none
Authenticated SMTP relay through Default Receive Connector

    Question

  • I am trying to use the receive connector "Default MAIL-SERVER" (port 2525) as an authenticated external relay. And I am successful in doing that with the user "Bob.smith@domain.com" but I am unable to use the same receive connector for user "administrator@domain.com". What is the difference?

    Get-ReceiveConnector -Identity "Default MAIL-SERVER" | Get-ADPermission -User administrator | ft AccessRights, ExtendedRights, Deny

    AccessRights ExtendedRights Deny
    {ExtendedRight} {Send-As} True
    {ExtendedRight} {Receive-As} True
    {GenericAll} False

    I've tested sending/receiving mails as the administrator through the OWA and it works. What am I missing?

    Notes

    • "administrator@domain.com" is the domain admin.
    • When trying to send a mail through C# System.Net.Mail, I receive this message "The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated" but I am able to send it as "bob.smith@domain.com"
    • "administrator@domain.com" is not logged in MessageTracking Logs or Connectivity Logs
    • Found error "The account 'Domain\administrator' provided valid credentials, but is not authorized to use the server; failing authentication" in the windows event log. Added "MS-Exch-SMTP-Submit" permission to the administrator AD account for the Default receive connector. Issue still unresolved





    • Edited by LordBalmung Thursday, February 23, 2017 10:55 AM
    Thursday, February 23, 2017 8:51 AM

All replies

  • I am trying to use the receive connector "Default MAIL-SERVER" (port 2525) as an authenticated external relay. And I am successful in doing that with the user "Bob.smith@domain.com" but I am unable to use the same receive connector for user "administrator@domain.com". What is the difference?

    Get-ReceiveConnector -Identity "Default MAIL-SERVER" | Get-ADPermission -User administrator | ft AccessRights, ExtendedRights, Deny

    AccessRights ExtendedRights Deny
    {ExtendedRight} {Send-As} True
    {ExtendedRight} {Receive-As} True
    {GenericAll} False

    I've tested sending/receiving mails as the administrator through the OWA and it works. What am I missing?

    Notes

    • "administrator@domain.com" is the domain admin.
    • When trying to send a mail through C# System.Net.Mail, I receive this message "The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated" but I am able to send it as "bob.smith@domain.com"
    • "administrator@domain.com" is not logged in MessageTracking Logs or Connectivity Logs
    • Found error "The account 'Domain\administrator' provided valid credentials, but is not authorized to use the server; failing authentication" in the windows event log. Added "MS-Exch-SMTP-Submit" permission to the administrator AD account for the Default receive connector. Issue still unresolved





    Does the administrator account have a mailbox?  

    I would also recommend using an account that doesn't have administrator rights just because situations arise where you administrator get some deny permissions due to the level of access it has.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Thursday, February 23, 2017 2:31 PM
  • I recommend never using the default connectors for such things and instead create a new connector.  Lock down the new connector with RemoteIPRanges of the hosts you want to allow this kind of access.

    Why aren't you just using port 587 for this?

    Hinte is right, you should not use administrative accounts for this since administrative accounts shouldn't be mailbox-enabled per best practices.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Friday, February 24, 2017 12:34 AM
    Moderator