Requiring Authentication for Outbound Messages

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

You can configure the Simple Mail Transfer Protocol (SMTP) virtual server to provide the authentication credentials required by a receiving server. There are three types of authentication available: anonymous, Basic (plaintext), and Integrated Windows authentication. Anonymous requires no authentication. With the plaintext option, the account name and password of the server you're connecting to are transmitted in plaintext. The Integrated Windows authentication option requires a Windows account name and password.

The option set here can be overridden for a specific remote domain. Overriding the authentication settings for a remote domain enables you to set the virtual server authentication level to handle most of the transmissions, while allowing exceptions for individual addresses. The following table describes several configuration examples.

SMTP transmissions Authentication option

Messages are commonly sent to multiple addresses.

Disable authentication for the SMTP virtual server. If attempts to deliver messages to an address fail because of authentication requirements, add a remote domain for the address. Then enable authentication for the domain at the same level required by the server.

Messages are commonly sent to one address, which requires authentication.

Determine what level of authentication is required to connect. Then enable authentication for the SMTP virtual server using the same level. If you want to then send messages to other addresses, set up remote domains and set different authentication options. If you use this option, it is likely that the account name used is the one that identifies the computer set up as the smart host.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

Procedures

To disable authentication for outgoing messages

  1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.

  2. Click the Delivery tab, and click Outbound Security.

  3. Click Anonymous access.

  4. Clear all other options.

To set Basic authentication for outgoing messages

  1. In IIS Manager, select the SMTP virtual server, and then click Properties on the Action menu.

  2. On the Delivery tab, click Outbound Security to open the Outbound Security dialog box.

  3. Click Basic authentication.

  4. Under User name and Password, type the account name and password that will grant you access to the computer you are connecting to.

Important

If Basic authentication is your only authentication method, it is strongly recommended that you also require TLS encryption to avoid unauthorized detection of user names and passwords.

To set Integrated Windows authentication for outgoing messages

  1. In IIS Manager, select the SMTP virtual server, and then click Properties on the Action menu.

  2. On the Delivery tab, click Outbound Security to open the Outbound Security dialog box.

  3. Select the Integrated Windows Authentication check box.

  4. Under Account and Password, type a Windows account name and password that will grant you access to the computer you're connecting to.