Skip Ribbon Commands
Skip to main content

Simple Incoming Email with On Premises SharePoint and Exchange

Avoid Configuring AD by Using An Email Alias

Andrew Walman

09/10/2014


​​​​​SharePoint document libraries can be email-enabled so that documents can be uploaded by simply sending an email. In single server, lab-type environments, this is relatively simple to achieve, but in multi-server production environment, particularly where Exchange is handling internet email, there's a lot more to consider.

​Having Exchange handle the incoming email routing before the document reaches SharePoint has a number of advantages:

  • Exchange will typically be set up to handle inbound threats far more robustly than SharePoint can be – while they can both scan documents for viruses, Exchange can also check against spam lists, blacklists and sender reputation before allowing mail through.
  • Exchange can also apply various rules to mail messages before they are delivered – such as checking for attachments, attachment size, subject etc. – and then routing accordingly.
  • Exchange can also auto-reply to messages – useful where a receipt or other response is required to the sender.
  • Tracking messages through Exchange is far easier than looking through SMTP logs – useful for compliance and auditing purposes.
  • Using Exchange, the message doesn't just have to be delivered to SharePoint – it can be also sent to a journal mailbox, or copied/forwarded to any other recipient or group.
  • The email address given to users for the document library can be part of your internet address space, e.g. doclibrary@example.com, not doclibrary@sharepoint.example.com – this is beneficial when external users are involved in the document sending process (e.g. partners, suppliers) and internal users can find the address in the Exchange address book.

SharePoint can use the directory management feature to automatically create email addresses in the corporate directory when email-enabled document libraries are created. Designed to simplify the process for SharePoint, this can be a headache for Exchange administrators, particularly in large environments. The method below avoids having SharePoint create the entries automatically, introducing a manual process, but ensures that the SharePoint and Exchange support teams remain friends!

Scenario:

You want external partners to be able to email documents to an on-premises SharePoint document library, using an email address that routes through the on-premises Exchange organization.

High Level Overview

  • SharePoint is installed as three tier farm with multiple web/front-end servers.
  • Internet email is handled by Exchange
  • An Exchange mailbox is set up to receive emails from partners with the address partnerdocs@example.com
  • An email contact object is set up with the external address, doclib@sp.example.com
  • The mailbox is setup to forward incoming emails to the contact
  • An Exchange SMTP connector is used to route email for the sp.example.com namespace to the SharePoint frontend load balanced address.
  • Exchange transport rules can be configured to process the mail further, e.g. send a receipt, change the destination address based on sender/subject etc.

Pre-requisites

  • Exchange is set up to receive email from the internet using SMTP for the domain example.com
  • No external DNS changes are required.
  • The SMTP service has been installed on all the SharePoint web/front-end servers, set to automatic start-up, and load balanced with a virtual IP address and local DNS entry.

SharePoint Farm Set Up

To configure incoming email, complete the following steps:

  • Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
  • Open SharePoint Central Administration.
  • Click on System Settings.
  • Select Configure incoming e-mail settings.
  • Select "Yes" to enable sites on this server to receive e-mail.
  • Leave the other settings as default – "Settings mode = automatic" and "Use the SharePoint Directory Management Service = no"
  • Ensure the E-mail server display address (excluding mylist@) is set to the SharePoint address space, e.g. sp.example.com. This is only to make setup easier, you don't need to create any DNS settings for this as we'll be using the load balanced IP address of the frontend servers to route to this namespace.
  • Click OK

SharePoint document library set up

  • Create a new document library or email enable an existing library by opening the document library settings and selecting the "incoming e-mail settings"
  • Select "Yes" to "Allow the library to receive email?"
  • Enter an email address that is appropriate for the library – a suggested convention might be [libraryname].[sitename]@sp.example.com. This address will be used by the contact object in Exchange
  • Configure attachment settings and email message settings as needed.
  • As you'll be accepting messages from the internet, change the security policy to "Accept e-mail messages from any sender" – we're offloading message security to Exchange.

Exchange Set Up

  • Create a contact object with the naming convention of the organization, using the document library email address as the external email address.
  • Create a mailbox with the required external internet email address, e.g. partnerdocs@example.com and ensure it can receive from the internet. Set any properties needed on the mailbox (e.g. maximum size) and in the "Mail Flow" tab, select "delivery options". Configure the forwarding address to be the contact object you've just created.
  • To route mail between Exchange and SharePoint, create a new "send connector" in the hub transport section of the organisation configuration.
  • Enter an appropriate name (SharePoint) for the connector and choose a "custom" type.
  • In the address space, enter your SharePoint address space, e.g. sp.example.com
  • Select "Route mail through the following smart hosts" and click "Add"
  • Enter the load-balanced IP address of the front end servers and complete the wizard.

When incoming email for partnerdocs@example.com arrives at the exchange server (either from the internet or from internal senders) it will be forwarded from the mailbox to the contact object, causing it to be routed through the new send connector to the one of the front-end servers in the load balancer, where the SMTP service will store it in the drop folder. SharePoint will monitor the drop folder, find the new email, and store any attachment in the document library – with the email message too, depending on the setting chosen.

Extending the Solution

This is a very simple example, but it's possible to meet a variety of business requirements by adding Exchange transport rules, SharePoint routing rules, and workflow into the solution. The major benefit if using the mailbox/contact forwarding method above is the email address given to partners doesn't change – simplifying collaboration. For example:

  • Transport rules can be used to route email to different mailboxes (and then to different contacts) depending on different conditions, such as subject, sender or attachment type. Contacts can be created for each document library.
  • Alternatively, SharePoint routing can be used to move the attachment from the drop-off library to different libraries, based on metadata in the attachment, approval status, or document type, keeping the Exchange side simple, and retaining the business logic in SharePoint.
  • Further processing can be accomplished through custom workflows, triggered on item creation within the email-enabled document library. These may move the item straight away, trigger an approval process, or start another external process entirely.

Top Blog Posts From Fuse

 

 

Recovering Workflow History after 60 dayshttps://www.fusecollaboration.com/blog/recovering-workflow-history-after-60-daysRecovering Workflow History after 60 days
Simple Incoming Email with On Premises SharePoint and Exchangehttps://www.fusecollaboration.com/blog/simple-incoming-email-with-on-premises-sharepoint-and-exchangeSimple Incoming Email with On Premises SharePoint and Exchange
Allowing anonymous users to add items to SharePoint listshttps://www.fusecollaboration.com/blog/allowing-anonymous-users-to-add-items-to-sharepoint-listsAllowing anonymous users to add items to SharePoint lists
How to use SaaS solutions to identify sensitive datahttps://www.fusecollaboration.com/blog/how-to-use-saas-solutions-to-identify-sensitive-dataHow to use SaaS solutions to identify sensitive data
Using Microsoft Azure Active Directory for SharePoint 2013 Authenticationhttps://www.fusecollaboration.com/blog/using-microsoft-azure-active-directory-for-sharepoint-2013-authenticationUsing Microsoft Azure Active Directory for SharePoint 2013 Authentication

Recommended Pages

 

 

About Fuse Collaborationhttps://www.fusecollaboration.com/fuse-home/aboutAbout Fuse Collaboration
Hosted Skype for Businesshttps://www.fusecollaboration.com/technologies/skype-for-business/hosted-skype-for-businessHosted Skype for Business
Skype for Businesshttps://www.fusecollaboration.com/technologies/skype-for-businessSkype for Business
Microsoft 365 Enterprisehttps://www.fusecollaboration.com/technologies/office-365/microsoft-365-enterpriseMicrosoft 365 Enterprise
SharePoint Deployment Planning Services (SDPS)https://www.fusecollaboration.com/fuse-services/consultancy/sdpsSharePoint Deployment Planning Services (SDPS)

 About us

Fuse Collaboration Services is a Cloud Solution Provider and Microsoft Gold Partner specialising in delivering SharePoint, Skype for Business, and Azure cloud-based solutions. Based in Northampton, UK.

Microsoft Gold Partner Logo showing 5 competencies

Read more

 Latest Tweets

 Latest Blog

 

 

How to use SaaS solutions to identify sensitive data1497<p class="lead">​​​​​​​​​​​This article is going to look specifically at how we implement the use of software (SaaS) to enable your organisation to become ready for the GDPR quickly and easily, without interruption to your end users.</p><p> <strong>The first step in getting ready for the GDPR is to know what data your organisation holds</strong>. At the time of writing this article, the new legislation is only <strong>268 </strong>days away and the four main questions you n​eed to be able to answer to ensure your organisation is ready are&#58;</p><ul><li>What data does your organisation hold?</li><li>Where is the data kept?</li><li>Why do you need to use or keep the data?</li><li>Do you have consent to use the data?​</li></ul><div class="thumbnail"> <img class="img-responsive" alt="A padlock on a background of binary data" src="/ourblog/PublishingImages/Pages/How-to-use-SaaS-solutions-to-identify-your-data,-ensuring-your-organisation-is-ready-for-the-GDPR/shutterstock%20Data%20protection%20GDPR%20blog.jpg" style="max-width&#58;500px;" />​</div>​ <h3>What is defined as sensitive data under the GDPR?</h3><p>In terms of the GDPR, sensitive data is defined as personal data, but goes further than the Data Protection Act and includes online identifiers such as an IP address. The GDPR applies to both automated personal data and manual filing systems. You can be held responsible for breaching the GDPR by allowing personal data to be compromised either by&#58;</p><p>Misuse - using data for purposes other than that defined and recorded&#160;consent given for;</p><p>or </p><p>for data breaches, even if the breach was a malicious act (hacking), if you can't prove you had adequate data security measures and processes.&#160;​</p><div class="row"><div class="col-md-6"><h4>Will my company have GDPR sensitive data?</h4><p>Data that can identify any individual, such as a name, National Insurance number, passport, IP address or even biometric data - a soon as this is recorded in any system, in a file, a database record, or even on paper - that data then falls under the remit of the GDPR. As every organisation has staff records, every company will be affected by GDPR to some extent. </p><p>However, the more individuals you deal with, and the longer you hold that data for, the more prone you are to breaches of the legislation. Companies that perform data processing, even on behalf of other companies, and particularly those that use personal data records for multiple purposes (for example re-marketing) are at most exposure to GDPR.</p></div> <div class="col-md-6"><h4>​Examples of who will be most affected&#58;&#160;</h4><ul><li>Retailers – High street shops and online retailers storing customer profiles</li><li>Health Sector -&#160; Hospitals, doctor’s surgeries, scientific research organisations, pharmaceutical companies, with patient records</li><li>Education sector - Schools, colleges and universities, storing current and past student records</li><li>Financial sector – Banks, mortgage and insurance providers, with customer accounts</li><li>Recruitment companies - candidate records</li><li>Charity organisations - records of donors and recipients</li><li>Estate Agents - vendor and client records </li><li>Legal profession – Solicitors, CPS and courts - client records.</li></ul> ​</div></div><hr />​ <h3>​How to identify data and ensure all your data is GDPR compliant?&#160;</h3><p>There is an easy and quick way to find out what data you hold and you will be relieved to know we work alongside companies that are currently releasing SaaS solutions that are designed purely to scan, discover and analyse your data, to ensure you only hold data that is GDPR compliant.&#160;&#160;<br></p><p>Our Partners have solutions that use metadata to scan and analyse data which has enabled the migration of data to SharePoint for some time. It’s this technology that’s enabled these new solutions to be <strong>created specifically for the use of identifying what data you have and if it is GDPR compliant</strong>. Using NPL (Natural programming language) such as “name”, “address” or “credit card number”) this process can be done in days not months and can easily identify documents in unstructured databases, file shares and SharePoint. </p><p>The discovery phase of the SaaS tool is an important part of the new solutions as they are designed around common datatypes that can be tagged easily e.g. names, addresses, age of document, author of document, credit card numbers, postcodes IP addresses. The solution we use comes with predetermined taxonomies which can be edited easily, to reflect the sector that your organisation works within. Dashboards are then accessed with detailed data analysis which identifies the data that will not be compliant with the GDPR. Additional columns appear alongside your files with a “true” or “false” label showing whether the files are compliant with the GDPR and our team of consultants are experienced in using this technology and can advise you depending on your specific IT infrastructure.</p><hr /><h3>Hype around the GDPR&#160;</h3><p>There is a lot of hype around the new GDPR coming out in May which appears to be fairly negative but instead of viewing it as a tiresome challenge that your organisation must overcome, I would advise viewing it as an excellent opportunity to gain a competitive edge within the market. Whatever your opinion is and I doubt there are many companies that relish the additional resources that will be needed to comply; from a customer’s perspective, it <strong>must </strong>be a good thing. The trust in any business relationship is one of the fundamental reasons why you have a successful company. In an age where we frequently see headlines describing yet another data breach, damage to a business’s brand and reputation is an expensive result of avoiding being compliant with the new regulations.</p><hr /><h3>What to do right now!&#160;</h3><p>The key decision makers in your organisation need to be made aware of the GDPR. They need to know that the first thing they need to do is to find out what data their organisation holds. This is where we come in.</p><p>Although GDPR isn’t an IT issue as it will ultimately fall to the responsibility of who is currently responsible for your Data Protection E.g. Compliance Managers, Data Protection Officers, Data Controllers and Office Managers, the team at Fuse will be able to provide a technical solution to determining what data is held.</p><p>Before any amendments to existing internal procedures, policies or customer facing documentation such as websites and application forms can be changed they must know what is relevant to the GDPR. It may be the case that a lot of the data you hold is ROT and this can simply be deleted. If you have a completely unstructured filing system and want to take the opportunity to improve the efficiency of your business we don't just offer technical expertise, we are experienced in developing proofs of concept, functional and technical specifications. We can either then take responsibility for delivering the project or work alongside your IT departments providing a technical lead.</p><p>It doesn’t matter whether you have an inhouse IT department or not as we can work alongside existing IT managers, Compliance or HR managers. An IT consultancy needs to be your first port of call as they can advise you as to which is the best SaaS solution for your business depending on the size of your business and your budget. Having expert knowledge of your IT infrastructure and how it works is important to ensure that the right solutions are used. The benefits of using SaaS is that your end users are not interrupted and your IT departments are not impacted either. </p><p>You need to weigh up the cost of using an IT consultancy who can implement the right tools against the extra resources it will take to trawl through and analyse your data manually. This can seem daunting, but it’s a great opportunity to get your data in order and have confidence that your organisation can be proud of its commitment to protecting the data of its employees, customers and suppliers.​</p><div class="well well-lg"><p class="lead">If you want further advice or a quote on how we can help you get ready for the GDPR call Fuse today on 01604 797979 or <a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=4fc45909-2b6d-48b9-bcf9-a446e9d472d6&amp;TermSetId=c98895cd-d37f-4406-9cff-5480b4f829b6&amp;TermId=218eb0be-10f6-490a-82a7-a7fd47c8de90">contact us​</a></p></div>​l.ozier@fusecollaboration.com | Louise Ozier | 693A30232E777C6675736563735C6C2E6F7A696572 i:0#.w|fusecs\l.ozier28/08/2017 23:00:002017-08-28T23:00:00Z Ensuring your organisation is ready for the GDPR21/09/2017 23:16:131811htmlFalseaspx

 Contact us

Our address
12-14 Brookfield, Duncan Close
Moulton Park, Northampton
NN3 6WL
P: +44(0)1604 797979
Contact Us