SMTP Relay on IIS Server

I’ve being doing some tidying up on my home lab and thought it would be a good opportunity to set up something every geek should have: an SMTP relay. Setting up a Simple Mail Transfer Protocol relay enables users to send out mail on behalf of a web application (or manually, if desired.) In this instance, it is used to send out password resets and notifications regarding the posting of comments etc.


It should take less than 10 minutes to set up.

First, launch Server Manager and select Add roles and features.

Screen Shot 2015-06-28 at 18.39.49

Ensure you have selected Web Server IIS (accept any requests to install dependancies.)

Screen Shot 2015-06-28 at 18.40.17

Click next and on the features page select SMTP Server (accept any requests to install dependancies.)

Screen Shot 2015-06-28 at 18.40.32

Move through the install wizard and restart if required.

The SMTP Service will not start on system boot. If this is a requirement then follow these steps:

Search for and open Services. (I use the search bar along side my apps but there are many ways to get there.) Scroll to Simple Mail Transfer Protocol, right click and select properties. Set the startup type to automatic. Apply settings and close the services window. This will start the service automatically on boot.

Screen Shot 2015-06-28 at 18.28.17


Next, return to the apps screen and you will now see two Internet Information Service IIS. One should be version 6.0- this is the version we will use for our mail relay. Open the IIS 6 Manager. Expand IIS (local computer.) You should see [SMTP Virtual Server]- right click this and select properties. Click the Access tab and click both Relay and Connection and add the server address which will be sending mail to the allow list.

Screen Shot 2015-06-28 at 18.30.08

This will prevent any other computers from using our SMTP relay to send spam. Move on to the Delivery tab and select Advanced. From here enter your Fully-qualified domain name (FQDN.)

Screen Shot 2015-06-28 at 18.31.56

Apply all settings and close the IIS 6 Management window. Finally, we need to grant the appropriate folder permissions to enable Network Services to send mail. Navigate to C:inetpub, right click mailroot and select properties then the security tab.

Select edit and add Network Service, giving this user all permissions except Full-control. 

Screen Shot 2015-06-28 at 18.37.20

Apply settings then select Advanced. Select the Network Service user and check Replace all child object permission entries with inheritable permission entries from this object. This gives the SMTP replay access to all sub-directories in the mailroot folder. Apply settings and close the security permission windows.

Screen Shot 2015-06-28 at 18.37.25



That’s it! You should now have a fully functional and secure SMTP relay. Check out my other walkthroughs for a how-to on sending mail from a web application. Thanks for reading and if you have any difficulties add a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *