#-- Add Certificates to SharePoint certificate store. #-- Select Token signing Certificate $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("D:\Certs\TokenSign\TokenSign.cer") #-- Add Token signing Certificate to SharePoint trusted store New-SPTrustedRootAuthority -Name "Token Sign ADFS 3.0" -Certificate $cert #-- Creating Claim mapping $emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming $upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming $roleClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming #-- Creating Trusted Identity Provider for SharePoint #-- Share IdP realm $realm = "urn:sharepoint:extranet" #-- URL for the IdP solution $signInURL = "https://sts.contoso.com/adfs/ls/" #-- Name of IdP $ProviderName = 'Extranet ADFS' #-- IdP Token issuer for SharePoint New-SPTrustedIdentityTokenIssuer -Name $ProviderName -Description 'Contoso Federated Authentication - External' -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $emailClaimMap, $UPNClaimMap, $RoleClaimMap -SignInUrl $signInURL -IdentifierClaim $UPNClaimmap.InputClaimType
How to configure Outgoing email in SharePoint with O365, SMTP relay.
You might have moved all your mail accounts to O365, but you still have that on-premises SharePoint server, that needs to send alerts or has some similar message functionality. Previously you had an Exchange server and used that as relay. Now you need to use O365, so how do you do that? Lets have a look at the prerequisites first and then I’ll show you how to put it all together to send messages, both internally and externally if required.
– Service account in O365 with a mailbox; Used for authenticating SMTP request towards O365.
– Local SMTP server; Used for anonymous access to SharePoint SMTP.
– DNS record; Used as SMTP relay address internally.
– External IP address of local SMTP server; Used for SPF record registration.
– SPF record of mail domain; Used to validate the local SMTP server against public mail exchangers.
– Certificate that covers SMTP relay DNS address; This is used to provide required TLS encryption.
– Internal IP of SharePoint server(s); Used to allow the relay through local SMTP server.
First thing to do is update your SPF record for your domain. This is done on your mail domains DNS settings and should be a text file.
SPF v=spf1 ip4: include:spf.protection.outlook.com ~all
Install the matching certificate in the Personal store on the server.
If you do not have a local SMTP server already, you can install one using Roles and Features from within Windows Server.
To enable logging on the SMTP server, open IIS 6.0 Manager, expand your server and right click Properties. On the General tab; Check “Enable logging” and click Properties. Change log file directory to something different than your system drive.
On the Advanced Tab; Check the following Extended logging options:
Date (date), Time (time), Client IP Address (c-ip), Server Name (s-computername), Server IP Address (s-ip), Server Port (s-port), URI Query (cs-uri-query), Protocol Status (sc-status) and Protocol Substatus (sc-substatus).
Note: Take into consideration where you place the respective SMTP server folders. It is strongly recommended that you place them on a drive separate from the system drive.
Open IIS 6.0 Manager (which will be used to manage your SMTP server), expand your server and right click Properties on your SMTP Virtual Server.
On the access tab; under Secure communication it should state: “A TLS certificate is found with expiration date: “.
Click Authentication and verify that Anonymous access is enabled.
Click Relay, and select “Only the list below” and add the internal IP address of your SharePoint server(s). Leave the “Allow all computers which successfully authenticate to relay….” checked (this means that, all computers within the same domain may use this as a relay. IF you have infected machines, you want to disable this, or remove the infection).
Under the delivery tab; Click Outbound Security.
Check Basic authentication and type in your O365 service account information.
User name: svcRelayO365@contoso.com
Make sure TLS encryption is Checked and click Ok.
Click Outbound connections and change TCP port to 587 and click Ok.
Click Advanced, and type in the local DNS address of your internal relay and type in the SMART host smtp.office365.com and click Ok.
Login to portal.office365.com and navigate to Administration and Exchange.
In Office 365, click Admin, and then click Exchange to go to the Exchange Admin Center.
In the Exchange Admin Center, click Mail Flow, and click Connectors.
To add a new connector, click the + symbol and select From: “Your organization’s email server”, To: “Office 365” and click Next.
Choose the option “By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization”, and add the External IP address.
Leave all the other fields at their default values, and select Save.
Open Central Administation and click System Settings.
Click Configure outgoing e-mail settings.
Use the DNS name of your internal SMTP server as Outbound SMTP server and the From address should match that of your service account.
Testing & Troubleshooting
On your local SMTP server, create a file, called email.txt with the following content:
SUBJECT: Test email
This is a test email sent from my SMTP server
Copy this file into the Pickup folder of your SMTP server. The server will process this and move it to the Queue folder and process it for delivery to O365.
If you do not receive an email at your personal email address within 5 minutes, something is wrong. Here is how to check.
Go to your log file directory, configured previously and have a look at the error codes provided there.
If they are “queued for delivery”, you move to the Office365 Portal and use the mailflow function and search for your mails. There they will be listed with a status indicating their state. The details of the Office365 mailflow log are comprehensive.
$email = "firstname.lastname@example.org" $subject = "Test subject" $body = "Test body" $site = New-Object Microsoft.SharePoint.SPSite "http://sharepoint" $web = $site.OpenWeb() [Microsoft.SharePoint.Utilities.SPUtility]::SendEmail($web,0,0,$email,$subject,$body) // A True or False will confirm the message has been sent or not