locked
Anonymous relay is not working for external domains RRS feed

  • Question

  • We have 2 exchange server 2016 in our domain. Anonymous relay configured on both and was working fine. Additional new exchange configured and anonymous relay setup completed for the same. Now for few services, the configured alerts were not sending to external. The error is as follows: -

    "Caused by: com.sun.mail.smtp.SMTPAddressFailedException:  550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain"

    But, strange is some services relaying perfectly fine to external through the same setup.
    Also the services\server not relaying to external, are working fine for internal only alert settings.


     

    Sunday, April 7, 2019 9:56 AM

All replies

  • Hi,

    You may missed some configuration on your receiver connector, I would suggest check it again:

    1. If you want to use external authentication SMTP relay, you should take steps below:

    a. Create an certificate for the receiver connector your used for external authentication relay.

    b. Bind this certificate to receiver connector with commands below:

    [PS] C:\>$cert = Get-ExchangeCertificate -Thumbprint *********
     
    [PS] C:\>$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"
     
    [PS] C:\>Set-ReceiveConnector "***\Client Frontend EXSERVER" -Fqdn **.**.**-TlsCertificateName $tlscertificatename

    2. If you want to use external anonymous relay, we should take steps below:

    a. Create a receiver for anonymous relay.

    b. Modify this custom connector's permission with command below:

    [PS] C:\>Set-ReceiveConnector "***\Anon Relay EXSERVER" -PermissionGroups AnonymousUsers
     
    [PS] C:\>Get-ReceiveConnector "**\Anon Relay EXSERVER" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient

    One more thing, make sure your application's IP is contained in the connector that you used to relay.

    For more information about external SMTP relay, you can have a look about this blog: How to Configure Exchange Server 2016 for SMTP Application Relay 

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, April 8, 2019 3:08 AM
  • Hi Sabir_rm,

    I am writing here to confirm with you how thing going now?

    If the above suggestion helps, please be free to mark it as an answer for helping more people.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, April 15, 2019 1:50 AM
  • Hi Kyle

    I need to know step by step how we can trace a anonymous relay if its not working.

    In our case, there are 3 exchange server and top of that load balance F5 is there which is the relay IP configured on all.

    The issue is intermittent and when the issue is there, if we change the default URL host entry to any of the exchange server IP, then it will start working.

    But again, we cannot say its a F5 configuration issue as it used to work thru F5 most of the time.

    So when we have the issue, we need to troubleshoot to find where it actually blocks.

    Thanks

    Sunday, April 28, 2019 8:41 AM
  • So, do you try to use Message tracking log to check the mail flow for email which is failed to relay? Based on your description, it sounds like a DNS issue.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 1, 2019 7:54 AM