How to Configure Email Routing to SharePoint in SBS 2011 Standard

[Today's post comes to us courtesy of Shawn Sullivan and Justin Crosby from Commercial Technical Support]

Some of you who have worked with SBS 2011 so far may have noticed a change in how archived email for security groups is handled; for details see our previous post. SharePoint document libraries are no longer used for email storage; this job has now been given to Public Folders. As a result, the configuration necessary to allow the routing of email from Exchange to SharePoint is no longer done automatically for you during SBSSetup. However, it is possible to have this functionality on SBS 2011 as well; you just need to perform the configuration manually. This post will show you how and covers the following areas:

  • Enabling incoming email in SharePoint.
  • Creating a mail enabled SharePoint document library.  We will cover how to allow this library to receive email from unauthenticated users, which is critical if you want it to receive email from internet senders.
  • Configuring the mail drop directory and foreign connector for Exchange 2011.
  • Configuring a security group that will archive to the document library. We will cover how to allow this group to receive email from the internet.

Note: The SBS 2011 Add Security Group wizard is hardcoded to give you the option to archive to a Public Folder only. It will remain this way even after following these steps. There is no way to change the wizard’s options.

 

Enable incoming email in SharePoint

Incoming email is not enabled in SharePoint 2010 running on SBS 2011 by default. You will need to enable it, choose the “Companyweb” SMTP namespace, and enter the path of the drop directory that the SharePoint Timer service will poll for incoming email:

  1. Go to Start > Microsoft SharePoint 2010 Products > SharePoint 2010 Central Administration

  2. On the left side of the window, select System Settings and choose Configure incoming e-mail settings.

    clip_image002

    Note: You may receive a message regarding the fact that the IIS SMTP service is not installed on the server, this is normal. Do not install the IIS SMTP service.

  3. Under “e-mail settings” do the following:

    1. Select Yes to Enable sites on this server to receive e-mail

    2. Enter Companyweb under E-mail server display address:

    3. Enter c:\inetpub\mailroot\drop under E-mail drop folder:

    4. Leave the rest of the settings at default.

      Your configuration should look exactly like this:
      clip_image003

Create the document library

You’ll need a place inside your Companyweb site to store the archived email that will have an email address for you to send to. To do this:

  1. Browse https://companyweb

  2. In the upper left-hand corner of the page, expand Site Actions and choose New Document Library.

  3. Give the library a name and an email alias of your choosing, then click Create.

    clip_image004

  4. Your browser will be taken directly to the library, where you can further edit the email settings:

    1. Click on Library Tools > Library > Library Settings

      clip_image006

    2. Click Incoming e-mail settings. Here you will find options for storing attachments, whether or not to save the original .EML in the library, and whether or not to bypass the default library security.

      Note: By default only members of Windows SBS SharePoint_MembersGroup and Windows SBS SharePoint_OwnersGroup have rights to send email to any library you create. You can override this setting at the library level; it will not perform a lookup of the sender against the groups and will accept e-mail from anyone.  If you wish to do this, select the Accept e-mail messages from any sender.

      clip_image007

Configure drop directory, foreign connector and remote domain

Now we are ready to create the pieces that will physically connect Exchange and SharePoint as far as SMTP is concerned. Basically, Exchange will use the foreign connector to determine that email destined for the @Companyweb domain should be sent to the drop folder (c:\inetpub\mailroot\drop). SharePoint, on the other side, will pick the email up from this folder, read the recipient, and place the email into the document library that has the matching email address.

  1. Create the “c:\inetpub\mailroot\drop” folder and add FULL CONTROL permissions to NETWORK SERVICE and All Authenticated Users.
    IMPORTANT: If you do not add these permissions, Exchange will not have the right to place mail in the folder and SharePoint will not have the right to pick mail up out of the folder.
  2. Launch the Exchange 2010 Management shell as Administrator and run the following commands to create the foreign connector:
    1. Get-TransportServer | Set-TransportServer -RootDropDirectory c:\inetpub\mailroot\
    2. New-ForeignConnector -Name "CompanyWeb Connector" -AddressSpaces {smtp:companyweb;1}
    3. Set-ForeignConnector "CompanyWeb Connector" -DropDirectory Drop
    4. New-remotedomain -name "Windows SBS Company Web Domain" -domainname "companyweb"
    5. Set-remotedomain "Windows SBS Company Web Domain" -tnefenabled $false

To begin testing this, you should be able to send an email to the document library by directly addressing it in OWA. Any mistakes made with the above steps will result in errors that are documented fairly well in the SharePoint Products Event Viewer log: Application and Services Logs > Microsoft > SharePoint Products > Shared > Operational.

Archiving email to this library

In order to route e-mail sent to a security group, you will have to create a contact for the SharePoint document library and add it as a member of the group. You can actually use either a distribution group or a security group here.

In this example, we will create a contact for mylist@companyweb and add it to the new test distribution group. This group’s SMTP address will be derived from the e-mail address policy, which will allow it to receive e-mail from the internet. Unless you specify otherwise, no sender restrictions are placed on the group.

  1. From the same Exchange 2010 Management shell, run the following command to create the contact:
    New-MailContact –Name MyList –ExternalEmailAddress MyList@Companyweb
  2. Run to following to create the group while adding the contact as a member:
    New-DistributionGroup –Name Test –Members MyList@Companyweb

If you wish to add the contact to an existing group, test2 for example:

  1. Run the following command to update the member list:
    Add-DistributionGroupMember –Identity Test2 –Member MyList@Companyweb
  2. You can check the email address of the group with the following command:
    Get-DistributionGroup Test2 | fl EmailAddresses, PrimarySMTPAddress
  3. You can check sender restrictions on the group:
    Get-DistributionGroup Test2 | fl *accept*,*reject*

A group who does not have any restrictions will display the following output:

[PS] C:\Windows\System32>Get-DistributionGroup test2 | fl *accept*,*reject*

AcceptMessagesOnlyFrom : {}
AcceptMessagesOnlyFromDLMembers : {}
AcceptMessagesOnlyFromSendersOrMembers : {}
RejectMessagesFrom : {}
RejectMessagesFromDLMembers : {}
RejectMessagesFromSendersOrMembers : {}

If you do see entries for these parameters that are not intentional, go to the Exchange Management Console > Recipient Configuration > Distribution Group > properties of the group in question > Mail Flow Settings > Message Delivery Options. Adjust the settings from there (it’s much easier than typing a potentially very lengthy command). One common mistake people make is unintentionally allowing the “Require that all senders are authenticated” option to be checked, which kills the ability of external senders to submit to this group. An example of a group that is not applying restrictions looks like this:

clip_image009

If attachments are missing from e-mail messages that are sent to a SharePoint Foundation 2010 document library, it might be because you associated the document library with an e-mail address. When you do this, Directory Management Service may not add the following two attributes:

  • internet Encoding = 1310720
  • mAPIRecipient = false

You must use Active Directory Service Interfaces (ADSI) to manually add these two missing attributes.

To add attributes by using ADSI Edit:

  1. Click Start, and then click Run.

  2. In the Run dialog box, type Adsiedit.msc, and then click OK.

  3. In the ADSI Edit window, expand ADSI Edit, expand Domain [DomainName] , expand DC=DomainName, DC=com, CN=MyBusiness, CN=Users, and then CN=SBSUsers.

  4. Right-click the user name to which you want to add the missing attributes, and then click Properties.

  5. In the Properties dialog box, double-click internet Encoding on the Attribute Editor tab.

  6. In the Integer Attribute Editor dialog box, type 1310720 in the Value box, and then click OK.

  7. In the Properties dialog box, double-click mAPIRecipient on the Attribute Editor tab.

  8. In the Boolean Attribute Editor dialog box, click False, and then click OK two times.