Send Mail from SBS 2008 When Port 25 Blocked

Mark Berry August 23, 2011

All of my email is now delivered to the cloud (Office 365). But my SBS 2008 still sends a daily report, and other services (like the APC PowerChute UPS agent) sometimes use SBS as the server for outbound mail. So how can I get this mail delivered even if my new ISP blocks outbound port 25?

SBS comes with a wizard for configuring a smart host for email. Here’s how to set that up, with the additional steps needed to use TLS on port 587.

1. On the SBS Network > Connectivity screen, use the wizard to set up the smart host. You will need a login from a company that will relay mail for you, probably your ISP or a third-party web host. See “Office 365 as a Smart Host?” below if you’re wondering about that.

SBS Smart Host 1

2. In the Exchange Management Console, find the Send Connector as shown below. On the Network tab, click on Change to adjust the smart host authentication:

SBS Smart Host 2

Tip To troubleshoot your SMTP connections, you can turn on logging on the General tab, then check this folder:
C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\

3. Check the Basic Authentication over TLS box and re-enter your password:

SBS Smart Host 3

4. The smart host is now configured on port 25. To change that to 587, open the Exchange Management Shell and type the following commands (credit to this post):

This will show you the names of your send connectors. You should only have one.

Get-SendConnector | fl port
This will show you the port is currently set to 25.

Set-SendConnector -Identity “NAMEOFCURRENTSENDCONNECTOR” -Port 587
Change the port of your send connector to 587.

Get-SendConnector | fl
Confirm that your send connector is now using port 587 instead of port 25.

Office 365 as a Smart Host?

You may be wondering about using Office 365 as a smart host. Here’s what I found out:

  • In the Office 365 user admin panel, you can find instructions for configuring POP, IMAP, and SMTP. For example, my settings tell me to use send SMTP traffic to on TLS port 587. This does in fact work with the instructions above, but since the login is specific to one user, all mail from the SBS server must have that user as the From address. Otherwise the mail bounces with this message: #550 5.7.1 Client does not have permissions to send as this sender ##
  • According to Microsoft Support, Forefront Online, included with Office 365, accepts SMTP traffic on However, it seems that this requires the conversation to at least start on port 25—I could not telnet to port 587. Also, the Forefront admin panel does not allow Office 365 customers to configure outbound mail server IP addresses, and my IP is dynamic anyway, so it looks like Forefront won’t work as a smart host either.

I decided the simplest thing was to just use an account at my hosting provider, which accepts email from any sender as long as the smart host authenticates properly. Using my ISP account might work just as well.

Leave a Reply