none
Unable to send emails to internal security or distribution group on remote Exchange Server 2013 CU17 (DAG)

    Question

  • When I telnet to an exchange server on the local subnet and issue the commands below it works for users and distribution groups.

    When I connect to an exchange server (in the DAG) on a different subnet the commands work for sending to users, but not distribution groups or security groups as you can see from the pastes below.  Any help is appreciated.

    To a User:

    220 MRCALEXCH12.mross.ds Microsoft ESMTP MAIL Service ready at Thu, 24 Aug 2017 15:18:09 -0600
    EHLO
    250-MRCALEXCH12.mross.ds Hello [192.9.200.99]
    250-SIZE 36700160
    250-PIPELINING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-STARTTLS
    250-8BITMIME
    250-BINARYMIME
    250 CHUNKING
    MAIL FROM:wug2@mross.com
    250 2.1.0 Sender OK
    RCPT TO:dkaliel@mross.com
    250 2.1.5 Recipient OK
    DATA
    354 Start mail input; end with <CRLF>.<CRLF>
    Subject: Test 2

    test
    .
    250 2.6.0 <46d866c3669249c987ca0bee2006ff36@MRCALEXCH12.mross.ds> [InternalId=45273250267733, Hostname=MREDMEXCH12.mross
    .ds] Queued mail for delivery

    To a distribution group:

    220 MRCALEXCH12.mross.ds Microsoft ESMTP MAIL Service ready at Thu, 24 Aug 2017 15:16:18 -0600
    EHLO
    250-MRCALEXCH12.mross.ds Hello [192.9.200.99]
    250-SIZE 36700160
    250-PIPELINING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-STARTTLS
    250-8BITMIME
    250-BINARYMIME
    250 CHUNKING
    MAIL FROM:wug2@mross.com
    250 2.1.0 Sender OK
    RCPT TO:wugalert@mross.com
    250 2.1.5 Recipient OK
    DATA
    354 Start mail input; end with <CRLF>.<CRLF>
    Subject: Test 1

    test
    .
    451 4.7.0 Temporary server error. Please try again later. PRX4

    Thursday, August 24, 2017 9:23 PM

All replies

  • Well, we can only guess.  Here's my guess.

    The distribution group has RequireSenderAuthenticationEnabled set to $True.

    You have a receive connector with a range that includes that includes the IP address of the sending host that's successful.  That receive connector is configured with an AuthMechanism of ExternalAuthoritative or you're sending from an Exchange server.

    Am I close?


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Friday, August 25, 2017 1:55 AM
    Moderator
  • Hi,

    We can also change the Transport Role of receive connector to a HubTransport type instead of a FrontendTransport type and check the result.

    If it still doesn’t work, please check if any NDR messages bounce back and post out in detail.

    Please also run the command: get-receiveconnector | fl name, *role*

    Hope it helps.


    Regards,

    Jason Chao


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 25, 2017 2:30 AM
    Moderator