Configure SMTP Server on Windows 2012 to use Gmail to relay messages

If you need to quickly test your applications’ ability to send mail, you can setup Gmail as a smart host using your Gmail account for authentication.

Installing SMTP Server

Follow the steps 1 – 9 in this post for the manual installation or run the PowerShell commands below on your server:

PS C:\Users\admin> Add-WindowsFeature SMTP-Server,Web-Lgcy-Scripting
PS C:\Users\admin> Set-Service SMTPSVC -startuptype "automatic"
PS C:\Users\admin> Start-Service SMTPSVC

Configure SMTP Server

To configure the SMTP server to forward emails to Gmail, follow these steps:

1. Open Internet Information Services (IIS) Manager 6; click Start > Run and then enter inetmgr6 in the dialogue box then click OK to load IIS Manager 6.

2. In IIS 6 Manager right-click on SMTP Server and select Properties:

3. In the General tab, unless you want the SMTP Server to use a specific IP address,  leave the settings as they are so that the IP address is set to (All Unassigned):

4. To proceed, click on the Access tab:

5. Click on the Authentication button and ensure Anonymous access is checked and then click OK:

6. Once back in the Access tab, click on the Connection button. Select Only the list below and then click Add. Assuming that your application runs locally on the server, enter 127.0.0.1 as the IP address and then click OK:

The Connection setting controls which computers can connect to the SMTP server and send mail. By granting only localhost (127.0.0.1) access, limits only the server itself the ability to connect to the SMTP server. If the server running your application runs on a separate server to the SMTP server then add its IP address to the Connection list also.

7. Click OK to return to the Access tab and then click on the Relay button. Enter 127.0.0.1 as the IP address and then click OK:

The Relay section determines which computers can relay mail through this SMTP server. By only allowing the localhost IP address (127.0.0.1) relay permissions it means that only the server itself can relay mail. If the server running your application runs on a separate server to the SMTP server then add its IP address to the Connection list also.

8. Next, go to the Messages tab. Here you can enter an email address where copies of non-delivery reports are sent to. Leave the other default settings as they are:

20130427131034

9. Next, go to the Delivery tab:

10. Click on the Outbound Security button and ensure Basic authentication is selected, then enter your Gmail user name and password and check TLS encryption:

20140119212758

11. Click OK to return to the Delivery tab and then click on Outbound Connections. Leave the defaults as they are but change TCP port to 587:

20140119212904

12. Click OK to return to the Delivery tab and then click on the Advanced button:

20140120234701

Here you will need to enter the Fully-qualified domain name (FQDN) of the SMTP server. Successful mail delivery doesn’t depend on the FQDN being set in this instance as long as you have configured the correct Gmail credentials in step 19 and have set the Smart host.

Enter smtp.gmail.com in the Smart host section.  This is where the SMTP server will forward messages to. Gmail will then take care of actually delivering the mail to is intended recipient(s) if it successfully authenticates the connection using the Gmail user name and password provided in step 19.

Due to changes in Gmail’s security policy, the steps above are not enough to guarantee successful delivery through their mail platform. You also need to perform the steps below before proceeding to testing:

13. Login to your Gmail account and go this link, which contains your account information and security settings:

20170530125045

14. Then scroll down to the bottom of the Sign-in and security section and drag the Allow less secure apps to the ON position, per the below:

20170530125141

 

Testing

To test the Gmail smart host run the PowerShell command below, changing where appropriate the -SMTPServer-To and -From parameters:

PS C:\Users\admin> Send-MailMessage -SMTPServer localhost -To xxxxx@yourdomain.com -From xxxxx@gmail.com -Subject "This is a test email" -Body "Hi, this is a test email sent using Gmail as a smart host"

This email was delivered successfully to my Gmail inbox:

20140121202111

Note: The received message will always appear as if it were sent from your Gmail account, irrespective of the -From parameter in the PowerShell command above or in the message generated by your application.

  • Manuel Razo

    hola no puedo hacer que me funcione el IIS Relay con Gmail puedes Ayudarme?

  • japinator

    ¿Puede proporcionar más información? ¿Qué has hecho hasta ahora? ¿Qué errores estás viendo? ¿Se puede hacer telnet a los servidores de Gmail?

  • http://es.linkedin.com/in/jrgimeno Josep Ramon Gimeno

    Me sirvio de mucho! Solo tuve que deshabilitar desde mi cuenta de gmail la seguridad avanzada para que enviará los mensajes correctamente. Saludos

    • japinator

      ¡Buenas noticias! Feliz de saber que funcionó para usted.

  • ANonymous

    Hi,

    I would like to send attachment through pickup mailroot. Is that possible?
    I would be using gmail smtp configuration and can i use notepad script to attach file?

  • Pingback: Configuring SMTP for Sending Email from AX | DYNAMICS AX SOLUTIONS()

  • Pingback: Configuring SMTP for Sending Email from AX - Microsoft Dynamics AX Community()

  • Ralms

    Hi there,

    The configuration worked altthough Gmail automatically blocked the sign-in attempt due to: “an app that doesn’t meet modern security standards.”

    Although I turnon the option to allow the sign-in, I was wondering if there was any solution for this?

    Thanks.

    • http://www.vsysad.com japinator

      Hi Ralms, I will check this on my lab and get back to you. I believe Google have changed their security requirements for apps authenticating using your Google account. You need to enable “Allow less secure apps” within your Google account.

      • georgebirbilis

        that setting is at https://myaccount.google.com/security?utm_source=OGB&pli=1&nlr=1#connectedapps – I’m getting though “Send-MailMessage : Unable to read data from the transport connection: net_io_connectionclosed.” – Is it something with the external firewall?

        • georgebirbilis

          btw, I’m getting the same when I try to send directly from ASP.NET (MonoX Social CMS) to Gmail

          • georgebirbilis

            replying to myself, created the smtp virtual server again (disabled the one that was using localhost) and apart from telling it that it is at the dns name of the server, configured all access control to that too and the powershell worked (specified the dns name in the powershell command and not localhost)

          • http://www.vsysad.com japinator

            Nice, glad it worked! Thanks for the link to the Google settings page.

  • kingofbytes

    This is a great write up. I actually did this myself but bookmarked your page since I’ll definitely forget the steps in the future. Many thanks!

    • http://www.vsysad.com japinator

      No problem buddy :)

  • Neil Jackson

    Billiant. Anyone who, like me, needs to make an antiquated multi-function printer/scanner, incapable of doing authenticated or encrypted SMTP connections, send emails will benefit greatly from this. Thank you. Thank you. Thank you.

    • http://www.vsysad.com japinator

      Thanks Neil. Just like yourself I have set this up many times on printers and other infrastructure devices. I have a Synology NAS device at home which uses this same method to send me notifications via Gmail. Very useful.

  • georgebirbilis

    this image is a link instead of being inside the article flow http://vsysad-1498.kxcdn.com/wp-content/uploads/2012/04/20130427131034.jpg

    • http://www.vsysad.com japinator

      Hi George, it is supposed to be a link, I use a CDN provider to host my images. This is fairly common.

      • georgebirbilis

        for some reason it was just showing me the link, not an image inside the post – now it shows ok

  • georgebirbilis

    step 12 shouldn’t say “and then click on Outbound Connections”

    • http://www.vsysad.com japinator

      Thanks, I corrected step 12.

  • georgebirbilis

    at step 7 why keep that checkbox “Allow all computers……” checked?

    • http://www.vsysad.com japinator

      For environments subject to regular changes keeping that box checked allows servers that were running on a specific IP or network that was granted access but have since been changed to another IP or network that aren’t in that granted section to continue having emails successfully relayed through the SMTP Server. Checking that box doesn’t impact what you are trying to achieve. Moreover, a secure solution infrastructure mitigates any perceived risk that setting incurs.

  • georgebirbilis

    The relays were working fine yesterday, but today found them both stopped and had to manually start them. Only thing I remember having done in between is some reboot. Aren’t they supposed to autostart after reboot?

    • http://www.vsysad.com japinator

      If you ran the PowerShell commands at the top of the post to set the smtp service to automatic then it should start automatically after a reboot.

      The PowerShell command to run is:

      Set-Service SMTPSVC -startuptype “automatic”

      To start the service run:

      Start-Service SMTPSVC

      • georgebirbilis

        Had set it up manually in order to see the steps (you were pointing to the 1st steps at another article). Don’t remember seeing mention at the other article to change SMTPSVC to automatic, or didn’t notice it. Thanks for the pointer

  • Mind Freak

    Hey guys I’ve been trying to set up my SMTP server for months now. I have a .NET application that needs to send e-mails for account activation, password reset, etc… and it’s hosted on a 2008 R2 machine. I have also purchased a domain name and forwarded all DNS records to the machine. But no matter how hard I’m searching I can’t find a way to send emails from a “no-reply@domain.com” address with authentication (only anonymous auth works) and I need authentication for security purposes can anyone help?