How To Configure Outgoing Email For Sharepoint Hosted Apps

ByThe SharePoint FAQs Team

Prerequisites for Setting Up Outgoing Email

SharePoint Permissions Required

The user configuring outgoing email for SharePoint hosted apps requires membership in the SharePoint Farm Administrators group. This provides full control permissions for the SharePoint configuration databases and enables setting up service applications. Additionally, db_owner rights to the SharePoint configuration and service application databases allows managing database schema and objects.

Mail Server Requirements

A functioning SMTP mail server accessible from the SharePoint environment is necessary. Commonly used options include an on-premises Exchange Server, third-party SMTP relay, or Exchange Online with Office 365. The mail server must allow anonymous or authenticated relay from the SharePoint application pool identity. It should have adequate capacity and availability for an organization’s email volume.

Accounts Needed for Configuration

To securely configure outgoing email, a service account is recommended specifically for relaying SharePoint email. This account requires send permissions on the SMTP server. If not using anonymous relay, store the credentials securely and reference them when configuring the mail settings in SharePoint. Granular permissions and auditing can govern this account for compliance.

Methods to Configure Outgoing Email

Using SMTP Relay Service

A dedicated SMTP relay server allows SharePoint apps to send outgoing email indirectly. Install an SMTP server role on a Windows server and configure it to forward email on to another mail server after applying policies. SharePoint connects to this SMTP relay rather than an external server. The relay option simplifies configuration while providing more control and security.

Configuring Standalone SMTP Server

For small SharePoint environments, install and configure a standalone SMTP server like hMailServer on a Windows application server. This direct approach avoids introducing an extra relay hop while still keeping email infrastructure isolated from the SharePoint farm servers. Configure virus scanning, encryption policies, DKIM signing, and other security measures on this email server according to organizational needs.

Using Exchange Online with Office 365

For SharePoint environments already integrated with Office 365, leverage Exchange Online to enable SharePoint to application outgoing email capabilities. Exchange Online provides cloud-based email relay services with built-in security and compliance features. Connect to it securely using service accounts and simplify management using PowerShell and central administration consoles.

Code Examples for Configuring SMTP Relay

PowerShell Commands

Use PowerShell scripts to automate configuring SharePoint for SMTP relay. Example commands include:

$cred = Get-Credential
New-SPMailService -SMTPServer "smtp.contoso.com" -SMTPPort 25 -SMTPAuthenticate $true -SMTPSourceCredential $cred
Set-SPMailService -Identity $service -SMTPServer "smtp.contoso.com" -FromAddress "[email protected]" -ReplyToAddress "[email protected]"

Sample API Calls

To programmatically configure SharePoint email settings, use available APIs like the Client-Side Object Model (CSOM). For example:

var context = SP.ClientContext.get_current();
var mailService = context.get_web().get_allowUnsafeUpdates();
                
mailService.set_SMTPServer("smtp.contoso.com");  
mailService.set_FromAddress("[email protected]");
mailService.set_ReplyToAddress("[email protected]");
                
mailService.update();
context.executeQueryAsync();

Troubleshooting Issues with Outgoing Email

Checking Event Viewer Logs

Entries in the Application log provide details on email configuration and delivery issues from SharePoint apps. Errors relating to SMTP connectivity, authentication problems, address formatting, and more appear here to begin basic troubleshooting.

Verifying SMTP Connectivity

Use Telnet to manually check SMTP communication on ports 25 and 587 from the SharePoint server to mail hosts to isolate physical network issues. Tools like ncinfo, PSPing, and PortQry also validate basic TCP/IP connectivity and host availability across firewalls.

Handling Authentication Errors

Double check that proper credentials are configured in SharePoint’s mail settings page for authenticated SMTP relay. Ensure the service account has send permissions. Trace permission inheritance from the domain level down through admin accounts. Verify credentials haven’t expired and reuse limits haven’t been exceeded.

Best Practices for Email Configuration

Securing Credentials

Minimize attack surface by using a dedicated low-permission service account for SMTP only. Never use domain admin credentials. Store the username and password securely in Credential Manager. Enable SMB encryption and remote registry service restrictions.

Monitoring Email Logs

Review email tracing logs frequently for anomalies in source addresses, destinations, mail server response codes, latency, and volumes. Integrate search and analytics tools to surface issues. Set up email alerts for administrators on critical events.

Managing Allowed Domains

Restrict outgoing emails to company domains only by specifying allowed domains in SharePoint’s outbound email settings page. Block attempts to route external domains which could be used for malicious purposes. Periodically review and update the permitted domains list on both SharePoint and the SMTP server.

Leave a Reply

Your email address will not be published. Required fields are marked *