Install Windows Server 2012 SMTP Relay Feature
- Login as an administrator.
- Go the the start screen and type “Server Manager”
- Click on Manage and choose “Add roles and Features”.
- Click “Next >” (Check the box to skip this in the future)
- Make sure “Role-based or feature-based installation” is selected then click “Next >”
- Choose the appropriate server then click “Next >”
- Make no changes to the “Roles” page then click “Next >”
- On the “Features” page scroll down and check the box by “SMTP Server”
- Click “Add Features” (required for SMTP Server) then click “Next >”
- Click “Install” then wait for the install to finish then click “Close”.
Configure Windows Server 2012 SMTP Relay
- Go the the start screen and type “Server Manager”.
- In the Tools menu select “Internet Information Services (IIS) 6.0 Manager”
- Expand the tree until [SMTP Virtual Server #1] is shown then right click and choose “Rename” (as appropriate)
- Right click again and choose “Properties”.
- Click on the “Access” tab then click the “Connection…” button
- Select “All except the list below” then click “OK”
- Click on the “Relay…” then select “All except the list below” then click “OK”
- Click on the “Delivery” tab then click the “Outbound Security” button
- Select “Basic Authentication” and type in the username and password of Office365 user – this can be different than what is used on the device as long as the alternate address on the device is an alias of this user.
- Check “TLS encryption” then click “OK”
- Click the “Outbound connections” button then change “TCP port” to 587 then click “OK”
- Click the “Advanced” button then fill in the FQDN of the internal server (add custom DNS for future changes)
- Fill in “Smart host” with SMTP.office365.com – the name of the Office365 SMTP server then click “OK” twice
Warning! You have an open relay now. Use this setup to check the email notification system. When you see it’s fully functional go back to the “Access” tab and narrow down the “Connection” settings to the necessary systems. When no other system needs to relay, just check “Only the list below” and grant “127.0.0.1” access.
Configure External DNS for SPF protection
Go to the domain registrar’s website to update DNS records. Edit / create a sender policy framework (SPF) record. In the entry, include the external IP address. The finished string looks similar to this, where 10.0.0.2 is your public IP address:
v=spf1 ip4:10.0.0.2 include:spf.protection.outlook.com ~all
Skipping this step might cause email to be sent to recipients’ junk mail folders.
If your company is using Office 365 and needs an Office 365 SMTP relay setup for use by a network device like a multi-function printer, then contact us for assistance.