none
Can't Send or receive external emails in exchange 07

    Question

  • i have just configured a new exchange 07 server  i made the neccsary changes to the firewall to allow emails but it wont let me receive them  i have pointed my mx record to this new server and i have tried setting up the accepted domains with many differant setting non have worked so i set back to my default domain 

    Wednesday, September 06, 2006 7:55 PM

All replies

  • What types of errors or NDRs are you getting?
    Thursday, September 14, 2006 3:54 PM
  • Hi Doctorw,

    In a single-server Exchange 2007 setup you'll need to allow annonymous connections on your default receive connector.  By default Exchange 2007 servers not running the Edge Transport role will only accept inbound smtp connections from Exchange Users (clients), Exchange Servers (other Exchange 2007 servers) and Exchange Legacy Servers (legacy Exchange 2003 & below servers).  To allow annonymous smtp connections for your server, run the following management shell command:

    Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionsGroup "AnonymousUsers"

    As for not being able to send external email, have you configured a Send Connector?  This is done through Organizational Configuration->Hub Transport->Send Connectors, or by using the management shell command New-SendConnector.

    Hope this helps,

    Rob Costello

    Friday, September 15, 2006 12:27 PM
  •  Rob, you have a small syntax error:

     The command should read:

     Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionGroups "AnonymousUsers"

     ( PermissionsGroup --> PermissionGroups )

     

    Marc

    • Proposed as answer by GuilhermeLima Thursday, June 17, 2010 9:55 PM
    Tuesday, October 17, 2006 7:07 PM
  • Thank you so much for the information.  This solved my problem.  Now my question would be this.  At this point in time I have no edge transport server which is why this information helped.  In the next couple of days i will be getting a machine setup to function as the edge transport server.  So if i want to remove the allow anonymous user so that the edge transport server can function properly how would i go about doing this?  Thanks again for the valuable information.
    Friday, October 27, 2006 2:27 PM
  • Marc & Rob,

    Thanks for your help. I had the same issue. I installed Windows 2003 R2 and installed Exchange 2007 beta. I could not receive or send any email to outside world. After giving permissions to anonymous users, I can receive emails from external world but looks like I can not still send out emails. I will appreciate your help.

     

    Monday, December 25, 2006 3:25 PM
  • You should add a send connector to your Exchange server.

    In the Exchange Management Console, go to Organization Configuration -> Hub Transport. In the Action Panel choose: "New Send Connector"

    Go through the Wizard. In the Address Space you have to choose "*" if you want to send email to every domain.

    Hope this one help

    Thursday, January 18, 2007 4:48 PM
  • I was reading the above as I too am having the same problem.  Although when I run the shell cmd I get double arrows and a flashing cusor.  Now what????  I am sorry but I am really new to this.  any help would be great. 

     

    Thanks.

    Tuesday, February 06, 2007 7:17 PM
  •  

    Thanks a lot,

     

    This was the solution! The external clients are unable to send email to us, they received the following errors like:


                       The mail system 
    xxxx@xxxx.xxx: host 1.1.1.1[1.1.1.1] said: 530
        5.7.1 Client was not authenticated (in reply to MAIL FROM command)

    Once we had anonymouse-fixed, everything went smootly. 

    Sunday, April 01, 2007 6:57 PM
  • Since you have this set to AnonymousUsers, will people be able to use your Exchange server as a pass through (relay) for SPAM?

    or does this prevent relays from happening.

    Rick
    Tuesday, April 10, 2007 2:51 PM
  • if you did not get it figured out try this:

    the double arrows indicate the command is not compete as far as I can tell and is awaiting further input

     

    [MSH] C:\>Set-ReceiveConnector -Identity "<name of receive connector>" -PermissionGroups An
    onymousUsers

     

    you can get the name of the receive connector from the properties of it from the gui

     

    hope this helps, there is a good example if you use the help fil-- search for set-receiveconnector

    Tuesday, April 17, 2007 12:42 AM
  • fyi this is the only syntax that worked for me...


       Set-ReceiveConnector -Identity main\default* -PermissionGroups "AnonymousUsers"

    Wednesday, April 18, 2007 3:59 AM
  • I've got some issues with this approach.

     

    I've done what is mentioned here, and I'm now relaying mail for someone.

     

    I did the anonyomous on the receive connector first, and I noticed my queues were filling up.   So I did the send connector and the mail out left.   I disabled the send connector and again the queue starts filling up.

     

    All the relayed mail is from user <> in the queue.

     

    At abuse.net the script didn't get through the first 5 tests, but the 6th was a maybe.   Someone is defianlty using this test server to relay through. 

     

    What could I be missing?  We've kept the send connector disabled and just delete the emails because we know that they are not ours.

    Thursday, April 19, 2007 5:00 PM
  • Thanks solved my problem
    Thursday, June 07, 2007 1:51 PM
  • I agree if you set it to anonymous, your server will become a relay agent. I tested this using telnet and my exchange 2007 server accepted the mail from: adddress from any email address i put in there. Does anyone know a soulution to this??
    Thursday, July 05, 2007 8:23 PM
  •  

    Does anyone know the answer to this?  I am very interested in the response to see if there is any way once changing this setting can you STOP the open relay.  That would kind of defeat the purpose dont you think?

     

    Any helpful reply to this would be greatly appreciated.

     

    Cheers Ross

    Tuesday, November 06, 2007 8:20 PM
  • Hello,

     

    I don't have your response but i think that you can use this workaround :

     

    Active the Antispam agent, on this one you can configure :

     

    The Recipient filtering with the "Block messages sent to recipients not listed inthe GAL" => it's good but it's send a NDR message to sender.

     

    You can use the senders filtering too : "Block messages from the following senders" in fact, it's impossible too receive an email from internet that have your dns domain. And "Block the messages from blank senders too"

     

    And you can use the Content filtering too, and configure the rate of SCL that you want to use, i preconize you to test this level with the quarantaine mailbox to adjust like you want and limit the falsepositve mails.

     

    I hope that it help you,

     

    Cordialy,

     

     

     

     

    Thursday, November 22, 2007 3:47 PM
  • Accepting email from any address doesn't make you a spam relay.  However, letting people send to any email address via your server does.  That's why you have to restrict what domains your server accepts mail for in Organization Configuration -> Hub Transport -> Accepted Domains.

    IceColdEuro


    Sunday, November 25, 2007 1:21 PM
  • My situation is different, yet same error...cannot send to outside world.

     

    Using an external SMTP server and Edge Server.

     

    I send email out to the edge server and then out to the smtp server.

     

    I want connections and access secured all the way to the SMTP server since it is internal.

     

    How do I setup? I followed Microsoft's instructions...doesn't work. 

     

    Sunday, November 25, 2007 3:51 PM
  • Good day Naugtyboy119,

    Thanks for your help...Just follow your advice...and walla....I can receive and send email...to and from the internet...

    Thanks again...

    Monday, March 10, 2008 8:22 AM
  •  

    Great posts and advice.. This fixed my issue! Rock on
    Friday, April 04, 2008 3:00 PM
  • Just to clarify a few things.

    MSFT is trying VERY hard to be secure by default. To that end when you stand up a new Exchange 2007 Hub Transport server role, it doesn't allow un-authenticated/anonymous communication. This means that by default it will not be allowed to accept email from the outside world, until you go tell it to accept anonymous authentication. You can do this through the GUI now as well.

     

    Once you turn on anonymous authentication on the receive connector, all you are doing is allowing people to hand your Exchange server email w/o having to authenticate to it first. Exchange still checks to see what it should do with the mail. By default Exchange will only accept email for domains listed in the "Accepted Domains" tab.

     

    For the person seeing messages being generated from the <> person - this is most likely your server's System Attendant service acutally NDR'ing the message back to the originator. Meaning the email address they were sending the email to didn't exist, but the @domain.com was valid, so the System Attendant is trying to return the mail to them. The problem is that most of the FROM addresses it's trying to reply to are faked, so they sit in your queue until they expire.

    The only way to get rid of a lot of the <> messages from building up in your queue is to either use the Edge server role to block messages coming into your Org that don't have email addresses in the directory, or to install the actual anti-spam agent on your Exchange 2007 Hub Transport role (http://support.microsoft.com/kb/555924) and tell it to "Block messages sent to recipients not listed in the Global Address List". This will cause the server to actually reject the message as the remote email server tries to hand it in (some security people don't like this feature though as they believe this will aide spammers in directory harvesting, but I personally don't see the need to accept email just to have it sit in a queue somewhere).

     

    Now by default Exchange 2007 will NOT relay messages unless you tell it to. Telling it to allow incoming anonymous connections on the default recieve connector does not mean those outside server can relay through it OTHER domains. They can only connect to your server and send email in to the domains in the "Accepted Domains" tab. So unless you added more domains to your Accepted Domains and configured them as relays (I saw someone once configure * as an external relay which was a bad mistake IMHO), then you have nothign to worry about.

    BTW here is how the MS Exchange team says to configure relays in 2007 (yes it's a bit cryptic unlike 2003 sadly):

    http://msexchangeteam.com/archive/2006/12/28/432013.aspx

     

    And don't take my word for it. Try using an SMTP mail client (I like the command line tool Postie) to send an email test through your server with a foriegn domain name. You should get:

    Status: 550 5.7.1 Unable to relay

     

    Good luck

    • Proposed as answer by Pe5mith Monday, April 30, 2012 11:38 AM
    Wednesday, April 09, 2008 1:47 PM
  •  

    you can restrict the receive connector by IP address. default is all IP's.

    Incidentally, I've added anonymous, but still get 5.7.1 client was not authenticated

    Wednesday, July 09, 2008 1:25 PM
  • Hi everyone. Thanks for all this great information, it has been very helpful.  Whenever I try to implement the command "Set-ReceiveConnector -Identity "Default <ServerName> -PermissionGroups "AnonymousUsers"" I get the default object does not exist.  I tried to use the command "New-ReceiveConnector -Name Default" to create a new receive connector with default bindings (0.0.0.0:25) and ip address range (0.0.0.0-255.255.255.255). I am not sure why this is occuring, as I believe I am following all the directions above correctly.  If anyone has any suggestiongs, they are appreciated.
    Monday, July 28, 2008 8:23 PM
  • In your recieve connectors, check the port for the connectors.  By Default, mst has port 587.  You can change that to Port 110 which is the typcial default ports for email recieving.

    --Chad
    Thursday, August 21, 2008 6:55 PM
  • Uh....no.

     

    You receive (and send) email on port 25 if one is running a mail server (as opposed to a mail client, which *might* receive mail on port 110)

     

    Instead of messing with the default receive connector, just create a new one, and allow anonymous, use port 25.  (This doesn't mean that Exchange will be an open relay, as it will acept mail only for "accepted domains", set elsewhere)

     

     

     

    Wednesday, October 15, 2008 12:36 AM
  • Hi Doctorw,

    In a single-server Exchange 2007 setup you'll need to allow annonymous connections on your default receive connector.  By default Exchange 2007 servers not running the Edge Transport role will only accept inbound smtp connections from Exchange Users (clients), Exchange Servers (other Exchange 2007 servers) and Exchange Legacy Servers (legacy Exchange 2003 & below servers).  To allow annonymous smtp connections for your server, run the following management shell command:

    Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionsGroup "AnonymousUsers"

    As for not being able to send external email, have you configured a Send Connector?  This is done through Organizational Configuration->Hub Transport->Send Connectors, or by using the management shell command New-SendConnector.

    Hope this helps,

    Rob Costello


    Saturday, May 15, 2010 4:15 PM
  •  Rob, you have a small syntax error:

     The command should read:

     Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionGroups "AnonymousUsers"

     ( PermissionsGroup --> PermissionGroups )

     

    Marc


    Saturday, May 15, 2010 4:15 PM
  • Hi All,

    Thanks for the above info, tried the above but my exchange server 2007 in server 2003 sp2 isnt allowing me to send or receive emails to the external world, i can only send an receive emails locally.

    Recently our company has changed the domain hosting company from yahoo to another, this problem arrived then.

    Can you please help me out with this?

     

     


    azmath
    Wednesday, January 11, 2012 1:42 PM