none
Unable to send to external email recipients - Multi Tenant Exchange 2013 - MultiRole servers in DAG

    Question

  • Greetings all, I hope someone can help.
    I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
    Internal mail flow is fine (external email addresses can send to the domain).
    External firewall port forwards ports 443 and 25 to the Internal DAG IP address.

    There are two multi-role Exchange servers that are members of the DAG.
    I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
    No SSL certificates have been purchased or installed yet.
    Exchange URLs have not been changed since default configuration at install.
    OWA and ECP works both internal and external.
    External DNS works with SPF and PTR records correctly configured
    Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)

    Send Connectors are the default ones created during install. Receive connector is standard configuration with  - * - 
    When sending email to an external address, I receive a failure notice

    ServerName.test.corp.int gave this error:
    Unable to relay 

    Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.

    More Info - 
    ServerName.test.corp.int
    Remote Server returned '550 5.7.1 Unable to relay'

    I have been troubleshooting this for many hours with no progress.
    I have created new Send Connectors for the server that is advising that it is unable to relay, but they have all failed.
    I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
    I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
    I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.

    I am at a loss as to why I can't send out with the default configuration. I would assume that email would flow out without any changes, but this does not happen.

    Can someone please assist before I lose my sanity.

    Thanks in advance,

    Terry
    Monday, February 16, 2015 3:44 AM

Answers

All replies

  • Hello,

    I guess, you need to create a custom connector as explained here: http://www.shudnow.net/2013/06/04/how-anonymous-relay-works-in-exchange-2013/


    Regards from Visit ExchangeOnline | Visit WindowsAdmin

    Monday, February 16, 2015 4:15 AM
  • Thanks for the reply, but it still errors with the Unable to relay error.

    I followed the process, created the connector on both servers, ran the script, restarted the Transport service.

    Failed.

    Any other thoughts would be greatly appreciated.

    Monday, February 16, 2015 5:26 AM
  • Greetings all, I hope someone can help.
    I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
    Internal mail flow is fine.
    Incoming mail from external senders is also fine. - 

    external email addresses can send to the domain).

    External firewall port forwards ports 443 and 25 to the Internal DAG IP address.


    There are two multi-role Exchange servers that are members of the DAG.
    I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
    No SSL certificates have been purchased or installed yet.
    Exchange URLs have not been changed since default configuration at install.
    OWA and ECP works both internal and external.
    External DNS works with SPF and PTR records correctly configured
    Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)

    Receive Connectors are the default ones created during install. Send connector is standard configuration with  - * - 
    When sending email to an external address, I receive a failure notice

    ServerName.test.corp.int gave this error:
    Unable to relay 

    Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.

    More Info - 
    ServerName.test.corp.int
    Remote Server returned '550 5.7.1 Unable to relay'

    I have been troubleshooting this for several days with no progress.
    I have created new Receive Connectors for the server that is advising that it is unable to relay, but they have all failed.
    I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
    I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
    I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.

    Even more info - Further troubleshooting -
    I found my one of my Exchange servers had an extra NIC. I have since added a second NIC to the other server, so now both Exchange servers have dual NICs. I removed the DAG cleanly and recreated the DAG from scratch, using this link -
    hxxp://careexchange.in/how-to-create-a-database-availability-group-in-exchange-2013/ 
    The issue still exists, even with a newly created DAG. I also found that the Tenant Address Books were not 'applied'. I applied them but still no resolution

    I think the issue is related to multi-tenant configuration even though the error says that it can't relay. The unable to relay message can appear when sending from a domain that the Organization does not support. Like trying to email as bill.gates@microsoft.com when you domain name is apple.com - But through extensive research I still can't resolve the issue.

    Can someone please assist before I lose my sanity.

    Thanks in advance,

    Terry

    Tuesday, February 17, 2015 9:49 PM
  • Greetings all, I hope someone can help.
    I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
    Internal mail flow is fine (external email addresses can send to the domain).
    External firewall port forwards ports 443 and 25 to the Internal DAG IP address.

    There are two multi-role Exchange servers that are members of the DAG.
    I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
    No SSL certificates have been purchased or installed yet.
    Exchange URLs have not been changed since default configuration at install.
    OWA and ECP works both internal and external.
    External DNS works with SPF and PTR records correctly configured
    Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)

    Send Connectors are the default ones created during install. Receive connector is standard configuration with  - * -
    When sending email to an external address, I receive a failure notice

    ServerName.test.corp.int gave this error:
    Unable to relay

    Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.

    More Info -
    ServerName.test.corp.int
    Remote Server returned '550 5.7.1 Unable to relay'

    I have been troubleshooting this for many hours with no progress.
    I have created new Send Connectors for the server that is advising that it is unable to relay, but they have all failed.
    I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
    I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
    I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.

    I am at a loss as to why I can't send out with the default configuration. I would assume that email would flow out without any changes, but this does not happen.

    Can someone please assist before I lose my sanity.

    Thanks in advance,

    Terry

    Wednesday, February 18, 2015 2:11 AM