locked
550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain RRS feed

  • Question

  • I have a coexistence of exchange 2010 and 2016. 
    I have created a receive connector to accept emails from an in-house application

    I followed the guide here to create it  https://practical365.com/exchange-server/exchange-2016-smtp-relay-connector/ 

    The previous connector works fine on 2010 but I keep getting the error below when I try to test on the 2016 server.

    550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain

    I have recreated this connector in different ways but still get the same error.

    I'd appreciate any help in sorting this out.

    ~Cheers
    Monday, September 10, 2018 10:15 PM

Answers

  • Hi Richard_Steiner,

    In that article, Authentication is using 587 port, Anonymous connections is using 25 port, please make sure Telnet the port correctly.

    By the way, for security reasons, we do not recommend modifying default connectors, I would suggest you create an anonymous relay connector to relay mails from this application.

    https://docs.microsoft.com/en-us/exchange/mail-flow/connectors/allow-anonymous-relay 

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, September 11, 2018 7:27 AM

All replies

  • The Fix:

    We'll need to create a dedicated Send Connector to the domain for our external forward.

    In the EAC, navigate to Mail Flow, Send Connectors, +

    1. In the New Send Connector window, give it a name like "External Forward" and click Next 
    2. Leave MX record selected and click Next 
    3. Click the + and under the FQDN type the domain name for the external contact, click Save, and Next 
    4. For the Source Server, click the + and select your Edge server if you have one, or your Mailbox servers (all of them) and click Ok, then Finish 
    5.Enable Verbose Logging on the Connector:

    You'll want full logging on the connector so you can check the SMTPSend protocol logs later to verify successful sending.

    In the Exchange Management Shell (EMS), run the following:

    6. Set-SendConnector "External Forward" -ProtocolLoggingLevel Verbose 
    Optional:

    If the external domain requires it, you'll need to enable forced TLS, else messages will be dropped.

    7. In the EMS run the following:

    Get-SendConnector "External Forward" | Set-SendConnector -RequireTLS $true

    Now test! Have someone from the other Resource Forest send to the Shared Mailbox and have an external sender send a message the Shared Mailbox and verify that it forwards by using the protocol logs. 


    Tuesday, September 11, 2018 4:13 AM
  • looks like you are using an internal connector to send mails to external domains. Please follow the steps carefully under “External SMTP Relay with Exchange Server 2016 Using Anonymous Connections” in same article you mentioned.

    If you find my answer helpful please “Mark as Answer”


    Tuesday, September 11, 2018 4:59 AM
  • I have followed the steps in the guide carefully and created the receive connector successfully but I still get the same error. I have even added the send connector as suggested by Tech Mia but still no luck.

    I have never had an issue creating connectors (send or receive) in the past. This has kept me awake all night.


    ..forever is just a minute away*

    Tuesday, September 11, 2018 7:07 AM
  • Hi Richard_Steiner,

    In that article, Authentication is using 587 port, Anonymous connections is using 25 port, please make sure Telnet the port correctly.

    By the way, for security reasons, we do not recommend modifying default connectors, I would suggest you create an anonymous relay connector to relay mails from this application.

    https://docs.microsoft.com/en-us/exchange/mail-flow/connectors/allow-anonymous-relay 

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, September 11, 2018 7:27 AM
  • Which method are you using? Anonymous relay or with authentication?

    ee

    Tuesday, September 11, 2018 7:33 AM
  • Hi Kyle,

    I am doing a telnet to port 25 for the anonymous relay. see a screenshot of the test below 

    


    ..forever is just a minute away*

    Tuesday, September 11, 2018 7:58 AM
  • looks like this is not an external relay.

    In the Exchange Admin Center navigate to mail flow and then receive connectors. Select the server that you want to create the new receive connector on, and click the “+” button to start the wizard.

    exchange-2016-smtp-relay-02

    Give the new connector a name. I like to keep the name consistent with the other default connectors. Set the Role to “Frontend Transport”, and the Type to “Custom”.

    exchange-2016-smtp-relay-03

    The default Network adapter bindings are fine. This represents the IP and port that the server will be listening on for connections. Multiple receive connectors on the Frontend Transport service can listen on the same port of TCP 25.

    exchange-2016-smtp-relay-04

    Remove the default IP range from the Remote network settings, and then add in the specific IP addresses or IP ranges that you want to allow anonymous SMTP relay from. 

    exchange-2016-smtp-relay-05

    Click Finish to complete the wizard, then there is some additional configuration still required.

    In the Exchange Management Shell run the following two commands.

    Set-ReceiveConnector "EXSERVER\Anon Relay EXSERVER"
    -PermissionGroups AnonymousUsers
    Get-ReceiveConnector "EXSERVER\Anon Relay EXSERVER" |
    Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights
    MS-Exch-SMTP-Accept-Any-Recipient

    Now test the connector using Telnet from the IP address that was added to the remote network settings of the receive connector.


    ee


    • Edited by Nelson Thomas Tuesday, September 11, 2018 8:16 AM
    • Proposed as answer by Pawan11 Tuesday, September 11, 2018 9:36 AM
    Tuesday, September 11, 2018 8:14 AM
  • Hi Guys,

    I was able to resolve the issue.

    It turned out the AD servers were not replicating correctly. I created the connector again like I had done before and as suggested above then I went in and forced the domain controllers to replicate. I then tried the test again and this time it was successful.

    Thanks, Guys,

    ~Richard


    ..forever is just a minute away*


    Tuesday, September 11, 2018 11:12 AM
  • Hi Richard,

    Thanks for your sharing, please be free to mark it as an answer for helping more people.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, September 26, 2018 10:00 AM