none
Issue with mail flow when changing smart host

    Frage

  • HI there,

    First of all, I am not sure if I should post this here or on an IIS forum.

    I have an Exchange 2013 server and an Application Request Routing (ARR) server that acts as a proxy to it. Traffic to and from the internet pass through the ARR server before coming to the Exchange server.

    The ARR server is basically just an IIS server.

    Emails to and from the ARR server pass through a spam filter found in the cloud.

    We are moving to another cloud spam filter.

    I have already configured the ARR server to send outgoing emails to the new spam filter and it is working.

    However, incoming emails are a problem.

    I am getting the following delivery failure:

    Final-Recipient: rfc822;testuser@mydomain.com
    Action: failed
    Status: 5.7.1
    Diagnostic-Code: smtp;530 5.7.1 Client was not authenticated

    I checked on the internet and found that it is due to Anonymous being disabled on the Default Frontend receive connector.

    However, Anonymous is already enabled on the connector.

    The weird thing is that on the SMTP server on IIS, I changed the OUTGOING smart host and it is affecting INCOMING emails. If I revert back to the original smart host, incoming emails start being delivered correctly.

    Can anyone help?


    Dienstag, 15. Mai 2018 19:36

Antworten

  • It's possible that the connector you enabled for anonymous authentication isn't the one being selected for the inbound traffic.  I can't say without knowing more about all your receive connectors and how inbound mail is routed.  If you enable all your receive connectors (at least the ones bound to port 25) for Verbose protocol logging, the logs will show which connector was selected for each transaction.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Dienstag, 15. Mai 2018 21:30
    Moderator

Alle Antworten

  • It's possible that the connector you enabled for anonymous authentication isn't the one being selected for the inbound traffic.  I can't say without knowing more about all your receive connectors and how inbound mail is routed.  If you enable all your receive connectors (at least the ones bound to port 25) for Verbose protocol logging, the logs will show which connector was selected for each transaction.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Dienstag, 15. Mai 2018 21:30
    Moderator
  • Dear Ed,

    Many thanks for your reply.

    I enabled logging for all connectors and realised that indeed, the correct connector was not being used.

    The logs also showed me that the port being used by the ARR server was 587, but in the network adapter bindings of the corresponding receive connector, there was only port 25.

    Once I added port 587 to that connector, it started working as expected.

    Mittwoch, 23. Mai 2018 07:12