https:\/\/crossan007.dev\/blog\/#\/schema\/person\/bd99569cd81332c8fd866d023848b979","name":"crossan007","image":{"@type":"ImageObject","@id":"https:\/\/crossan007.dev\/blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/fff72c74fb6a0da29accf0db83ad4b4b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fff72c74fb6a0da29accf0db83ad4b4b?s=96&d=mm&r=g","caption":"crossan007"},"url":"https:\/\/crossan007.dev\/blog\/author\/crossan007\/"}]}},"_links":{"self":[{"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/posts\/455"}],"collection":[{"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/comments?post=455"}],"version-history":[{"count":7,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/posts\/455\/revisions"}],"predecessor-version":[{"id":514,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/posts\/455\/revisions\/514"}],"wp:attachment":[{"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/media?parent=455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/categories?post=455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/tags?post=455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}