How to Configure Windows Server 2016 SMTP Server
An SMTP (Simple Mail Transfer Protocol) server on Windows Server 2016 allows the server to send outbound email messages — for example, for application alerts, scheduled task notifications, or as a relay for internal applications. Windows Server 2016 includes an SMTP Server feature that can be configured as a local relay. This guide covers installing the SMTP feature, configuring it as a relay, setting authentication, and testing outbound mail delivery.
Step 1: Install the SMTP Server Feature
The SMTP Server feature in Windows Server 2016 is part of the legacy IIS 6.0 management components. It is suitable for use as a relay or internal SMTP endpoint for applications, not as a full mail server:
# Install the SMTP Server feature and IIS 6 management components
Install-WindowsFeature -Name SMTP-Server -IncludeManagementTools
# Also install IIS 6 Management Console required for SMTP configuration
Install-WindowsFeature -Name Web-Mgmt-Compat, Web-Metabase, Web-WMI
# Verify installation
Get-WindowsFeature -Name SMTP-Server | Select-Object Name, InstallState
# Check SMTP service status
Get-Service -Name SMTPSVC | Select-Object Status, StartType
Step 2: Start and Configure the SMTP Service
# Start the SMTP service and set it to start automatically
Start-Service -Name SMTPSVC
Set-Service -Name SMTPSVC -StartupType Automatic
# Verify it is running
Get-Service SMTPSVC | Select-Object Status, StartType
# The SMTP Server configuration files are stored in:
# C:WindowsSystem32inetsrvMetaBase.xml
# C:inetpubmailroot (mail queue directories)
Step 3: Configure the SMTP Server Using IIS 6 Manager
The Windows SMTP Server is configured through the IIS 6.0 Manager console. Open it by running inetmgr6 or via the Administrative Tools menu. Expand the server node, then expand “SMTP Virtual Server”. Right-click “Default SMTP Virtual Server” and select Properties to configure it.
The key configuration areas in the Properties dialog are:
General tab — Set the IP address to bind to (typically the server’s static IP or All Unassigned) and set the maximum connections and connection timeout.
Access tab — Configure relay restrictions to specify which hosts can use this server to send mail.
Delivery tab — Configure smart host (outbound relay) settings and timeouts.
Step 4: Configure SMTP Relay Settings via Metabase
Use the IIS 6 WMI provider or metabase commands to configure relay restrictions. The following PowerShell commands configure the SMTP server to accept relay only from localhost (127.0.0.1) and the local subnet:
# Use adsutil.vbs to configure SMTP relay access
# Allow relay from localhost only
cscript C:InetpubAdminScriptsadsutil.vbs SET smtpsvc/1/RelayIpList "127.0.0.1"
# View current relay settings
cscript C:InetpubAdminScriptsadsutil.vbs GET smtpsvc/1/RelayIpList
# Set the SMTP server domain name (used in HELO/EHLO)
cscript C:InetpubAdminScriptsadsutil.vbs SET smtpsvc/1/FullyQualifiedDomainName "mail.example.com"
# Set the smart host (upstream SMTP relay to forward all outbound mail to)
cscript C:InetpubAdminScriptsadsutil.vbs SET smtpsvc/1/SmartHost "smtp.yourisp.com"
Step 5: Configure SMTP to Relay Through Office 365 or Gmail
Many environments need the SMTP server to relay mail through an external provider like Office 365 or Gmail. This requires configuring a smart host with authentication:
# For Office 365 smart host relay, configure the following in the SMTP Delivery properties:
# Smart host: smtp.office365.com
# Port: 587 (STARTTLS)
# Authentication: Basic with the relay account credentials
# Set smart host via adsutil
cscript C:InetpubAdminScriptsadsutil.vbs SET smtpsvc/1/SmartHost "smtp.office365.com"
# Set smart host port to 587
cscript C:InetpubAdminScriptsadsutil.vbs SET smtpsvc/1/SmartHostPort 587
# NOTE: Windows SMTP Server does not natively support STARTTLS relay authentication.
# For TLS-authenticated relay to Office 365 or Gmail, use a third-party SMTP relay
# agent such as hMailServer, or configure the relay via the application itself using
# System.Net.Mail.SmtpClient in .NET with EnableSsl = true.
Step 6: Configure SMTP via .NET (For Application Use)
Most modern applications and scripts use the .NET SmtpClient or PowerShell Send-MailMessage to send email. Configure these to use either the local SMTP server or a remote relay directly:
# Send a test email through the local SMTP server
Send-MailMessage `
-From "[email protected]" `
-To "[email protected]" `
-Subject "Test from Windows Server 2016" `
-Body "This is a test email sent via the local SMTP server." `
-SmtpServer "127.0.0.1" `
-Port 25
# Send through Office 365 with TLS authentication
$credential = Get-Credential -Message "Enter Office 365 relay account credentials"
Send-MailMessage `
-From "[email protected]" `
-To "[email protected]" `
-Subject "Test via Office 365 Relay" `
-Body "Test email via Office 365 SMTP relay." `
-SmtpServer "smtp.office365.com" `
-Port 587 `
-UseSsl `
-Credential $credential
# Send through Gmail SMTP
$gmailCred = Get-Credential
Send-MailMessage `
-From "[email protected]" `
-To "[email protected]" `
-Subject "Test via Gmail" `
-Body "Test email via Gmail SMTP." `
-SmtpServer "smtp.gmail.com" `
-Port 587 `
-UseSsl `
-Credential $gmailCred
Step 7: Check the SMTP Mail Queue
The Windows SMTP Server uses a file-based queue system. Emails queued for delivery are stored in C:inetpubmailrootQueue. Failed messages are placed in C:inetpubmailrootBadmail:
# View queued messages
Get-ChildItem -Path "C:inetpubmailrootQueue" | Select-Object Name, CreationTime, Length
# View failed/bad mail
Get-ChildItem -Path "C:inetpubmailrootBadmail" | Select-Object Name, CreationTime, Length
# View drop folder (emails delivered locally)
Get-ChildItem -Path "C:inetpubmailrootDrop" | Select-Object Name, CreationTime, Length
# Manually drop a test .eml file into the Pickup folder to test delivery
$emlContent = @"
From: [email protected]
To: [email protected]
Subject: Manual SMTP Test
This is a manual SMTP delivery test.
"@
Set-Content -Path "C:inetpubmailrootPickuptest-$(Get-Random).eml" -Value $emlContent
Step 8: Open Firewall Ports for SMTP
# Open SMTP port 25 for inbound connections (if receiving mail locally)
New-NetFirewallRule -DisplayName "Allow Inbound SMTP Port 25" `
-Direction Inbound -Protocol TCP -LocalPort 25 `
-Action Allow -Profile Domain,Private
# If the server must send outbound on port 25, ensure outbound is not blocked
New-NetFirewallRule -DisplayName "Allow Outbound SMTP Port 25" `
-Direction Outbound -Protocol TCP -RemotePort 25 `
-Action Allow -Profile Domain,Private
# Allow SMTP submission port 587 outbound (for TLS-authenticated relay)
New-NetFirewallRule -DisplayName "Allow Outbound SMTP Submission 587" `
-Direction Outbound -Protocol TCP -RemotePort 587 `
-Action Allow -Profile Domain,Private,Public
Step 9: Monitor SMTP with Event Logs
# Check SMTP service events in the Application log
Get-EventLog -LogName Application -Source "*SMTP*" -Newest 30 | `
Select-Object TimeGenerated, EntryType, Source, Message | Format-Table -Wrap
# Check System log for SMTP service start/stop events
Get-EventLog -LogName System -Source "*SMTPSVC*" -Newest 20 | `
Select-Object TimeGenerated, EntryType, Message
# View SMTP service status
Get-Service SMTPSVC | Select-Object Status, StartType, DisplayName
The SMTP Server is now configured on Windows Server 2016 for use as a local mail relay. Applications running on the server can send email through port 25 to the local SMTP service, which then relays the message to an upstream mail server or delivers it directly. For production environments handling significant mail volume, consider a dedicated mail solution such as Microsoft Exchange Server or a cloud-based SMTP relay service for better reliability, authentication support, and TLS encryption.
