locked
Receive Connectors (need explanation) RRS feed

  • Question

  • Good afternoon,

    Currently reviewing a few things regarding receive connectors and came across some good articles to help re-educate me on the topic.  That said, here is what I'm doing and here was the result, so now I'm just looking for information as to the why/how to remediate.

    Scenario:  Did not want to leverage the Client Frontend SERVER receive connector for applications and standard relay functions, so I created a new Frontend leveraging TLS, Basic Auth, and Integrated Auth along with Exchange users permission group over TCP25.  Pretty straight forward.

    After testing with the following 2 commands:

    Send-MailMessage -smtpServer SERVER.domain.com -from user1@domain.com -to user1@domain.com -subject TEST

    &

    $creds
    Send-MailMessage -smtpServer EXCHANGESERVER.domain.com -from user1@domain.com -to user1@domain.com -Subject TEST -credential $creds

    Result:  Running these commands in PS I get the known error "SMTP; Client does not have permissions to send as this sender"

    I understand the error and after reviewing the protocol logs I verified that the user1 account was authenticating fine, but it appears as though the initial EHLO to the server shows the user1 COMPUTERNAME also.  So it seems as though Exchange sees my sendmail request as coming from COMPUTERNAME not the USER1 I'm logged in as or provided credentials for and therefore refuses to sendmail.

    Who can explain or provide direction as to why the COMPUTERNAME is causing this (if this is the root cause) even after specifying the $creds get-credentials variable?  What is the fix or better yet detailed cause?

    As always thank you for any direction or information you can provide.  Much appreciated.

    Blind


    • Edited by Blindf8th Thursday, January 16, 2020 9:35 PM
    Thursday, January 16, 2020 9:32 PM

All replies

  • Hi Blind,

    "Send-MailMessage" command is used to send authentication email  from 587 port which need sender credential.

    If you want to send relay email from 25 port, you need to use Telnet client, here is an detail information about it: Use Telnet on Port 25 to test SMTP communication 

    About anonymous relay which used 25 port on Exchange servers, here is an article about how to create it.

    New-ReceiveConnector -Name "Anonymous Relay" -TransportRole FrontendTransport -Custom -Bindings 0.0.0.0:25 -RemoteIpRanges 192.168.5.10,192.168.5.11
    Set-ReceiveConnector "Anonymous Relay" -PermissionGroups AnonymousUsers
    Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
    

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, January 17, 2020 7:52 AM
  • Thank you for the reply Kyle, but I am little confused, so hopefully you can help me across the finish line.

    If you do a -----Send-MailMessage -SmtpServer SERVER-----, that uses port 25 by default (587 is not a requirement).  I just tested this command in PS and I authenticate against the connector as I would expect to using with the settings I referenced in my OP.  Here is what the logs show: ---DOMAIN\myadaccount,authenticated---.

    Also, your response focuses on anonymous relay which is not what I'm trying to accomplish with my post.

    ---------------  Let me try and re-phrase  ---------------

    My goal is to create 2 or 3 new Frontend connectors (not utilizing the built-in MS ones) that serve the following purposes for servers, applications, and printers etc:  What am I missing?

    Receive Connector 1 - Authenticated (this is my original post question)

    Receive Connector 2 - Anonymous/Un-Authenticated Internal Only

    Receive Connector 3 - Anonymous/Un-Authenticated External Only (your reply covered this).

    How can I accomplish Receive Connector 1?  Currently I receive the error

    ----------  Mailbox unavailable. The server response was: 5.7.60 SMTP; Client does not have permissions to send as this sender  ----------

    (logs state ive authenticated yet again) :o(

    Thanks again for any direction on this as no one seems to know OR maybe I'm not explaining it that well.

    Blind



    • Edited by Blindf8th Friday, January 17, 2020 5:03 PM
    Friday, January 17, 2020 4:54 PM
  • Hi Blindf8th,

    Here is an article which could good answer your question about creating relay connector: How to Configure Exchange Server 2016 for SMTP Application Relay 

    As I mentioned before, If you want to test relay email from 25 port, the best practices is using Telnet. When you want to test email from 587, the best practices is using Send-MailMessage command.

    Please note: make sure the IP of your computer is contained in the correct connector.

    If there exist multiple receivers listening to 25 port, email flow will choose the most detailed one. Such as, there exist three connectors which listening to 25 port:

    1. Remote network settings is 0.0.0.0-255.255.255.255

    2. Remote network settings is 192.168.1.4-192.168.1.10

    3. Remote network settings is 192.169.1.11-192.168.1.20

    If the IP of your computer is 192.168.1.8, when you test relay emails from your computer, it will choose to use the second one to relay emails.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, January 21, 2020 8:54 AM
  • Hi Blindf8th,

    I am writing here to confirm with you how thing going now?

    If the above suggestion helps, please be free to mark it as an answer for helping more people.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, February 7, 2020 8:51 AM