none
Outlook+Exchange 2010sp2+pop3&smtp+550 5.7.1 Unable to relay

    Question

  • Hi,

    After migrating mailboxes from 2007sp3 to 2010sp2 users are not able send emails outside organization when using pop3/smtp Outlook setup. But they can email users inside the organization. Error message from System Administrator:  550 5.7.1 Unable to relay.

    Works fine on 2007sp3 for the same user and cannot see any difference between the receive connectors on 2007 and 2010. 

    Is this a new Exchange 2010 feature? How should I handle it?

    Is below part of my solution or am I missing the point?

    Get-ReceiveConnector RelayConnector | Add-ADPermission 
    -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

    Many thanks,

    Pawel

    Thursday, April 19, 2012 3:13 PM

Answers

  • Hmm if you are indeed using the default connector and have anonymous users checked it should be working. (also give that you dont have network restrictions on the network tab.

    It could be defaulting to the default and not the client connector if there is ip restrictions on the client connector for the clients of your pop\imap network segment for instance. Check the default connector network tab and see if its set to default

    Can you check the network tab of both connectors and see what restrictions are there in "receive mail from remote servers that have these IP addresses"

    I would check your receive connector logs to verify what connector its actually trying to use to relay.


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Friday, April 20, 2012 1:40 PM

All replies

  • What have you set in the Outgoing server section when configuring the OLK profile?

    Under the advanced Tab do you have port 587 specified?

    On your Client Connector do you have Exchange users ticked and is the connector you are connecting to?


    Sukh



    • Edited by Sukh828 Thursday, April 19, 2012 4:12 PM
    Thursday, April 19, 2012 3:41 PM
  • In EMC, Server Config, Hub Transport, highlight server, bottom pane, Client (servername) properties. Check to see if you mucked with the default settings.

    port 587

    receive mail from

    :ffffff

    0.0.0.0 -255.255.255.255

    Authentication tab

    Transport layer checked

    Enable Domain security not checked

    Basic auth checked

    Offer basic checked

    Integrated win checked

    Permissions group tab

    Exchange users checked.


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Thursday, April 19, 2012 5:03 PM
  • Outlook outgoing server settings: 2007sp3 hub server in site A - only internet facing hub - gets emails through 3rd party smart host.

    There is 2007sp3 hub in site B - no problems sending smtp internal and external emails from mailboxes in this site.

    Under advanced tab: port 25. So it is not using a Client connector - 578. 

    Connecting to a Default connector.

    Exchange 2010sp2 hub is in site C. Default settings on both default Exchange connectors. Getting unable to relay errors.

    Thanks,

    Pawel

    Thursday, April 19, 2012 11:08 PM
  • Can you see if you were allowing anonymous relay on your 2007 servers that allowed pop\imap users to send email without authenticating? In outlook on the outgoing smtp settings did you check my outgoing server requires authentication?

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Friday, April 20, 2012 12:34 AM
  • On a Default connector properties at Permission Groups Anonymous users are ticked. Did the same on 2010 hub and restarted the service - no progress.

    Outlook: my outgoing server (smtp) requires authentication - ticked (use the same settings as my incoming mail server) [mailbox on Exchange 2007 hub site B or A]. -> works fine

    But when mailbox is on Exchange 2010 hub site C the only option I can use with Outlook is: my outgoing server (smtp) requires authentication - ticked (Log on to incoming mail server before sending mail - ticked.) -> unable to relay error when emailing outside organization.

    Thanks,

    Pawel

    Friday, April 20, 2012 9:38 AM
  • Any reason why you are using the Default and not the Client?

    I'd recommend you use the Client unless you have a reason not to do so? This works fine.  You should leave the Default alone for Exchange.


    Sukh

    Friday, April 20, 2012 9:47 AM
  • This was set in this way by previous team - don't know what was the reason behind it.

    Both sites are in the middle of migration to Exchange 2010 so I would prefer to leave it as it is for the time being and get it sorted properly when hub 2010 is presented as an internet facing server.

    Some posts say that I should try Get-ReceiveConnector Default | Add-ADPermission 
    -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient” as it is a new Exchange 2010 "feature". Do you think it is something I'm missing on my Default connector?

    Thanks. 

    Pawel

    Friday, April 20, 2012 10:17 AM
  • What permissions are set on the permission groups tab on the default connector on 2010?

    You do have Exchange user rights?


    Sukh

    Friday, April 20, 2012 10:49 AM
  • Anonymous Users, Exchange users, Exchange servers, Legacy Exchange Servers. Same on two 2010 hubs in site C.

    Pawel

    Friday, April 20, 2012 1:15 PM
  • Current permissions for the connector having issues?

    I would still advise to use the Client Connector? Any reason why you can't?


    Sukh

    Friday, April 20, 2012 1:36 PM
  • Hmm if you are indeed using the default connector and have anonymous users checked it should be working. (also give that you dont have network restrictions on the network tab.

    It could be defaulting to the default and not the client connector if there is ip restrictions on the client connector for the clients of your pop\imap network segment for instance. Check the default connector network tab and see if its set to default

    Can you check the network tab of both connectors and see what restrictions are there in "receive mail from remote servers that have these IP addresses"

    I would check your receive connector logs to verify what connector its actually trying to use to relay.


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Friday, April 20, 2012 1:40 PM
  • No network restrictions. Default settings on both connectors.

    Pawel

    Friday, April 20, 2012 2:40 PM
  • Did you verify Sukh's suggestion on your outlook client outgoing smtp server port is it set to port 587?

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    Friday, April 20, 2012 2:46 PM
  • When there is something strange with your "Default" Exchange setup as the Default 2010 would allow this.  All you need to do is start the POP3 service and may change the authentication to plain text.

    Then configure OLK with the setting above and all works.

    As I keep saying, test with the Client Connector.


    Sukh

    Friday, April 20, 2012 2:54 PM