This site runs on DNN cause I’m not a developer and have used it in the past. DNN includes the ability to send mail from applications to an SMTP server if properly configured. However, I was unable to get DNN's SMTP capability to work with the Exchange Online until recently. This article describes how to configure DNN and a local SMTP service to work with the current Exchange Online service provided by BPOS.
In nutshell, if you configure the DNN Host settings as you think you might in order to send mail to Exchange Online, it fails. The specific settings are in the HOST page, SMTP settings which show the following settings:
I tried a number of variations including insuring the host email address in DNN is the same as the SMTP usersname, using frontbridge.micosoftonline.com and adding the IP address of this server to the Exchange Online Allow list.
The error message is not very informative but a network capture proved that DNN is connecting to Exchange Online but Exchange Online hangs up on the connection after TLS is requested.
Since I don’t have infinite time and there are few articles on the net about DNN and Exchange Online, I decided to break out the trusty SMTP service from IIS and give it a go.
Installing the SMTP service on and Windows Server 2008 R2 system is a bit of a throwback experience as it uses the IIS 6 management console instead of the fancy new IIS 7 management console. This is because in IIS 6, you could manage FTP, SMTP, and IIS in the same MMC console but in IIS 7, the IIS team dropped everything but IIS. They quickly picked up FTP again after IIS 7 was released due to massive public demand for an updated FTP service, but the SMTP service still lingers in the IIS 6 style MMC console and uses the IIS 6 metabase. But I digress.
After installing the SMTP service, open the properties for the service in IIS 6.0 Manager (even though IIS 6 is not installed, that is what it says). You do not need to create a new domain in the SMTP service unless you want/need to. Configuring the existing domain (SMTP virtual service #1) will work fine. Click on Access and on the Authentication area, allow Anonymous access.
Be advised that this setting allows anyone to connect to your SMTP service, but the way we are going to configure the remaining settings will prevent the service from becoming an open relay. That would be bad.
Click Ok and then click Connections to show:
In this box add the IP address of the DNN server. This prevents anyone other server or service from connecting to the SMTP service on the DNN box. Very important step – don’t’ skip this.
You could also add localhost here if you wanted.
Click OK and then click the Relay button to show:
Add the IP address of the server to this box. This in effect prevents any box that does connect from relaying unless they are listed here. You can further harden the configuration by clearing the “Allow all computers which successfully authenticate…” checkbox. This isn’t super critical as you would typically allow any service that can actually login with a username and password to use SMTP, but hey, it just takes a second to clear the box and won’t create problems for our intentions so why not.
Yes the above entry and this entry are inconsistent, but I’d rather type this sentence than redo the screenshot.
We’ve configured the service to allow only the server on which it is installed to send mail, so now we need to configure the outbound portion of the service.
Click OK and then click the Delivery Tab. On the delivery screen click Outbound Security to show:
Set Basic Authentication and enter the username and password of real Exchange Online mailbox. This account must have a license assigned. Key problem is that when your BPOS password is changed, the mail relay will fail. I’ve heard you can ask support to setup an account for you that is designed for service like this to use and set it to a non-expiring password, but I’ve not actually done that so can’t say for sure. You could then give full control of that account to user with the Powershell commands. However, for my purposes, it’s just as easy for me to set a reminder in Outlook to change the password in DNN at the same time I change it for BPOS.
Enable TLS encryption as this is required to connect to Exchange Online.
Click OK and then click the Out Bound Connections tab to show:
I usually set the number of connections way low in the event something goes really wrong. If you use DNN to send a lot of email from the SMTP service to Exchange Online, you may want to increase this but my guess is that Exchange Online itself will not accept 100s of connections from the same server.
Set the TCP port to 587 which is required for use with smtp.mail.microsoftonline.com
Click OK, then click Advanced Delivery to show:
On this page, enter the name of the domain you want to connect to on Exchange Online as the Masquerade domain. This setting causes the SMTP service to “pose” as if it were that domain.
For the FQDN, I added the non-existent hostname dnn. to the existing hilltechservices.com address.
In the Smart Host setting, enter SMTP.mail.microsoftonline.com. This setting causes the SMTP service to relay all mail to Microsoftonline.com rather than send mail itself. The SMTP service is fully capable of sending thousands of mails directly and will happily try to just that unless you direct it send all mail to the Smart Host.
That’s it for the SMTP service. You may also want to enable logging for the service which is a good idea as a best practice. If you do a volume of email, you will need to manage the log files so they don’t wind up consuming your disk space, but they are just standard text files which compress extremely well.
Now we go back to the DNN Host SMTP configuration and change the settings to look like this:
Clicking Test results in an happy result and an email in my Exchange Online mailbox from me to me. A look at the email headers shows the source as the SMPT service.
Received: from dnn.hilltechservices.com (184.108.40.206) by
smtp.mail.microsoftonline.com (10.32.21.30) with Microsoft SMTP Server (TLS)
id 220.127.116.11; Sat, 27 Nov 2010 18:08:35 -0800
Received: from HYPV2613 ([18.104.22.168]) by dnn.hilltechservices.com with
Microsoft SMTPSVC(7.5.7600.16601); Sat, 27 Nov 2010 21:08:10 -0500
I experimented with changing the Host email address in DNN to email@example.com and then adding an alias for the brett account in Exchange Online. That works in that mail is delivered to firstname.lastname@example.org, but the reply to is set by Exchange Online to brett@hilltechservices, so I can’t see easily tell from the the TO: line that it came from DNN. So the Subject will have to do to quickly identify mail incoming from DNN which works fine for triggering rules to call out important mail or feedback from applications that you want to surface.
Changing any variable in this setup could cause a different result. Be sure to add the IP address of the SMTP service to the Exchange Online Allow list. That’s probably why dnn.hilltechservices.com was permitted even though Exchange Online is authoritative for hilltechservices.com
Hopefully, this is helpful to anyone using DNN and Exchange Online. Let me know if you have suggested updates and modifications to these suggestions.