locked
unable to relay with Exchange 2007 RRS feed

  • Question

  • I am doing some internal testing on two Exchange servers...one is 2003 and one is 2007.  I can get everything authenticating and am able to run load tests fine on the 2003 system.  However, in the 2007 system, it appears to not be allowing relaying, even though relay is supposed to be enabled by default.  Here is the authentication error I am getting:

    TEST SENDING qa@testlab.lab:
    >Connecting to w2k364b (172.16.75.210)
    220 w2k364b.testlab.lab Microsoft ESMTP MAIL Service ready at Fri, 17 Apr 2009 14:32:31 -0300
    >EHLO error-no-valid-domain.com
    250-w2k364b.testlab.lab Hello [172.16.75.220]
    250-SIZE
    250-PIPELINING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-STARTTLS
    250-X-ANONYMOUSTLS
    250-AUTH NTLM
    250-X-EXPS GSSAPI NTLM
    250-8BITMIME
    250-BINARYMIME
    250-CHUNKING
    250-XEXCH50
    250 XRDST
    >MAIL FROM:<qa@testlab.lab>
    >SMTP Error 4570:
    Illegal response to the sender(530):
    530 5.7.1 Client was not authenticated


    The troubleshooter appears to say that this is a relay issue.  But how can that be if relaying is enabled by default?
    What else could be wrong, and how would I look into resolving this?
    Monday, April 20, 2009 7:22 PM

Answers

  • OK, I figured it out.  Anonymous is NOT enabled by default, despite what I have found on every forum.

    To enable it, in case somebody else in the future is reading this thread with this problem, you do this:

    - open Exchange Management Console
    - expand Server Configuration
    - click on Hub Transport
    - right-click on the name of the receive connector you are using (perhaps "Default"), and select Properties
    - select the Permission Groups tab
    - click to enable Anonymous users
    - click Apply and/or OK
    Tuesday, April 21, 2009 12:05 PM

All replies

  • Hi,

    Just for testing create a seperate receive connector, in the connector specify that you want to accept mail from anonymous users and restrict it per IP if you like.

    Regards,

    Johan


    blog: www.johanveldhuis.nl
    Monday, April 20, 2009 7:28 PM
  • You will want to configure a receive connector to allow the relay. 

    See the link below. 

    Allowing application servers to relay off Exchange Server 2007:
    http://msexchangeteam.com/archive/2006/12/28/432013.aspx


    BP
    Monday, April 20, 2009 8:32 PM
  • Johan,
    I setup a receive connector to receive anonymous from all IP, and it didn't work.  Then I set one up for specific IP, and it still didn't work.  I still get the same error.  I've even enabled all permission groups, just for the sake of trying it (it's in an isolated lab, so I'm not worried about something finding it externally and starting to relay through it).

    In the "authentication" properties, I only have TLS enabled, as it's not authenticating to an external server.
    Tuesday, April 21, 2009 10:54 AM
  • Hi,

    Please run:

    get-receiveconnector | fl

    And post the results here.

    Regards,

    Johan
    blog: www.johanveldhuis.nl
    Tuesday, April 21, 2009 11:07 AM
  • OK, I figured it out.  Anonymous is NOT enabled by default, despite what I have found on every forum.

    To enable it, in case somebody else in the future is reading this thread with this problem, you do this:

    - open Exchange Management Console
    - expand Server Configuration
    - click on Hub Transport
    - right-click on the name of the receive connector you are using (perhaps "Default"), and select Properties
    - select the Permission Groups tab
    - click to enable Anonymous users
    - click Apply and/or OK
    Tuesday, April 21, 2009 12:05 PM
  • Darren,

    OK that's what I meant you should configure but good to hear it's solved.

    Regards,

    Johan
    blog: www.johanveldhuis.nl
    • Proposed as answer by Fabian Cortes Saturday, June 20, 2009 6:31 PM
    Tuesday, April 21, 2009 12:31 PM
  • Even do it this step you need select in Permission Group tab, Exchange Servers and  Legacy Exchange Server, i've folloed the step listed above but for me it doesn't work, even i've executed a command in Shell Console ... only work with these options more in Permission Group Tab.


    Saturday, June 20, 2009 6:35 PM
  • It works for me in exchange 2007 CCR environment... jus like this that i can to send anonymous mail created from linux server and relying through exchange active node in hub transport....
    Saturday, June 20, 2009 6:41 PM
  • Ok I'm able to accept mail from internal non-exchange hosts now on my internal hub by creating a seperate receive connector for anonymous users, restricted to an IP range only.

    But I can only relay those emails to internal users. When I want to relay externally I have to follow this procedure :

    http://msexchangeteam.com/archive/2006/12/28/432013.aspx

    But that too much. Now I (and everyone within the IP range, including nasty users) can relay to everything externally. What if I only want to be able to have anonymous non-exchange hosts on my internal network to relay to 1 extenal SMTP domain ?

    In E2003 I created a connector limited to the SMTP domain address space, and enabled the Relay on that connector.
    In E2007 the only place I can use address space (to limit to 1 SMTP domain) is on send connectors. But these do not have a Relay option.

    Edit: Never mind.
    The accepted domains list can also be used to enable relay to an external domain. Need to Google before I reply more often.
    Friday, July 3, 2009 3:38 PM