Announcement

Collapse
No announcement yet.

SMTP external relay question

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SMTP external relay question

    My setup is as follow:
    - Exchange 2010 SP1 on an internal subnet (like 192.168.1.1)
    - A web server on a DMZ so a different subnet with an application that sends mail (Easymail SMTP express)

    There is a possiblity for the application to determine a fixed route, so I want to route all emails to my Exchange box.
    It gives me a 550 5.7.1 Unable to relay error.

    I created a custom receive connector on my Exchange box with theses parameters:
    - DMZ IP of the web server in the network tab for receive
    - No authentications elected
    - Anonymous users selected
    - Get-ReceiveConnector "External Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient" was ran

    Still does not work. I even tried a custom connector with Externally secured and Exchange Servers (which should grant more access) and it still doesn't work. What I notice in the log is that the traffic always goes through the Default connector.


    What am I missing?

  • #2
    Re: SMTP external relay question

    You have followed this guide:
    http://technet.microsoft.com/en-us/l.../bb232021.aspx
    Did you restart Transport after setting it up?

    If it is exactly as this Technet article then enable Receive Logging (again restart Transport) and see how the IP address appears to Exchange.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: SMTP external relay question

      I followed the guidelines indeed. I saw in the log that the ip is in fact the gateway not the ip of the DMZ box. So I put it in the connector and the relay works.

      But my problem is the smtp banner is not the one from the connector but the one from the DMZ box which causes problem.

      Comment


      • #4
        Re: SMTP external relay question

        You should check that you haven't turned the server in to an open relay, if the address is appearing as the gateway and not the device. That would tend to point to a configuration error on your part.

        I don't understand what you mean by " smtp banner is not the one from the connector but the one from the DMZ box "

        If you are relaying email through the server then the SMTP banner that appears to external senders will be from Exchange.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: SMTP external relay question

          Well if I route the traffic from my DMZ box to my Exchange server it should go through the gateway no? That is why I see the gateway IP in the logs and not the DMZ IP.

          What I mean by SMTP banner I mean the HELO command. If I don't route the DMZ emailt raffic the HELO command is the server name and not my MX record which some server refuse

          Comment


          • #6
            Re: SMTP external relay question

            If the traffic is being routed through your gateway then it should appear as coming from the actual host - not the gateway. Otherwise how will Exchange know that you actually mean that host in the DMZ and not some other random host on the Internet?

            You need to check the gateway configuration carefully.

            With regards to the SMTP banner etc, I still don't understand what the issue is here.
            If you are routing email through Exchange, then the ONLY SMTP FQDN that matters is the one on the Send Connector that sends email to the Internet. That FQDN does need to resolve, preferably to the PTR on your external IP address. Has nothing to do with the MX record.
            The FQDN value on the receive connector has nothing to do with email delivery to external hosts, neither does the FQDN on the whatever application is sending email to Exchange.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment

            Working...
            X