Configuring Authentication for Remote Domains

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

You can configure the Simple Mail Transfer Protocol (SMTP) virtual server to provide the authentication credentials required by the remote domain. There are two types of authentication available: basic (plaintext) and Integrated Windows authentication. With the basic option, the account name and password of the server you're connecting to is transmitted in clear text. The Integrated Windows Authentication option requires a Windows account name and password. You can also disable authentication, which is the default option.

The selected option overrides the SMTP virtual server authentication setting on the Access tab. The following table describes several configuration examples.

SMTP virtual server transmissions Authentication option

Messages are commonly sent to multiple addresses.

Disable authentication for the SMTP virtual server. If attempts to deliver messages to an address fail because of authentication requirements, add a remote domain for the address. Then enable authentication for the domain at the same level required by the server.

Messages are commonly sent to one address, which requires authentication.

Determine what level of authentication is required to connect. Then enable authentication for the SMTP virtual server using the same level. If you want to then send messages to other addresses, set up remote domains and set different authentication options. If you use this option, it is likely that the account name used is the one that identifies the computer set up as the smart host.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".

Procedures

To disable authentication for outgoing messages

  1. In IIS Manager, expand the SMTP virtual server, and then click Domains.

  2. In the details pane, right-click the remote domain you want to change, and click Properties.

  3. On the General tab, click Outbound Security.

  4. Click Anonymous access, and then click OK.

To set Basic authentication for outgoing messages

  1. In IIS Manager, expand the SMTP virtual server, and then click Domains.

  2. In the details pane, right-click the remote domain you want to change, and click Properties.

  3. On the General tab, click Outbound Security.

  4. Click Basic authentication.

  5. In the User name box, type the user name; and in the Password box, type the password of the computer to which you are connecting.

  6. Click OK.

Important

If Basic authentication is your only authentication method, it is strongly recommended that you also require TLS encryption to avoid unauthorized detection of user names and passwords.

To set Integrated Windows authentication for outgoing messages

  1. In IIS Manager, expand the SMTP virtual server, and then click Domains.

  2. In the details pane, right-click the remote domain you want to change, and click Properties.

  3. On the General tab, click Outbound Security.

  4. Click Integrated Windows Authentication.

  5. In the Account box, type the Windows account name; and in the Password box, type the password.

  6. Click OK.