ویرایش:1394/06/26 11:56 ق.ظ
Picture Placeholder: mostafa rafiei
Picture Placeholder: mostafa rafiei
  • mostafa rafiei

how to configure sharepoint to send email to external users

https://social.technet.microsoft.com/Forums/sharepoint/en-US/085fc420-8107-4593-a4c9-04be8c94c625/how-to-configure-sharepoint-to-send-email-to-external-users?forum=sharepointadminprevious

Hi, I had the same issue on an SBS box which is a lot more awkward as normally you wouldn't have sharepoint and exchange on the same box. I'm posting here although this is very old just in case some other poor fool spends an entire day messing around like I did. These instructions are explicitly for a SBS 2011 standard installation but should work with other scenarios (obvioulsy replace any connector names with your own)

Open as administrator exchange management shell and run:
 
Get-ReceiveConnector "Windows SBS Fax Sharepoint Receive SERVER" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

This will allow relay to external recipients from sharepoint (The default server address in sharepoint foundation on an SBS box outgoing email server resolves through a local DNS entry to 127.0.0.1 - The SBS Fax Sharepoint Receive connector only runs on 127.0.0.1 - kinda makes sense)

Running:

Get-ReceiveConnector “Windows SBS Internet Receive SERVER” | Remove-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

will stop open relays from the internet. I found that when checking for open relays that the SBS Internet Receive connector will accept any recipient. Of course this can be restricted by IP on your connector, but I'd rather not have it look like an open relay and get every man and his dog having a go at it.

 

Hope this helps somebody

http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx

Only the list below (specify IP address)

This option is for those who cannot authenticate with Exchange. The most common example of this is an application server that needs to be able to relay messages through Exchange.

First, start with a new custom receive connector. You can think of receive connectors as protocol listeners. The closest equivalent to Exchange 2003 is an SMTP Virtual Server. You must create a new one because you will want to scope the remote IP Address(es) that you will allow.

 

The next screen you must pay particular attention to is the "Remote Network settings". This is where you will specify the IP ranges of servers that will be allowed to submit mail. You definitely want to restrict this range down as much as you can. In this case, I want my two web servers, 192.168.2.55 & 192.168.2.56 to be allowed to relay.

 

The next step is to create the connector, and open the properties. Now you have two options, which I will present. The first option will probably be the most common.

Option 1: Make your new scoped connector an Externally Secured connector

This option is the most common option, and preferred in most situations where the application that is submitting will be submitting email to your internal users as well as relaying to the outside world.

Before you can perform this step, it is required that you enable the Exchange Servers permission group. Once in the properties, go to the Permissions Groups tab and select Exchange servers.

 

Next, continue to the authentication mechanisms page and add the "Externally secured" mechanism. What this means is that you have complete trust that the previously designated IP addresses will be trusted by your organization.

 

Caveat: If you do not perform these two steps in order, the GUI blocks you from continuing.

Do not use this setting lightly. You will be granting several rights including the ability to send on behalf of users in your organization, the ability to ResolveP2 (that is, make it so that the messages appear to be sent from within the organization rather than anonymously), bypass anti-spam, and bypass size limits. The default "Externally Secured" permissions are as follows:

MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authoritative-Domain}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Anti-Spam}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Message-Size-Limit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Exch50}
MS Exchange\Externally Secured Servers {ms-Exch-Accept-Headers-Routing}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Submit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Recipient}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authentication-Flag}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Sender}

Basically you are telling Exchange to ignore internal security checks because you trust these servers. The nice thing about this option is that it is simple and grants the common rights that most people probably want.

Option 2: Grant the relay permission to Anonymous on your new scoped connector

This option grants the minimum amount of required privileges to the submitting application.

Taking the new scoped connector that you created, you have another option. You can simply grant the ms-Exch-SMTP-Accept-Any-Recipient permission to the anonymous account. Do this by first adding the Anonymous Permissions Group to the connector.

 

This grants the most common permissions to the anonymous account, but it does not grant the relay permission. This step must be done through the Exchange shell:

Get-ReceiveConnector "CRM Application" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

In addition to being more difficult to complete, this step does not allow the anonymous account to bypass anti-spam, or ResolveP2.

Although it is completely different from the Exchange 2003 way of doing things, hopefully you find the new SMTP permissions model to be sensible.

Picture Placeholder: mostafa rafiei
  • mostafa rafiei
/_layouts/15/images/person.gif" alt="Picture Placeholder: mostafa rafiei" />
mostafa rafiei

https://social.technet.microsoft.com/Forums/sharepoint/en-US/085fc420-8107-4593-a4c9-04be8c94c625/how-to-configure-sharepoint-to-send-email-to-external-users?forum=sharepointadminprevious

Hi, I had the same issue on an SBS box which is a lot more awkward as normally you wouldn't have sharepoint and exchange on the same box. I'm posting here although this is very old just in case some other poor fool spends an entire day messing around like I did. These instructions are explicitly for a SBS 2011 standard installation but should work with other scenarios (obvioulsy replace any connector names with your own)

Open as administrator exchange management shell and run:
 
Get-ReceiveConnector "Windows SBS Fax Sharepoint Receive SERVER" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

This will allow relay to external recipients from sharepoint (The default server address in sharepoint foundation on an SBS box outgoing email server resolves through a local DNS entry to 127.0.0.1 - The SBS Fax Sharepoint Receive connector only runs on 127.0.0.1 - kinda makes sense)

Running:

Get-ReceiveConnector “Windows SBS Internet Receive SERVER” | Remove-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

will stop open relays from the internet. I found that when checking for open relays that the SBS Internet Receive connector will accept any recipient. Of course this can be restricted by IP on your connector, but I'd rather not have it look like an open relay and get every man and his dog having a go at it.

 

Hope this helps somebody

http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx

Only the list below (specify IP address)

This option is for those who cannot authenticate with Exchange. The most common example of this is an application server that needs to be able to relay messages through Exchange.

First, start with a new custom receive connector. You can think of receive connectors as protocol listeners. The closest equivalent to Exchange 2003 is an SMTP Virtual Server. You must create a new one because you will want to scope the remote IP Address(es) that you will allow.

 

The next screen you must pay particular attention to is the "Remote Network settings". This is where you will specify the IP ranges of servers that will be allowed to submit mail. You definitely want to restrict this range down as much as you can. In this case, I want my two web servers, 192.168.2.55 & 192.168.2.56 to be allowed to relay.

 

The next step is to create the connector, and open the properties. Now you have two options, which I will present. The first option will probably be the most common.

Option 1: Make your new scoped connector an Externally Secured connector

This option is the most common option, and preferred in most situations where the application that is submitting will be submitting email to your internal users as well as relaying to the outside world.

Before you can perform this step, it is required that you enable the Exchange Servers permission group. Once in the properties, go to the Permissions Groups tab and select Exchange servers.

 

Next, continue to the authentication mechanisms page and add the "Externally secured" mechanism. What this means is that you have complete trust that the previously designated IP addresses will be trusted by your organization.

 

Caveat: If you do not perform these two steps in order, the GUI blocks you from continuing.

Do not use this setting lightly. You will be granting several rights including the ability to send on behalf of users in your organization, the ability to ResolveP2 (that is, make it so that the messages appear to be sent from within the organization rather than anonymously), bypass anti-spam, and bypass size limits. The default "Externally Secured" permissions are as follows:

MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authoritative-Domain}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Anti-Spam}
MS Exchange\Externally Secured Servers {ms-Exch-Bypass-Message-Size-Limit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Exch50}
MS Exchange\Externally Secured Servers {ms-Exch-Accept-Headers-Routing}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Submit}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Recipient}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Authentication-Flag}
MS Exchange\Externally Secured Servers {ms-Exch-SMTP-Accept-Any-Sender}

Basically you are telling Exchange to ignore internal security checks because you trust these servers. The nice thing about this option is that it is simple and grants the common rights that most people probably want.

Option 2: Grant the relay permission to Anonymous on your new scoped connector

This option grants the minimum amount of required privileges to the submitting application.

Taking the new scoped connector that you created, you have another option. You can simply grant the ms-Exch-SMTP-Accept-Any-Recipient permission to the anonymous account. Do this by first adding the Anonymous Permissions Group to the connector.

 

This grants the most common permissions to the anonymous account, but it does not grant the relay permission. This step must be done through the Exchange shell:

Get-ReceiveConnector "CRM Application" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

In addition to being more difficult to complete, this step does not allow the anonymous account to bypass anti-spam, or ResolveP2.

Although it is completely different from the Exchange 2003 way of doing things, hopefully you find the new SMTP permissions model to be sensible.

01394/06/26 11:55 ق.ظ1394/06/26 11:56 ق.ظخیرAdministration
12/3422662037037
11393/10/23 07:08 ب.ظ1
محبوبه ذالی
گفتمانی برای نمایش وجود ندارد