locked
Authenticated SMTP relay not working if from and user don't match RRS feed

  • Question

  • We have an Exchange 2016 and we have this issue:

    - on some of our customers servers we must configure some email alerts that are sent through a SMTP connector (with STARTTLS and AUTH-LOGIN enabled)

    - the destination address is To: `people@customerdomain.com`

    - the SMTP user is `alert@ourcompany.com`

    - if we specify `From: alert@ourcompany.it` then everything is fine

    - **but** if we specify `From: alertservice@customerdomain.com` our server reports this error

    :

         [S] 235 2.7.0 Authentication successful
         ....
         550 5.7.60 SMTP; Client does not have permissions to send as this sender


    The error occurs both if we use a FrontendTransport receive connector or a HubTransport receive connector.

    We searched for a solution but we didn't find anything.

    > Is there a setting that allows to use any From: address when relaying mail for authenticated SMTP users?

    Thanks.
    Friday, August 4, 2017 9:56 AM

Answers

  • This seems to solve the problem:

    Get-ReceiveConnector "SERVER\Internet SMTP Connector" | Add-ADPermission -User "NT AUTHORITY\Authenticated Users" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"

    And Internet SMTP Connector  is a HubTransport connector (it doesn't work if we add the above permission on a FrontendTransport connector)

    • Proposed as answer by Allen_WangJF Monday, August 7, 2017 8:32 AM
    • Marked as answer by M Edigest Monday, August 7, 2017 9:44 AM
    Friday, August 4, 2017 1:18 PM

All replies

  • Get-ReceiveConnector "servername\connectorname" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"


    Try with above command.


    Shyam


    • Edited by Shyam89 Friday, August 4, 2017 10:06 AM
    Friday, August 4, 2017 10:06 AM
  • ??? That command seems to enable relay ???

    (after it we can send an email to everyone without authentication)


    • Edited by M Edigest Friday, August 4, 2017 10:53 AM
    Friday, August 4, 2017 10:44 AM
  • This seems to solve the problem:

    Get-ReceiveConnector "SERVER\Internet SMTP Connector" | Add-ADPermission -User "NT AUTHORITY\Authenticated Users" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"

    And Internet SMTP Connector  is a HubTransport connector (it doesn't work if we add the above permission on a FrontendTransport connector)

    • Proposed as answer by Allen_WangJF Monday, August 7, 2017 8:32 AM
    • Marked as answer by M Edigest Monday, August 7, 2017 9:44 AM
    Friday, August 4, 2017 1:18 PM