Configuring Inbound email settings (MOSS 07)

This is a piece of functionality that can enhance the "Stickiness" of a SharePoint site, especially in large organizations – yet it hardly ever gets a mention. As a consultant, I’m always looking for ways to wow people during demos, to add value during a deployment and to increase people’s dependence on MOSS / WSS (because it generates income). Here are some scenarios where using this has an immediate collaborative benefit:

  1. Permanent record for all communication to a distribution list (eg team announcements). New starters can be pointed to the team site and can quickly get up to speed with what the team’s been up to.
  2. Permanent indexable, searchable record of communiqués from an IT help desk. Build up your issue resolution knowledge bank with no extra effort on the user’s part.
  3. Legislative requirements requiring you to keep all email communications for 7 years, then dispose of them? Sounds like Email-enabled Document Libraries + Information Management to me 🙂

The instructions for configuring these settings can be found here: http://technet2.microsoft.com/Office/en-us/library/88317397-e0cb-47c7-9093-7872bc6852131033.mspx?pf=true


Before you configure incoming e-mail settings in Office SharePoint Server 2007, confirm that:

  • You have read the topic Plan incoming e-mail (Office SharePoint Server) [http://technet2.microsoft.com/Office/en-us/library/ca092ed2-4aa2-4c2e-b273-661ca6a76e011033.mspx] .
  • One or more servers in your server farm are running the Internet Information Services (IIS) Simple Mail Transfer Protocol (SMTP) service, or you know the name of another server that is running the SMTP service. This server must be configured to accept relayed e-mail from the mail server for the domain.
  • One or more servers in your server farm are running the Microsoft SharePoint Directory Management Service, or you know the name of another server that is running the SharePoint Directory Management Web Service.
  • The application pool account for the SharePoint Central Administration Web site is delegated the Create, delete, and manage user accounts task for the container in the Active Directory directory service.
  • The application pool account for Central Administration, the logon account for the Windows SharePoint Services Timer service, and the application pool accounts for your Web applications have the correct permissions to the e-mail drop folder.
  • The domain controller running Active Directory has a Mail Exchanger (MX) entry in DNS Manager for the mail server that you plan to use for incoming e-mail.

All of these configuration steps are described in detail in the following sections.

  • Install and configure the SMTP service

    Incoming e-mail for Office SharePoint Server 2007 uses the SMTP service. The SMTP service can be either installed on one or more servers in the farm, or administrators can provide an e-mail drop folder for e-mail forwarded from the service on another server. The drop folder option is not recommended because administrators of the other server can affect the availability of incoming e-mail by changing the configuration of SMTP, and because this requires the additional step of configuring permissions to the e-mail drop folder.

    If a drop folder is not used, the SMTP service must be installed on each server that is used to receive and process incoming e-mail. Typically, this includes every front-end Web server in the farm.

    Start the Windows SharePoint Services Web Application service

    Each server that is running the SMTP service must also be running the Windows SharePoint Services Web Application service. These servers are called front-end Web servers. In many cases, this service will have already been configured.

    Important:

    Membership in the Farm Administrators group of the Central Administration site is required to complete this procedure.

    Start the Windows SharePoint Services Web Application service

    1. On the top navigation bar, click Operations.
    2. On the Operations page, in the Topology and Services section, click Services on server.
    3. On the Services on Server page, find Windows SharePoint Services Web Application in the list of services, and click Start.
    Install the SMTP service

    The SMTP service is a component of IIS. It must be installed on every front-end Web server in the farm that you want to configure for incoming e-mail.

    Important:

    Membership in the Administrators group on the local computer is required to complete this procedure.

    Install the SMTP service

    1. In Control Panel, click Add or Remove Programs.
    2. In Add or Remove Programs, click Add/Remove Windows Components.
    3. In the Windows Components Wizard, in the Components box, click Application Server, and then click the Details button.
    4. In the Application Server dialog box, in the Subcomponents of Application Server box, click Internet Information Services (IIS), and then click the Details button.
    5. In the Internet Information Services (IIS) dialog box, select the SMTP Service check box.
    6. Click OK to return to the Application Server dialog box.
    7. Click OK to return to the main page of the Windows Components Wizard.
    8. Click Next.
    9. When Windows has finished installing the SMTP service, on the Completing the Windows Components Wizard page, click Finish.
    Configure the SMTP service

    After installing the SMTP service, you must configure the service to accept relayed e-mail from the mail server for the domain.

    You can decide to accept relayed e-mail from all servers except those you specifically exclude. Alternatively, you can block e-mail from all servers except those you specifically include. You can include servers individually, or in groups by subnet or domain.

    Important:

    Membership in the Administrators group on the local computer is required to complete this procedure.

    Configure the SMTP service

    1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
    2. In IIS Manager, expand the server name that contains the SMTP server that you want to configure.
    3. Right-click the SMTP virtual server that you want to configure, and then click Properties.
    4. On the Access tab, under Access control, click Authentication.
    5. In the Authentication dialog box, under Select acceptable authentication methods for this resource, verify that Anonymous access is selected.
    6. Click OK.
    7. On the Access tab, under Relay restrictions, click Relay.
    8. To enable relaying from any server, under Select which computer may relay through this virtual server, select All except the list below.
    9. To accept relaying from one or more specific servers, follow these steps:
      1. Under Select which computer may relay through this virtual server, select Only the list below.
      2. Click Add, and then add servers one at a time by IP address, or in groups by using a subnet or a domain.
      3. Click OK to close the Computer dialog box.
    10. Click OK to close the Relay Restrictions dialog box.
    11. 1Click OK to close the Properties dialog box.
    Add an SMTP connector in Exchange Server

    In some scenarios, mail from Microsoft Exchange Server computers might not be automatically relayed to the Office SharePoint Server 2007 servers that are running the SMTP service. In these scenarios, administrators of Exchange mail servers can add an SMTP connector so that all mail sent to the Office SharePoint Server 2007 domain uses the Office SharePoint Server 2007 servers that are running the SMTP service.

    For more information about SMTP connectors, see the Help documentation for Exchange Server.

    Top of pageTop of page

    Configure Active Directory

    Incoming e-mail requires the Microsoft SharePoint Directory Management Service. This service connects SharePoint sites to the directory services used by your organization. If you enable the Microsoft SharePoint Directory Management Service, users can create and manage distribution groups from SharePoint sites. SharePoint lists that use e-mail can then be found in directory services, such as the Address Book. You must also select which distribution group requests from SharePoint lists require approval. The Microsoft SharePoint Directory Management Service can be installed on a server in the farm, or you can use a remote Microsoft SharePoint Directory Management Service.

    If you install the Microsoft SharePoint Directory Management Service on this farm or this server, the Central Administration application pool account that is used by Office SharePoint Server 2007 must have the Create, delete, and manage user accounts right to the container that you specify in Active Directory. The preferred way to do this is by delegating the right to the Central Administration application pool account. An Active Directory administrator must set up the organizational unit (OU) and delegate the Create, delete, and manage user accounts right to the container. The advantage of using the Microsoft SharePoint Directory Management Service on a remote farm is that you do not have to install and configure Active Directory on every farm.

    The following procedures are performed on a domain controller that runs Microsoft Windows Server 2003 SP1 (with DNS Manager) and Microsoft Exchange Server 2003 SP

    Important:

    Membership in the Domain Administrators group or delegated authority for domain administration is required to complete this procedure.

    Create an organizational unit in Active Directory

    1. Click Start, point to Control Panel, point to Administrative Tools, and then click Active Directory Users and Computers.
    2. In Active Directory Users and Computers, select the folder for the second-level domain that contains your server farm.
    3. Right-click the folder, point to New, and then click Organizational Unit.
    4. Type the name of the organizational unit, and then click OK.

    After creating the organization unit, it is recommended that you delegate the Create, delete, and manage user accounts right to the container.

    Important:

    Membership in the Domain Administrators group or the Enterprise Administrators group in Active Directory, or delegated authority for administration, is required to complete this procedure.

    Delegate right to the application pool account

    1. In Active Directory Users and Computers, select the organizational unit that you just created.
    2. Right-click the organizational unit, and then click Delegate control.
    3. On the Tasks to Delegate page of the Delegation of Control Wizard, select the Create, delete, and manage user accounts check box.
    4. On the next page of the wizard, type the name of the application pool account.
    5. On the last page of the Delegation of Control Wizard, click Finish to exit the wizard.

    If you must add permissions for the Central Administration application pool account directly, complete the following procedure.

    Important:

    Membership in the Account Operators group, Domain Administrators group, or the Enterprise Administrators group in Active Directory, or delegated authority for administration, is required to complete this procedure.

    Add permissions for the application pool account

    1. In Active Directory Users and Computers, click the View menu, and then click Advanced Features.
    2. Right-click the organizational unit that you just created, and then click Properties.
    3. In the Properties dialog box, click the Security tab, and then click Advanced.
    4. Click Add, and then type the name of the application pool account.
    5. Click OK.

    If you decide instead to use the remote Microsoft SharePoint Directory Management Service, you must know the URL for the service. This URL is typically in the format http://server:adminport/_vti_bin/SharePointEmailWS.asmx.

    For more information about Active Directory, see the Help documentation for Active Directory.

    Configure permissions to the e-mail drop folder

    When incoming e-mail settings are set to advanced mode, you must ensure that certain accounts have the correct permissions to the e-mail drop folder.

    Configure e-mail drop folder permissions for the logon account for the Windows SharePoint Services Timer service

    Ensure that the logon account for the Windows SharePoint Services Timer service has the Modify permission on the e-mail drop folder. If the logon account for the service does not have the Modify permission, e-mail enabled document libraries will receive duplicate e-mail messages.

    Important:

    Membership in the Administrators group on the local computer that contains the e-mail drop folder is required to complete this procedure.

    Configure e-mail drop folder permissions

    1. In Windows Explorer, right-click the drop folder, click Properties, and then click the Security tab.
    2. On the Security tab, under the Group or user names box, click the Add button.
    3. In the Select Users, Computers, or Groups dialog box, in the Enter objects to select box, type the name of the logon account for the Windows SharePoint Services Timer service, and then click OK.
      Note: This account is listed on the Log On tab of the Properties dialog box for the service in the Services console.
    4. In the Permissions for User or Group box, next to Modify, select the Allow check box.
    5. Click OK.
    Configure e-mail drop folder permissions for the application pool account for a Web application

    If your deployment uses different application pool accounts for Central Administration and one or more Web applications for front-end Web servers, each application account must have permissions to the e-mail drop folder. If the application pool account for the Web application does not have the required permissions, e-mail will not be delivered to document libraries on that Web application.

    In most cases, when you configure incoming e-mail settings and select an e-mail drop folder, permissions are added for two worker process groups:

    • WSS_Admin_WPG, which includes the application pool account for Central Administration and the logon account for the Windows SharePoint Services Timer service, has Full Control permission. 
    • WSS_WPG, which includes the application pool accounts for Web applications, has Read & Execute, List Folder Contents, and Read permissions.

    In some cases, these groups might not be configured automatically for the e-mail drop folder. For example, if Central Administration is running as the Network Service account, the groups or accounts needed for incoming e-mail will not be added when the e-mail drop folder is created. It is a good idea to check whether these groups have been added automatically to the e-mail drop folder. If the groups have not been added automatically, you can add them or add the specific accounts that are required.

    Important:

    Membership in the Administrators group on the local computer that contains the e-mail drop folder is required to complete this procedure.

    Configure e-mail drop folder permissions

    1. In Windows Explorer, right-click the drop folder, click Properties, and then click the Security tab.
    2. On the Security tab, under the Group or user names box, click the Add button.
    3. In the Select Users, Computers, or Groups dialog box, in the Enter objects to select box, type the name of the worker process group or application pool account for the Web application, and then click OK.
      Note: This account is listed on the Identity tab of the Properties dialog box for the application pool in IIS.
    4. In the Permissions for User or Group box, next to Modify, select the Allow check box.
    5. Click OK.

    Configure DNS Manager

    Incoming mail requires a Mail Exchanger (MX) resource record to be added in DNS Manager for the host or subdomain running Office SharePoint Server 200This is distinct from any existing MX records in the domain.

    Important:

    Membership in the Administrators group on the local computer is required to complete this procedure.

    Add a Mail Exchanger (MX) resource record for the subdomain

    1. In DNS Manager, select the forward lookup zone for the domain that contains the subdomain for Office SharePoint Server 200
    2. Right-click the zone, and then click New Mail Exchanger.
    3. In the Host or domain text box, type the host or subdomain name for Office SharePoint Server 200
    4. In the Fully qualified domain name (FQDN) of mail server text box, type the fully qualified domain name for the server that is running Office SharePoint Server 200This is typically in the format subdomain.domain.com.
    5. Click OK.

    Configure attachments from Outlook 2003

    Attachments to messages sent from Microsoft Outlook 2003 must be encoded in UUEncode or Binhex format to appear separately in e-mail enabled document libraries. Attachments from Outlook 2003 that use different encoding will not be listed, but e-mail messages that contain attachments will be listed.

    Configure incoming e-mail settings

    Before you can enable incoming e-mail on the server that is running Office SharePoint Server 2007, you must have configured the SMTP service on front-end Web servers in the farm and the Active Directory and DNS Manager on the domain controller, or you must know the name of other servers that are running these services.

    This procedure configures the settings that are used for incoming e-mail. You can also configure options for safe e-mail servers and the incoming e-mail display address.

    Important:

    Membership in the Administrators group of the Central Administration site is required to complete this procedure.

    Configure incoming e-mail settings

    1. On the top navigation bar, click Operations.
    2. On the Operations page, in the Topology and Services section, click Incoming e-mail settings.
    3. If you want to enable sites on this server to receive e-mail, on the Incoming E-mail Settings page, in the Enable Incoming E-Mail section, click Yes.
    4. Select either the Automatic or the Advanced settings mode.
      If you select Advanced, you can specify a drop folder instead of using an SMTP server.
    5. If you want to connect to the Microsoft SharePoint Directory Management Service, in the Directory Management Service section, click Yes.
      1. In the Active Directory container where new distribution groups and contacts will be created box, type the name of the container in the format OU=ContainerName, DC=domain, DC=com, where ContainerName is the name of the organizational unit in Active Directory, domain is the second-level domain, and com is the top-level domain.
        Note: The Central Administration application pool account must be delegated the Create, delete, and manage user accounts task for the container. Access is configured in the properties for the organizational unit in Active Directory.
      2. In the SMTP mail server for incoming mail box, type the name of the SMTP mail server. The server name must match the fully qualified domain name in the MX entry for the mail server in DNS Manager.
      3. To accept only messages from authenticated users, click Yes for Accept messages from authenticated users only. Otherwise, click No.
      4. To allow creation of distribution groups from SharePoint sites, click Yes for Allow creation of distribution groups from SharePoint sites. Otherwise, click No.
      5. Under Distribution group request approval settings, select the actions that will require approval. Actions include the following:
        • Create new distribution group

        • Change distribution group e-mail address 

        • Change distribution group title and description 

        • Delete distribution group
      6. If you want to use a remote SharePoint Directory Management Web Service, select Use remote.

     

    1. In the Directory Management Service URL box, type the URL of the Microsoft SharePoint Directory Management Service that you want to use.
    2. In the SMTP mail server for incoming mail box, type the name of the SMTP mail server. The server name must match the fully qualified domain name in the MX entry for the mail server in DNS Manager on the domain server.
    3. To accept messages from authenticated users only, click Yes for Accept messages from authenticated users only. Otherwise, click No.
    4. To allow creation of distribution groups from SharePoint sites, click Yes for Allow creation of distribution groups from SharePoint sites. Otherwise, click No.
    5. If you do not want to use the Microsoft SharePoint Directory Management Service, click No.
    6. In the Incoming E-Mail Server Display Address section, type a display name for the e-mail server (for example, mail.fabrikam.com) in the E-mail server display address box.
      Tip: You can specify the e-mail server address that is displayed when users create an incoming e-mail address for a list or group. Use this setting together with the Microsoft SharePoint Directory Management Service to provide an e-mail server address that is more user-friendly.
    7. In the Safe E-Mail Servers section, select one of the following options:
      • Accept mail from all e-mail servers
      • Accept mail from these safe e-mail servers. If you select this option, type the IP addresses (one per line) of the e-mail servers that you want to specify as safe in the corresponding box.
    8. In the E-mail Drop Folder section, in the E-mail drop folder box, type the name of the folder in which Microsoft Windows SharePoint Services polls for incoming e-mail from the SMTP service. This option is available only if you selected advanced mode.
    9. Click OK.

    Top of pageTop of page

    Configuring incoming e-mail on SharePoint sites

    After configuring incoming e-mail settings, site administrators can configure e-mail enabled lists and document libraries. For more information about e-mail enabled document libraries, see the Help documentation for site administrators.

    Contact addresses created for these document libraries appear automatically in Active Directory Users and Computers under the organizational unit for Office SharePoint Server 2007, and must be managed by the administrator of Active Directory. The Active Directory administrator can add more e-mail addresses for each contact. For more information about how to manage contacts in Active Directory, see the Help documentation for Active Directory.

    Alternatively, the Exchange Server computer can be configured by adding a new Exchange Server Global recipient policy to automatically add external addresses that use the second-level domain name and not the subdomain or host for Office SharePoint Server 200For more information about how to manage Exchange Server, see the Help documentation for Exchange Server.

  • Advertisements

    About Brad Saide

    I'm a SharePoint consultant. I'm also slowly going bald, seem to have a permanent spare tyre around my waist and enjoy socialising with friends over a beer or 10. The last 2 may possibly be related. Started working with SharePoint when the first version was in limited beta release (participated in the Technology Adoption Program while at Woolworths) and have been committed to the adoption of the technology as a business enabler ever since.
    This entry was posted in Uncategorized. Bookmark the permalink.

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s