SharePoint Server Subscription Edition now supports client certificate authentication when interacting with SMTP servers to send e-mail. While this may be an uncommon scenario, this feature is vital for highly secure environments where password-based only security is not allowed.
To use this feature, you must install a SharePoint Certificate, using the new SSL Certificate Magmaner Feature. Once a new Certificate is added, it can be set in the Outgoing E-Mail settings in Central Admin.
Client SMTP email submissions (also known as authenticated SMTP submissions) are used in the following scenarios in Office 365 and Microsoft 365:
- POP3 and IMAP4 clients. These protocols only allow clients to receive email messages, so they need to use authenticated SMTP to send email messages.
- Applications, reporting servers, and multifunction devices that generate and send email messages.
Client SMTP email submissions are disabled by default in Exchange Online. If you attempt to use Client Certificate Authentication with Exchange Online without enabling this feature, the following error will occur.
08/20/2021 10:52:36.53 PowerShell_ISE.exe (0x2CD4) 0x18E0 SharePoint Foundation E-Mail ax1n7 Monitorable Failed attempt 3 sending mail to recipients: firstname.lastname@example.org. Mail Subject: Test from SP. Error: SmtpException while sending email: System.Net.Mail.SmtpException: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 Client not authenticated to send mail. Error: 535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information. [BN6PR17CA0026.namprd17.prod.outlook.com]
at System.Net.Mail.MailCommand.CheckResponse(SmtpStatusCode statusCode, String response)
at System.Net.Mail.MailCommand.Send(SmtpConnection conn, Byte command, MailAddress from, Boolean allowUnicode)
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, Boolean allowUnicode, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.SharePoint.Email.SPSmtpClient.SendOnce(MailMessage msg)
at Microsoft.SharePoint.Email.SPSmtpClient.Send(MailMessage msg)
To enable this feature, run the following commands from PowerShell:
Set-TransportConfig -SmtpClientAuthenticationDisabled $false