Windows Server 2008 R2, SMTP, and Gmail for Domains (or How I learned to let go and love smart hosts)

I’ve been gone for awhile. I mean, not really, just from A Better Geek. I met a special someone, so that took up a lot of my time. Then said Special Someone got a job with IBM in Virginia, and we packed up and moved 700 miles to Fairfax from Lafayette back in mid-September 2009. I’m looking for work and spending my time being a server administrator, because we decided to go for Verizon Business FiOS and are hosting everything (including our websites) from our home.

Let me tell you, this has been one huge educational experience that never seems to end. My server is now running my LAN’s internal DHCP and DNS. It’s also a game application server, an internal samba file server, and an internal and external web server.

One of the things apps like WordPress, PunBB, and other content systems use is email. I’ve already discussed in the past how to make sendmail in Linux play nicely with Apache and PHP, but I realized that things were changing as I started migrating our websites and projects to an entirely different environment – Windows Server 2008 R2 Enterprise and IIS 7.0. There are some growing pains, but at least it gives me a lot to write about!

Anyhow, I realized shortly after the migration of Dan’s game servers (and related websites) that the server wasn’t sending mail. Since, you know, I hadn’t set up an SMTP service in Windows. “So what?” I thought to myself, “I’ll just install it and everything will be hunky-dory, right?”


It turns out that in 2009, every large mail service provider on the Internet really hates relaying email that comes from suspicious locations, including IP addresses that are part of residential ISPs. Even though we have a static IP address through Verizon Business, it’s still part of Verizon’s greater IP pool – which includes all their dynamic IPs for residential FiOS and DSL services.

Google blacklisted me the second I tried to send a message to an address. It was just downhill from there. I found out from some people on IRC that I needed a reverse DNS entry if I wanted anyone to relay my email, so I called up Verizon and got that taken care of. Yahoo, MSN, and AOL started relaying my mail, but Google kept delaying delivery, claiming that an “unusual amount of unsolicited email” was coming from my IP address.

After many hours on IRC and doing additional research on Google, I decided it probably wasn’t worth it to keep wrestling to make the big mail servers of cyberspace deem my rinky-dink little server worthy of their approval. It was time to look for other solutions.

I decided right from the start that I did not want to deal with hosting mail. I have no interest in trying to mitigate mass quantities of spam. My friend Julie over The Gadgeteer got on the Gmail Apps boat and moved her own email over to Google. It seemed appealing enough, so I decided to give it a shot. Google Apps offers a free version to cheapskates like me who can’t or don’t want to pay yet another monthly fee. The free version includes Google mail, calendar, sites, chat, and docs. Works for me!

Google was brilliant about the whole thing. I signed up, and when I clicked in the web-based control panel to set up email, it automagically discovered that my domain (, in this case) was registered with, so it directed me to a 1and1-specific how-to on setting up the MX records for my domain. About 18 hours later, 1and1 and Google had both updated their servers and records, and I was in business. Now it was time to figure out how to make my web server send email through Google’s SMTP servers.

Which is why we’re here today. If you’re still paying attention, that is. As always, this is a little screenshot-heavy, so hit the jump to carry onward.

First off, if you haven’t already, you need to install the SMTP service in Windows. Start by opening up your Server Manager. Click on Features in the lefthand pane, and then “Add Features”:


Make sure that both SMTP Server and SMTP Server Tools are checked. Windows, being the wizard-happy operating system that it is, will walk you through the steps to install SMTP, including installing any dependent services you may need. Once that’s done, we can continue to actually making your mail route through Google’s servers.

The SMTP standard allows for something called smart hosting. Essentially, an SMTP service set up with a smart host actually sends its mail to another SMTP server, which then relays the mail from there into the scary unknowns of cyberspace. This is exactly what I needed – by relaying my mail through Google’s servers, the outside world would see my mail as Google-sent, and nobody in their right mind is going to block Google mail (theoretically).

Before we can set up our server, we need enable IMAP in Gmail. Login to the Gmail web interface, and click Settings in the top right corner of your browser window. Select the Forwarding and POP/IMAP settings tab, and make sure Enable IMAP is selected. If it’s not, select it and save your changes.


Now that we have permission to access our mail outside of Google’s web interface, we can set up the server.

The SMTP service available in Windows Server 2008 is actually managed through IIS 6.0, not 7.0. Fire up the IIS 6.0 manager by going to Start > Administrative Tools > Internet Information Services (IIS) 6.0 Manager. Under your server, you’ll see a little hideous 16-color envelope icon. This is your SMTP virtual server, which IIS uses to send mail. Right-click on it and select Properties.

Click the Delivery tab, and then the Outbound Security… button. We want Basic Authentication. Enter your Google account credentials, and make sure TLS Encryption is enabled, since Google’s SMTP servers require SSL.


Click OK, then the Advanced… button on the same tab. Here’s where we set up our smart host that our own SMTP service will use to relay email. Enter the domain of your site under Fully-qualified domain name, and use as the smart host.


Click OK. Now we’re going to enable logging, which will be critically important to ensure that your email is being accepted by receiving SMTP servers. Click the General tab. Make sure the Enable logging box is selected, and choose your log format. I’m not all that well-versed on what the different formats are. “Microsoft IIS Log File Format” has been working fine for me. Click Properties… next the log format drop-down to choose where your logs are going to reside. Click OK.


Double-check everything, and click OK to apply your new settings. I went ahead and restarted the SMTP service, just to make sure that everything was working correctly.

Now you can test your server and see if everything is working. I made a simple ColdFusion page that sent a test message to Gmail, AOL, Yahoo, and MSN (just to double-check!). It worked perfectly.

But…wait! Even though I had set the “from” parameter of the cfmail tag to come from my Gmail address, Google overrode this and used my email address as the “from” address in the message header. I don’t want all my websites sending mail from this one address! A Better Geek and Polatrite Gaming are two completely different entities, so I needed to remedy this right away.

Never fear, Google is here to save the day! Gmail has this neat feature, available in normal Gmail accounts and Google Apps accounts, that allows you to send mail from other mail accounts right from inside the Gmail web interface. It’s easy to set up, and it works well.

Log back in to your Gmail web interface, and go back to your settings. Navigate to the Accounts settings page. Select Add another email address you own in the Send mail as section, which will pop up a new window. Enter the name and email address you want to display on mail sent from this account.


On the next page, select to send the mail through the secondary address’s SMTP servers. It’s important to keep in mind that this will only work for email accounts that have given you permission to send mail externally (e.g. not through the webmail interface) – Yahoo and MSN/Live do not provide this functionality for free email accounts. However, all Gmail accounts and Google Apps accounts allow for external SMTP access. Enter as the SMTP server, select port 465 or 587, and make sure Always use a secure connection (SSL) is enabled. Enter the username and password for this secondary email account, and click Add Account.


After you’ve added your account, Google will email that address with a confirmation message. Click the link in that email to validate that you are authorized to use it, and Google will enable that account in Gmail. Once your second account is activated, you can send mail from your websites with this second email address as the “from” address, and Google will send it accordingly.

Google does have some limitations on what is allowed with the free version of Google Apps, and it’s important to keep this in mind for your websites. A single message can have a maximum of 100 recipients. Additionally, you can send mail to a total of 500 recipients per day. If you have a very active server, you’re probably going to be better off running your own mail server or paying for a larger-scale male service (Google Apps Premier allows up to 2000 recipients daily), but for small-time stuff like I’m managing, this is going to work just fine. I’ll still try to get my server off Google’s mail blacklist so that I can eventually use my own SMTP server, but in the meantime, this is a fast and easy way to get Windows ready to go for sending mail through web applications.

32 thoughts on “Windows Server 2008 R2, SMTP, and Gmail for Domains (or How I learned to let go and love smart hosts)

  1. Carlos Mendible

    Hi, did you face any problems with TLS certificate and therefore mail not being sent to gmail???

    1. Claire Post author

      I haven’t had any issues with being able to send mail to Gmail, no. If you’re having problems, it could be due to whatever server you’re using for your smarthost settings – if that SMTP server is being blacklisted by Gmail, you will be too, unfortunately.

      1. Carlos Mendible

        The issue I have is related to TLS security.

        My event log shows the following message: No usable TLS server certificate for SMTP virtual server instance ‘1’ could
        be found. TLS will be disabled for this virtual-server.

        Furthermore all messages saty in Queue folder.

        Something strange is that in the property windows for the SMTP Virtual Server the Secure Communication tab is disabled with the following message: TLS is not available without a certificate.

  2. Jonathan Puddle

    Thank you sooo much for posting this. I was getting an error whenever I tried to open the IIS 6 admin tools, but this post encouraged me to look into that problem. After removing all the IIS and SMTP functionality, and then re-adding just the SMTP, I can get into this config just fine now. And it works like a charm. Cheers!

    1. Claire Post author

      Hey Jonathan – I’m glad that I was able to help you out, even if it was indirectly! Solving problems is half the fun of being a geek, right? 🙂

  3. sourmush

    Okay, I don’t often reply to these tutorials but a HUGE thank you for posting this. I’ve spend days setting up my own DNS server, creating an SPF record, requesting a PTR / RDNS record with countless test cases to ensure mails from my domain did not end up in the Gmail/Google Hosted SPAM inbox. I met all of the requirements as per Gmail’s “bulk sending” guidelines yet still to no avail.

    However, with your single tip my emails are no longer ending up in the SPAM inbox.


  4. Pingback: IIS quirks in Windows Server 2008 R2 | J

  5. Bill Stoker

    Thanks for this very useful article. I do believe you also have to change the SMTP port to 587 to use TLS with Gmail, as follows:

    1. In IIS 6.0 manager, right-click Virtual Server and select Properties.
    2. On “Delivery: tab -> Click “Outbound Connections” button.
    3. Change “TCP Port” from 25 to 587.
    4. Restart SMTP Sevice.

    This is especially important for use with non-business accounts where the ISP blocks Port 25 except to their SMTP servers. Hope this is useful to someone else and saves them some time.

  6. Sun Wei

    Dear Sir,

    Thank for a good stuff, how to autostart the “SMTP Virtual Server #1”? now when we restart the physical server, we need to manually to start the “SMTP Virtual Server #1”.

    Please advise.

    Thanks & regards,

    1. HunterGatherer

      @Sun Wei

      “Thank for a good stuff, how to autostart the “SMTP Virtual Server #1″? now when we restart the physical server, we need to manually to start the “SMTP Virtual Server #1″.”

      a. Click Start, Administrative Tools, Computer Management.
      b. Expand Services and Applications.
      c. Click on Services.
      d. On the right side, double click on Simple Mail Transfer Protocol (SMTP).
      e. On the General Tab change the Startup type: drop down to Automatic.
      f. Click the Apply button.
      g. Click the OK button.
      h. Click the Start button.
      i. Click the OK button.

  7. jaxx

    all my emails are ending up in the smtp queue – what I’m I doing wrong. I followed your guide.
    587 is open in my firewall .

    1. Claire Post author

      Yes – as mentioned in the article, a single message can have up to 100 recipients, and you can send mail to up to 500 recipients daily with the free version of Google Apps.

  8. Scott

    This explains so much, thank you for this article. But, what if instead of one email address, I wanted to use the SMTP Server to act as a smart host for the entire domain (10+ users)? Would I still be using Basic Authentication and just use the admin account created in Google Apps? Or would the Windows Authentication work better? We have a 3rd party app that our users send email through and I want to use the SMTP Server as the go-between Smart Host with Google.

  9. Alexander

    How on earth do you install SMPT Service Role on Server 2008 R2, not just 2008?
    They removed SMPT from R2.
    And you screenshot features plain Server 2008, not R2.

    You can’t configure any SMTP in IIS 6.0 Management Concole in Server 2008 R2, because you cannot install it, right?

    So, why the article title is Windows Server 2008 R2 and SMTP?
    Please, change the title…

    1. Andy

      Alexander: I have just setup SMTP and IIS on 2008 R2, it is exactly as described in the article and hasn’t changed from pre R2. Have you installed IIS6 management console when you installed IIS?

    2. Claire Post author

      Hi Alexander,

      I’m not sure why you are unable to find SMTP under “Add Features” in the 2008 server manager. My server was running Server 2008 R2 Enterprise with all the latest updates at the time the article was written. Are you looking under Features or Roles? SMTP is a “Feature” in the server manager.

  10. Juan Carlos González

    I have the same issue that jaxx reports, all my emails are ending up in the smtp queue. Then I find in the badmail folder a report with this

    Action: failed
    Status: 5.3.5

    What can I do?

    1. Claire Post author

      Hi Juan – that error indicates that you have a misconfiguration causing your email to loop. It’s being sent to you rather than the intended recipient. Check your configuration and, if you’re using Google Apps, try searching on what that error means specifically with Google as your smarthost.

  11. Ishan Sangai

    Nice Article….
    But I am facing problem with Gmail(Google Apps.). All settings done according to article. Messages flowing to rediffmail id. But not to gmail ids. Where should be the problem???

  12. raton

    Thanks a lot for this very useful article. I have been fairly unsuccessful at setting up Windows 2008 STMP server but I am using smtp-cli(Perl SMTP client from Michal Ludvig) instead and it works like a charm with Gmail smart host.

    Now, I just need to figure out why the From field gives me the equivalent of ‘Clair Indy [] on behalf of‘. Time to do some digging. 🙂

  13. Greg Parsons

    Great article. Works perfectly for me using the pickup directory to dispatch mails from the server. Suffering same problem as Raton though in that I can’t seem to get rid if the From in the recipients email saying “ on behalf of“. Also mail sent to one particular recipient is received, but the content is always blank, which I am assuming is something to do with their mail server (AXIGEN).

  14. Pingback: How to set the SMTP Port in TFS 2010 | Code to Preload

  15. Samesa

    I have been trying to get thru with this connection. Asides installing smtp server is there anything one has to do to make it work.

  16. Oliver

    Thank you for this! You save my Day 🙂
    It will work fine with my provider !
    greetings from germany

  17. Warlock

    I did mine another way as this above refused to work. ;-/

    Now it works fine on windows server 2008. And all my forums and shops work with the same mail settings. and best of all you need not touch any settings on the windows server. just ignore and follow below if you also having trouble.

    1) Install on your server free “Win32 or 64 OpenSSL v1.0.0h” from here> “”
    I used the full install for my 32bit windows server. “19mb” get 64bit install if you have a luxury server ;-)……
    once installed php.ini will now show ssl installed. you can use phpinfo to check if you feel the need.

    2) These settings below need only setting for any app you want to email from, -forum-shop-ect ect

    example code below for phpbb. easily adapt for other apps.

    In phpBB admin control panel:
    ACP -> Client communication -> E-Mail settings

    User SMTP server for email: YES
    SMTP server address: ssl://
    SMTP server port:465
    Authentication method for SMTP:LOGIN
    SMTP (need to be the same as “Contact e-mail address:”)
    SMTP password:gmailpassword

    Hope this helps someone. Taken me three days of trawling to find a solution 🙂

  18. Stefano Gironi

    I had got same problem but with different Internet e-mail provider.
    This problem occured since I migrated from SBS 2008 to Server Enterprice 2008 R2.
    My ISP manages my e-mails (via POP3 or IMAP and SMTP) and doesn’t allow access to SMTP server if not in its NET.
    My problem was the following:
    * A Server 2008 R2 with 2 network adapters, one attached to the ISP and the second one to manage Intranet. Routing and Remote acces configured to allow client to browse the web.
    * From the server I was able to send e-mail (right, it is directly attached to ISP via ADSL router and dedicated network adapter)
    * From clients I got errors like “unable to relay, use SMTP auth”. It seemed client PC was in a network differed from my ISP. They are attached to Server 2008 domain and something in configurations makes my client into a different network

    I followed the example in this topic but it didn’t work, I mean, I was able to send an e-mail but only one, then something happened and I was not able to send one anymore.

    To solve my problem I only configured client network adapters to append to DNS the domain of my ISP.

    Maybe someone can solve his problem in this way.
    Regards to everyone

  19. Balu K

    Thanks very much for the detailed artilce.
    I have the same question which was posted by Scott (Post No: 15)

    “This explains so much, thank you for this article. But, what if instead of one email address, I wanted to use the SMTP Server to act as a smart host for the entire domain (10+ users)? Would I still be using Basic Authentication and just use the admin account created in Google Apps? Or would the Windows Authentication work better? We have a 3rd party app that our users send email through and I want to use the SMTP Server as the go-between Smart Host with Google.”

    Can you please suggest any idea for this?

    Balu K


Leave a Reply

Your email address will not be published. Required fields are marked *