Announcement

Collapse
No announcement yet.

SMTP failing without anonymous

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SMTP failing without anonymous

    We've just implemented a new fresh install, alle server roles installed seperately!
    Edge is in the DMZ and subscribed to Hub in our Domain.

    I can Receive with POP3 and send internally with SMTP thru port25!
    When i try to send outside the company, i get an error message 5.7.1 Unable to relay!

    When i give the receive connector on the edge, the permission:

    add-adpermission -id "Default internal receieve connector servername" -user "NT AUTHORITY\ANONYMOUS LOGON" -extendedright "ms-exch-smtp-accept-any-recipient"

    Then i'm able to send outside! But this makes me computer an open relay system since i gave anonymous the permission to send to anyone outside the company!
    I have tried this using the "NT AUTHORITY\AUTHENTICATED USERS" but with this option i need to create the account also locally on the EDGE!! This doesn't make sence since i thaught that ADAM took care of this?

    Help is really appreciated!!!

    Greetings,

    Ivan Pudic

  • #2
    Re: SMTP failing without anonymous

    It seems that it is not so easy...
    In these days I read about it on Scott Landry's (an expert from Microsoft) blog In the first part of his article, in the Server roles section, he mention that "If the Edge server is not part of the domain, it cannot provide user-based authentication as easily.." and the server with Hub transport should handle the authentication, more exactly a receive connector configured on Hub has to be available for Internet users. As result they will be authenticated as Exchange users and authorised to send Internet emails.

    I consider this post a very interesting one and hope that there will other replays also.
    Regards,
    Csaba Papp
    MCSA+messaging, MCSE, CCNA
    ...............................
    Remember to give credit where credit is due and leave reputation points where appropriate
    .................................

    Comment


    • #3
      Re: SMTP failing without anonymous

      i understand but shouldn't the ADAM on the EDGE check for the authentication?
      or does the ADAM only check if the user exists on the domain?

      Comment


      • #4
        Re: SMTP failing without anonymous

        Exchange 2007 Edge is designed for DMZ and it dosn't have access to Active Directory, it just have access to ADAM, witch contains the transport rules, configurations and recipients from AD. These information are used for a
        AntiSpam protection and proper message flow. The EdgeSync service, running on Exchange 2007 HUB periodically updates ADAM. This is an one way replication and the Edge is not able to forward authentication requests coming from Internet. It is not run RADIUS or other authentication protocol
        Regards,
        Csaba Papp
        MCSA+messaging, MCSE, CCNA
        ...............................
        Remember to give credit where credit is due and leave reputation points where appropriate
        .................................

        Comment


        • #5
          Re: SMTP failing without anonymous

          so if i configure radius on the EDGE, this would be possible?
          Does it have any advantages to do this and to keep an EDGE server?

          Comment

          Working...
          X