locked
Relay fails when using account with Send As permissions RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Have set up a FrontEndTransport connector for an external application to send through our Exchange 2016 server. Security is Externally Secured, Permission groups is Exchange servers. Scoping is limited to their 2 external IP addresses. External application uses one email address to authenticate to Exchange and mail sends correctly. When we set it to send from a different address (a valid Exchange user address) we receive '550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain'. The address used to authenticate has send-as permissions for the other account - can anyone tell me what I'm missing? Thanks!

    Jack

    Jack - IT Portfolio


    One additional note - the application log shows event ID 1035 fromMSExchangeFrontEndTransport showing "Inbound authentication failed with error LogonDenied for Receive connector Default Frontend" when it should be going through the custom relay connector set up for the off-site application. It also gives the source IP address as the firewall - not the IP of the server they are coming from.
    Tuesday, August 22, 2017 10:36 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Receive connector doesn't recognize Send-Ad Permission, it just check the authentication of coming connections.

    According to the error message: "550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain", it indicates authentication problem, I suggest to switch to another user address or consider to configure anonymous SMTP relay connector (open relay) by the following commands:

    Set-ReceiveConnector "ServerName\RelayConnector" -PermissionGroups AnonymousUsers
    Get-ReceiveConnector "ServerName\RelayConnector" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient

    Best Regards,

    Lynn-Li
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    • Edited by Lynn-Li Thursday, August 24, 2017 3:11 AM Typo
    • Marked as answer by Jack - IT Portfolio Thursday, August 24, 2017 8:02 PM
    Thursday, August 24, 2017 3:10 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Receive connector doesn't recognize Send-Ad Permission, it just check the authentication of coming connections.

    According to the error message: "550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain", it indicates authentication problem, I suggest to switch to another user address or consider to configure anonymous SMTP relay connector (open relay) by the following commands:

    Set-ReceiveConnector "ServerName\RelayConnector" -PermissionGroups AnonymousUsers
    Get-ReceiveConnector "ServerName\RelayConnector" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient

    Best Regards,

    Lynn-Li
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    • Edited by Lynn-Li Thursday, August 24, 2017 3:11 AM Typo
    • Marked as answer by Jack - IT Portfolio Thursday, August 24, 2017 8:02 PM
    Thursday, August 24, 2017 3:10 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks - I had hoped to set it as authenticated but this will work as well.

    Jack

    Jack - IT Portfolio

    Thursday, August 24, 2017 8:03 PM