How to Build an IIS SMTP Relay Server

choubertsprojects

VPN offers!

1. NordVPN

2. Surfshark

3. ExpressVPN

If you want to run your own email server, allow incoming emails that aren’t from the predefined list of allowed domains.

The “server 2019 iis smtp relay” is a tutorial that will show you how to build an IIS SMTP Relay Server. The server allows users to send emails from their own domain name, without having to use the Microsoft Exchange Server.

How to Build an IIS SMTP Relay Server

Microsoft IIS can be used as an SMTP server, but it needs a number of steps to set up. Fortunately for you, I’ve already built up an IIS SMTP relay server and documented every step!

In this post, we’ll walk you through every step of setting up an SMTP relay server for sending outbound emails with Office 365. Technically, we’ll be using this SMTP relay to send email to Office 365, but it may also be used for any other SMTP relay mail delivery.

Prerequisites

Make sure you have a Windows Server 2016 workstation ready to set up IIS and follow along with me. I’ll also assume you’re signed in as an administrator on the server.

Install the Windows Feature for IIS SMTP Server

Installing the IIS SMTP Server is the first step in setting up an IIS SMTP relay. The SMTP Server Windows feature must be installed.

Using the Server Manager program

If you’re not acquainted with using Server Manager to install Windows features, see this article: Install or Uninstall Roles, Role Services, or Features.

Scripting using PowerShell

The SMTP Server function eliminates a lot of point-and-click work. Run the following command on a PowerShell console as an administrator:

PS51> Install-WindowsFeature -Name SMTP-Server -IncludeAllSubFeature -IncludeManagementTools -Restart

Allow time for the installation to complete. You should get something like this as a result.

Using PowerShell to install the SMTP-Server Windows featureUsing PowerShell to install the SMTP-Server Windows feature

Bring a certificate in (for TLS only)

Before configuring the IIS SMTP Server, import an SSL certificate in the server’s local machine personal certificate store if you’ll be delivering email using TLS (Office 365). If your Office 365 SMTP relay is non-TLS, you may skip this step.

If you don’t have a certificate, you can acquire one using your internal PKI (if you have one) or a public certificate through LetsEncrypt, Digicert, and other similar sites.

You’ll need to import the certificate into the local machine’s personal certificate store after you have it. Check see Import and Export Certificate – Microsoft Windows if you’re not sure how to import certificates using the Certificates MMC.

You should see a confirmation box like this if everything went OK. To confirm, click OK (1).

Import of certificates was successful.Import of certificates was successful.

Back in the main console window, refresh the Personal > Certificates folder and you should be able to see the imported certificate.

Check the validity of the certificate

After you’ve imported the certificate chain, double-check that it’s full and free of mistakes. If everything is in order, you should be able to examine the certificate and see that the Valid From field is current and that the certificate has a private key. The following is an example.

Authenticating the certificateAuthenticating the certificate

You should also notice a Certificate status saying that the certificate is OK on the Certification Path page, as seen below.

The certificate's state indicates that it is in good working order.The certificate’s state indicates that it is in good working order.

Set up the IIS SMTP Server.

At this stage, the SMTP server has been successfully setup. However, before you can use it, you must first establish the server settings.

The SMTP server is configured to operate in IIS6 compatibility mode and does not provide PowerShell functionality. This means you’ll have to use the IIS6 Management Console to manually configure the settings.

Go to Start –> Run and type in inetmgr6 and hit Enter. This will open the IIS 6 console.

Right-click on [SMTP Virtual Server #1] (1) and choose Properties after the console is open (2).

Checking the characteristics of the SMTP Virtual ServerChecking the characteristics of the SMTP Virtual Server

Check Enable logging (1) in the Properties panel, then click Properties (2).

Logging is enabled.Logging is enabled.

Select the Advanced tab, then check all of the items in the list (1) before clicking OK (2).

Examining the advanced optionsExamining the advanced options

Return to the Properties window and choose the Delivery tab, then Advanced (1).

On the Delivery tab, click the Advanced option.On the Delivery tab, click the Advanced option.

Fill in the Fully-qualified domain name (1) for the destination SMTP mail server in the Advanced Delivery box. It is not required that it be the same as the computer’s FQDN. If you’re setting this SMTP server to work with Office 365, enter your Office 365 MX endpoint in the Smart host (2) area. and then press OK (3).

Making a smart hostMaking a smart host

In the IIS SMTP Server, add Allowed IPs.

Now, if you wish to test a device, you must first add its IP address to the relay limitations. The IP address 192.168.0.3 will be added to the relay limitations in this example. This IP address is associated with a machine on the same network as the server.

Go to the Access tab and click on Relay to add an authorized IP to the relay limitations (1).

On the Access tab, there is a relay button.On the Access tab, there is a relay button.

Click Add in the Relay Restrictions window (1).

Adding a relay limitation is a good idea.Adding a relay limitation is a good idea.

Then enter the IP address (1) you want to allow, and then click OK (2).

Restricting relay to a single IP addressRestricting relay to a single IP address

Confirm that the IP address has been added to the list in the Relay Restrictions box, then click OK (1) and OK out of the properties window.

Confirming the addition of a new relay limitationConfirming the addition of a new relay limitation

Confirm that the SMTP server has detected the certificate and that TLS encryption is enabled.

If your relay server will transmit outbound email using TLS, make sure the certificate is recognized by the IIS SMTP Server and that TLS encryption is enabled.

You should get a notice that says “A TLS certificate with expiry date: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX If that’s the case, you’re good to go.

Examining the expiry date of TLS certificationExamining the expiry date of TLS certification

After that, go to the Delivery tab, choose Outbound Security (1), check the TLS encryption (2) box, and then click OK (3).

Encrypting outgoing email using TLS is a good idea.Encrypting outgoing email using TLS is a good idea.

The IIS SMTP Server setup procedures are now complete.

IIS SMTP Mail Relay Server is put to the test.

Your SMTP Server should be setup and ready to start relaying messages at this point. The next stage is to put it to the test. You should now send email over the SMTP relay to ensure that the message is received by the recipient SMTP server.

Use the Pickup Directory as a test.

When IIS SMTP Server is installed, it creates a folder at C:inetpubmailrootPickup on the server. The SMTP server takes up freshly submitted emails in this directory for processing before forwarding them to the Queue directory.

Create a plain text file with the following content to try this method:

Remember to replace the From and To values with your own.

Save this file as mail.txt someplace outside than the pickup directory.

Copy and paste the file into the C:inetpubmailrootPickup folder once you’ve saved it. If everything goes well, the file should vanish immediately. This indicates that the message has been picked up by the SMTP service and is being processed.

You should get the email sent to the chosen recipient email address provided in mail.txt within a few seconds to a minute.

PowerShell is used to perform the tests.

In this test, you will use PowerShell from the computer whose IP address you added in the In the IIS SMTP Server, add Allowed IPs. section.

Copy/paste the code below into a PowerShell console. Make that the settings for the From, To, and SmtpServer arguments are correct. You may use either example below to test a non-TLS or TLS configuration, depending on how you configured the relay server above.

## Build the message parameters $mailParams = @{ SmtpServer = ‘smtp.server.here’ Port = 25 #UseSSL = $true From = ‘[email protected]’ To = ‘[email protected]’, ‘[email protected]’ Subject = (‘ON-PREM SMTP Relay – ‘ + (Get-Date -Format g)) Body = ‘This is a test email using ON-PREM SMTP Relay’ DeliveryNotificationOption = ‘OnFailure’, ‘OnSuccess’ } <# Send the message #> Send-MailMessage @mailParams

Summary

In this article, you’ve learned how to set up an IIS SMTP relay server for recipient email delivery from Office 365. We covered setting up both a non-TLS and TLS SMTP server using a combination of the GUI and PowerShell. We then tested our setup Scripting using PowerShell to confirm all is well.

Additional Reading

The “smtp relay windows server” is a tutorial that will teach you how to build an IIS SMTP Relay Server. This guide is for Windows, but the steps are similar on other operating systems like Linux and Mac.

Related Tags

  • iis smtp relay office 365 step by step
  • configure smtp relay server 2016
  • configure smtp in iis 10
  • iis smtp relay authentication
  • iis smtp server