SharePoint outgoing mail is one of the simpler aspects of configuring your farm. You pretty much just point it to an outgoing email server. It can get slightly more complicated when you think about securing that outgoing email server.
SharePoint has no mechanism for authenticating with and SMTP server. That means that for SharePoint to be able to send out email notifications you'll have to leave it open for anonymous relaying and connections. Your SMTP server can be secured by only allowing connections to and relaying from known, safe servers.
So, which servers do you need to allow connections from in your SharePoint farm? The answer is ll of the front ends and the Central Administration(CA) server. At first I thought it was only the CA, but when we had some email issues I took a look at the SMTP logs and the SMTP server was recieving connections from all of the front end servers. It appears that the on-demand emails that are generated (access request emails, workflow start emails) are sent directly from the server the person is connected to at the time and the scheduled alert emails are sent from the Central Admin server.
One way of configuring you SharePoint mail environment would be to configure one of your front ends or your Central Administration server to be an SMTP server (this will also be beneficial for if/when you want to configure incoming email). Set it up to only allow relaying from the other front end servers in the farm and set up your network's SMTP server as a Smart host.
In this configuration you will have the ability to gather metrics on emails coming from SharePoint and you can worry about reconfiguring the SMTP server for relaying if you add new servers rather than bother your networking folks, they only have to worry about your single SMTP server now.
No comments:
Post a Comment