locked
Relay fails when using account with Send As permissions RRS feed

  • Question

  • Have set up a FrontEndTransport connector for an external application to send through our Exchange 2016 server. Security is Externally Secured, Permission groups is Exchange servers. Scoping is limited to their 2 external IP addresses. External application uses one email address to authenticate to Exchange and mail sends correctly. When we set it to send from a different address (a valid Exchange user address) we receive '550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain'. The address used to authenticate has send-as permissions for the other account - can anyone tell me what I'm missing? Thanks!

    Jack


    Jack - IT Portfolio


    One additional note - the application log shows event ID 1035 fromMSExchangeFrontEndTransport showing "Inbound authentication failed with error LogonDenied for Receive connector Default Frontend" when it should be going through the custom relay connector set up for the off-site application. It also gives the source IP address as the firewall - not the IP of the server they are coming from.
    Tuesday, August 22, 2017 10:36 PM

Answers

  • Hi,

    Receive connector doesn't recognize Send-Ad Permission, it just check the authentication of coming connections.

    According to the error message: "550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain", it indicates authentication problem, I suggest to switch to another user address or consider to configure anonymous SMTP relay connector (open relay) by the following commands:

    Set-ReceiveConnector "ServerName\RelayConnector" -PermissionGroups AnonymousUsers
    Get-ReceiveConnector "ServerName\RelayConnector" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient


    Best Regards,

    Lynn-Li
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    • Edited by Lynn-Li Thursday, August 24, 2017 3:11 AM Typo
    • Marked as answer by Jack - IT Portfolio Thursday, August 24, 2017 8:02 PM
    Thursday, August 24, 2017 3:10 AM

All replies

  • Hi,

    Receive connector doesn't recognize Send-Ad Permission, it just check the authentication of coming connections.

    According to the error message: "550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain", it indicates authentication problem, I suggest to switch to another user address or consider to configure anonymous SMTP relay connector (open relay) by the following commands:

    Set-ReceiveConnector "ServerName\RelayConnector" -PermissionGroups AnonymousUsers
    Get-ReceiveConnector "ServerName\RelayConnector" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient


    Best Regards,

    Lynn-Li
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    • Edited by Lynn-Li Thursday, August 24, 2017 3:11 AM Typo
    • Marked as answer by Jack - IT Portfolio Thursday, August 24, 2017 8:02 PM
    Thursday, August 24, 2017 3:10 AM
  • Thanks - I had hoped to set it as authenticated but this will work as well.

    Jack


    Jack - IT Portfolio

    Thursday, August 24, 2017 8:03 PM