535 5.7.3 Authentication unsuccessful RRS feed

  • Question

  • I setup a custom receive connector with the following settings (Exchange 2010):

    Network: Receive mail from ...: IP-addresses
    Authentication: TLS and Basic Authentication
    Permission Group: Anonymous users
    Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
    Starting telnet on port 25, sending auth login, I get 535 5.7.3 Authentication unsuccessful.
    When I have a look in the smtpReceive log, I can see "Inbound authentication failed because the client domain\user doesn't have submit permission."
    What did I configure wrong?
    Thank you for any reply, Reinhard

    Monday, February 6, 2012 12:36 PM


All replies

  • You should also select Externally Secured.
    KPN Consulting - Technical Consultant www.bart-timmermans.nl
    Monday, February 6, 2012 12:54 PM
  • If I try to set this, I have to set Permission Group Exchange Server and then I get an error "External Authorative cannot be set with BasicAuth, ..."

    If I have no basic auth, I can't do Auth login.

    regards Reinhard

    Monday, February 6, 2012 1:28 PM
  • Hi,

    Please give us all error log discription.


    Monday, February 6, 2012 3:08 PM
  • here are the smtpreceive log. Is that what you like to see?

    2012-02-03T14:09:22.753Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,2,x.x.x.x:25,x.x.x.x:34027,>,"220 server-ex.domain.domain.com Microsoft ESMTP MAIL Service ready at Fri, 3 Feb 2012 15:09:22 +0100",
    2012-02-03T14:09:27.706Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,3,x.x.x.x:25,x.x.x.x:34027,<,ehlo,
    2012-02-03T14:09:27.706Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,4,x.x.x.x:25,x.x.x.x:34027,>,250-server-ex.domain.domain.com Hello [x.x.x.x],
    2012-02-03T14:09:27.706Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,5,x.x.x.x:25,x.x.x.x:34027,>,250-SIZE 52428800,
    2012-02-03T14:09:27.706Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,6,x.x.x.x:25,x.x.x.x:34027,>,250-PIPELINING,
    2012-02-03T14:09:27.706Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,7,x.x.x.x:25,x.x.x.x:34027,>,250-DSN,
    2012-02-03T14:09:27.706Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,8,x.x.x.x:25,x.x.x.x:34027,>,250-ENHANCEDSTATUSCODES,
    2012-02-03T14:09:27.706Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,9,x.x.x.x:25,x.x.x.x:34027,>,250-AUTH LOGIN,
    2012-02-03T14:09:27.706Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,10,x.x.x.x:25,x.x.x.x:34027,>,250-8BITMIME,
    2012-02-03T14:09:27.706Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,11,x.x.x.x:25,x.x.x.x:34027,>,250-BINARYMIME,
    2012-02-03T14:09:27.706Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,12,x.x.x.x:25,x.x.x.x:34027,>,250 CHUNKING,
    2012-02-03T14:09:34.034Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,13,x.x.x.x:25,x.x.x.x:34027,<,auth login,
    2012-02-03T14:09:34.034Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,14,x.x.x.x:25,x.x.x.x:34027,>,334 <authentication response>,
    2012-02-03T14:10:02.894Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,15,x.x.x.x:25,x.x.x.x:34027,>,334 <authentication response>,
    2012-02-03T14:10:14.613Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,16,x.x.x.x:25,x.x.x.x:34027,*,None,Set Session Permissions
    2012-02-03T14:10:14.613Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,17,x.x.x.x:25,x.x.x.x:34027,*,,Inbound authentication failed because the client domain\user doesn't have submit permission.
    2012-02-03T14:10:14.613Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,18,x.x.x.x:25,x.x.x.x:34027,*,,User Name: test_ge@domain.domain.com
    2012-02-03T14:10:14.613Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,19,x.x.x.x:25,x.x.x.x:34027,*,Tarpit for '0.00:00:05',
    2012-02-03T14:10:19.613Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,20,x.x.x.x:25,x.x.x.x:34027,>,535 5.7.3 Authentication unsuccessful,
    2012-02-03T14:10:24.191Z,server-ex\Relay for IPs server-ex,08CEAF0F0B073E07,21,x.x.x.x:25,x.x.x.x:34027,<,quit,

    regards Reinhard

    Monday, February 6, 2012 3:19 PM
  • Monday, February 6, 2012 5:31 PM
  • If I configure the connector with externally secured, I can't do a "auth login".

    I explain what I like to do:

    A shop system outside, has to send mails through our exchange server. Our firewall is configured that only its ip can connect to the connector.
    On the old exchange 2003 the system sends auth login followed with login data and sends mail. But now on the new exchange 2010 I didn't get the connector to run with "auth login".

    Or is this a wrong way, to send mail through our mail server?

    regards Reinhard

    Tuesday, February 7, 2012 9:45 AM
  • I have to add "Exchange Users" to the "Permission Group", then it works. Thanks to Rich Matheisen


    • Marked as answer by Evan Liu Sunday, February 19, 2012 11:06 AM
    Wednesday, February 8, 2012 7:53 AM
  • Hi Reinhard,

    How can i add "Exchange Users" to the "Permission Group"? Can please share me the steps?

    Saturday, May 20, 2017 3:26 AM
  • Hi rockingyas,

    I Setup an new ReceiveConnector. On the properties Register Card 'Permission Groups' you have to select 'Exchange Users'.

    regards Reinhard

    • Proposed as answer by j0rt3g4 Wednesday, December 19, 2018 4:49 AM
    Monday, May 22, 2017 5:56 AM