Skip Ribbon Commands
Skip to main content

Simple Incoming Email with On Premises SharePoint and Exchange

Avoid Configuring AD by Using An Email Alias

Andrew Walman

09/10/2014


​​​​​​SharePoint document libraries can be email-enabled so that documents can be uploaded by simply sending an email. In single server, lab-type environments, this is relatively simple to achieve, but in multi-server production environment, particularly where Exchange is handling internet email, there's a lot more to consider.

​Having Exchange handle the incoming email routing before the document reaches SharePoint has a number of advantages:

  • Exchange will typically be set up to handle inbound threats far more robustly than SharePoint can be – while they can both scan documents for viruses, Exchange can also check against spam lists, blacklists and sender reputation before allowing mail through.
  • Exchange can also apply various rules to mail messages before they are delivered – such as checking for attachments, attachment size, subject etc. – and then routing accordingly.
  • Exchange can also auto-reply to messages – useful where a receipt or other response is required to the sender.
  • Tracking messages through Exchange is far easier than looking through SMTP logs – useful for compliance and auditing purposes.
  • Using Exchange, the message doesn't just have to be delivered to SharePoint – it can be also sent to a journal mailbox, or copied/forwarded to any other recipient or group.
  • The email address given to users for the document library can be part of your internet address space, e.g. doclibrary@example.com, not doclibrary@sharepoint.example.com – this is beneficial when external users are involved in the document sending process (e.g. partners, suppliers) and internal users can find the address in the Exchange address book.

SharePoint can use the directory management feature to automatically create email addresses in the corporate directory when email-enabled document libraries are created. Designed to simplify the process for SharePoint, this can be a headache for Exchange administrators, particularly in large environments. The method below avoids having SharePoint create the entries automatically, introducing a manual process, but ensures that the SharePoint and Exchange support teams remain friends!

Scenario:

You want external partners to be able to email documents to an on-premises SharePoint document library, using an email address that routes through the on-premises Exchange organization. You don't want to give permission to SharePoint to automatically create objects in Active Directory/Exchange.​

High Level Overview

  • SharePoint is installed as three tier farm with multiple web/front-end servers.
  • Internet email is handled by Exchange
  • An Exchange mailbox is set up to receive emails from partners with the address partnerdocs@example.com
  • An email contact object is set up with the external address, doclib@sp.example.com
  • The mailbox is setup to forward incoming emails to the contact
  • An Exchange SMTP connector is used to route email for the sp.example.com namespace to the SharePoint frontend load balanced address.
  • Exchange transport rules can be configured to process the mail further, e.g. send a receipt, change the destination address based on sender/subject etc.

Pre-requisites

  • Exchange is set up to receive email from the internet using SMTP for the domain example.com
  • No external DNS changes are required.
  • The SMTP service has been installed on all the SharePoint web/front-end servers, set to automatic start-up, and load balanced with a virtual IP address and local DNS entry.

SharePoint Farm Set Up

To configure incoming email, complete the following steps:

  • Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
  • Open SharePoint Central Administration.
  • Click on System Settings.
  • Select Configure incoming e-mail settings.
  • Select "Yes" to enable sites on this server to receive e-mail.
  • Leave the other settings as default – "Settings mode = automatic" and "Use the SharePoint Directory Management Service = no"
  • Ensure the E-mail server display address (excluding mylist@) is set to the SharePoint address space, e.g. sp.example.com. This is only to make setup easier, you don't need to create any DNS settings for this as we'll be using the load balanced IP address of the frontend servers to route to this namespace.
  • Click OK

SharePoint document library set up

  • Create a new document library or email enable an existing library by opening the document library settings and selecting the "incoming e-mail settings"
  • Select "Yes" to "Allow the library to receive email?"
  • Enter an email address that is appropriate for the library – a suggested convention might be [libraryname].[sitename]@sp.example.com. This address will be used by the contact object in Exchange
  • Configure attachment settings and email message settings as needed.
  • As you'll be accepting messages from the internet, change the security policy to "Accept e-mail messages from any sender" – we're offloading message security to Exchange.

Exchange Set Up

  • Create a contact object with the naming convention of the organization, using the document library email address as the external email address.
  • Create a mailbox with the required external internet email address, e.g. partnerdocs@example.com and ensure it can receive from the internet. Set any properties needed on the mailbox (e.g. maximum size) and in the "Mail Flow" tab, select "delivery options". Configure the forwarding address to be the contact object you've just created.
  • To route mail between Exchange and SharePoint, create a new "send connector" in the hub transport section of the organisation configuration.
  • Enter an appropriate name (SharePoint) for the connector and choose a "custom" type.
  • In the address space, enter your SharePoint address space, e.g. sp.example.com
  • Select "Route mail through the following smart hosts" and click "Add"
  • Enter the load-balanced IP address of the front end servers and complete the wizard.

When incoming email for partnerdocs@example.com arrives at the exchange server (either from the internet or from internal senders) it will be forwarded from the mailbox to the contact object, causing it to be routed through the new send connector to the one of the front-end servers in the load balancer, where the SMTP service will store it in the drop folder. SharePoint will monitor the drop folder, find the new email, and store any attachment in the document library – with the email message too, depending on the setting chosen.

Extending the Solution

This is a very simple example, but it's possible to meet a variety of business requirements by adding Exchange transport rules, SharePoint routing rules, and workflow into the solution. The major benefit if using the mailbox/contact forwarding method above is the email address given to partners doesn't change – simplifying collaboration. For example:

  • Transport rules can be used to route email to different mailboxes (and then to different contacts) depending on different conditions, such as subject, sender or attachment type. Contacts can be created for each document library.
  • Alternatively, SharePoint routing can be used to move the attachment from the drop-off library to different libraries, based on metadata in the attachment, approval status, or document type, keeping the Exchange side simple, and retaining the business logic in SharePoint.
  • Further processing can be accomplished through custom workflows, triggered on item creation within the email-enabled document library. These may move the item straight away, trigger an approval process, or start another external process entirely.

For further details on our SharePoint products and services, please see our SharePoint pages


Top Blog Posts From Fuse

 

 

Recovering Workflow History after 60 dayshttps://www.fusecollaboration.com/blog/recovering-workflow-history-after-60-daysRecovering Workflow History after 60 days
Simple Incoming Email with On Premises SharePoint and Exchangehttps://www.fusecollaboration.com/blog/simple-incoming-email-with-on-premises-sharepoint-and-exchangeSimple Incoming Email with On Premises SharePoint and Exchange
Using Google to Authenticate with SharePoint 2013https://www.fusecollaboration.com/blog/using-google-to-authenticate-with-sharepoint-2013Using Google to Authenticate with SharePoint 2013
Dynamic Page Layouts in SharePoint 2013 - Part 1https://www.fusecollaboration.com/blog/dynamic-page-layouts-in-sharepoint-2013-part-1Dynamic Page Layouts in SharePoint 2013 - Part 1
Using Microsoft Azure Active Directory for SharePoint 2013 Authenticationhttps://www.fusecollaboration.com/blog/using-microsoft-azure-active-directory-for-sharepoint-2013-authenticationUsing Microsoft Azure Active Directory for SharePoint 2013 Authentication

Recommended Pages

 

 

About Fuse Collaboration Serviceshttps://www.fusecollaboration.com/fuse-home/aboutAbout Fuse Collaboration Services
Skype for Businesshttps://www.fusecollaboration.com/technologies/skype-for-businessSkype for Business
Hosted Skype for Businesshttps://www.fusecollaboration.com/technologies/skype-for-business/hosted-skype-for-businessHosted Skype for Business
Microsoft Azure Solutionshttps://www.fusecollaboration.com/technologies/azureMicrosoft Azure Solutions
Microsoft Office 365 Deploymentshttps://www.fusecollaboration.com/technologies/office-365Microsoft Office 365 Deployments

 About us

Fuse Collaboration Services is a Cloud Solution Provider and Microsoft Gold Partner specialising in delivering SharePoint, Skype for Business, and Azure cloud-based solutions. Based in Northampton, UK.

Microsoft Gold Partner Logo showing 5 competencies

Read more

 Latest Tweets

 Latest Blog

 

 

Get single sign-on for all apps3995<p class="lead">​​​Are you looking for an identity-as-a-service (IDaaS) solution that solves your biggest IT challenges without compromising user experience?</p><p class="lead">With Azure Active Directory, the Microsoft IDaaS solution, you can streamline the employee experience with single sign-on capabilities and reduce the complexity of managing identity, security, and access to your company’s critical data. You get a proven solution that allows you to&#58;​</p><hr />​ <div class="lead"><div class="row"><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image004.png" alt="" />​ ​ <div class="media-body">​​Quickly adopt cloud services​</div></div></div>​ <div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image006.png" alt="" /> <div class="media-body">Improve application security</div></div></div>​ ​</div>​ <div class="row"><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image008.png" alt="" /> <div class="media-body">Empower employees with access to world-class cloud apps</div></div></div><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image010.png" alt="" /> <div class="media-body">Monitor application usage and protect your business</div></div></div></div>​ <div class="row"><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image012.png" alt="" /> <div class="media-body">Easily and securely manage employee and vendor access</div></div></div><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image014.png" alt="" /> <div class="media-body">Secure remote, mobile access to on-premises apps</div></div></div>​ </div><div class="row"><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image016.png" alt="" /> <div class="media-body">Implement consistent, self-service application access management</div></div></div>​​​ </div></div><hr /><p class="lead"><a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=4fc45909-2b6d-48b9-bcf9-a446e9d472d6&amp;TermSetId=c98895cd-d37f-4406-9cff-5480b4f829b6&amp;TermId=218eb0be-10f6-490a-82a7-a7fd47c8de90">Contact Fuse</a> to discuss how we can help implement IDaaS within your organisation, using our expertise and experience to reduce risk and project length.​</p> <div class="well well-lg"><p class="lead">Are you curious about how Azure Active Directory can work for you? <a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=4fc45909-2b6d-48b9-bcf9-a446e9d472d6&amp;TermSetId=c98895cd-d37f-4406-9cff-5480b4f829b6&amp;TermId=721159e3-34c0-40dc-8028-ae2e2f2e79e4">Let us show you how​</a>!​</p></div>​​a.walman@fusecollaboration.com | Andrew Walman | 693A30232E777C6675736563735C612E77616C6D616E i:0#.w|fusecs\a.walman17/01/2018 00:00:002018-01-17T00:00:00Zno matter where they liveAzure Active Directory, the Microsoft IDaaS solution24/02/2018 00:15:562757htmlFalseaspx

 Contact us

Our address
12 Brookfield, Duncan Close
Moulton Park, Northampton
NN3 6WL
P: +44(0)1604 797979
Contact Us