<

Allow relaying on Exchange 2007 & Exchange 2010 in 4 easy steps

Published on
34,110 Points
12,810 Views
13 Endorsements
Last Modified:
Awarded
I have this application/website that needs to send emails, I have it configured to use our exchange server as SMTP. It can send emails to internal users without any problem however external ones are failing with a "550 5.7.1 Unable to relay" error

I have been answering this question, under different forms, so often on Experts Exchange lately that I have it copied on a notepad and end up by pasting it again every now and then, so let's see how to fix it.

First of all you should know that a mail server should be configure to unconditionally (not talking about spam/viruses here) accept emails sent to users in the SMTP domains it is serving. However, to avoid spamming others and being blacklisted, it should be very careful about who gets to send emails to other SMTP domains using its services, and that's what is called relaying.

This should explain why, in the above scenario, emails sent to internal users are received but not to external one, that is because Exchange is refusing to relay. To solve your problem and enable your application/web server to be able to send external emails, you should allow it (or its IP address) to relay emails through your Exchange server and here is how to do it in Microsoft Exchange 2007 and Microsoft Exchange 2010.

   1. Add another internal IP to your exchange server, say 1.1.1.1
   2. Create a new receive connector, configure it to listen only to the newly added IP address & accept SMTP connections only to the application\web server IP address. This can be done by GUI using Exchange Management Console or through Exchange Management Shell by running

      New-ReceiveConnector -Name AllowRelay -usage Custom -Bindings '1.1.1.1:25' -fqdn server.domain.com -RemoteIPRanges WebServerIpAddress -server MYEXCHANGESERVER -permissiongroups AnonymousUsers

   3. Now that the connector is created, you should allow relaying on that connector, this can only by achieved using Management Shell as shown below.

      Get-ReceiveConnector AllowRelay | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

   4. Finally configure your web server or Application to use the Exchange server's newly assigned IP 1.1.1.1 as SMTP server.

N.B.:Make sure to change the 1.1.1.1 by the additional IP you added to your Exchange server, WebServerIpAddress with the IP of your Webserver/application, MYEXCHANGESERVER by the name of your exchange 2007/2010 and server.domain.com by the FQDN of your exchange server.

Hope this clears out things a little bit

13
Comment
Author:Akhater
  • 3
  • 2
  • 2
  • +3
10 Comments
 

Expert Comment

by:proactech
Thanks very much for your swift response.

I should have added to my original question that I'm using Small Business Server 2008 (which I'm very new to), which is running Exchange 2007 and Backup Exec 12.5.

I'm confused about the need to add another internal IP to the server. Could you explain further please.

0
 
LVL 49

Author Comment

by:Akhater
If you need to allow relaying for a specific application you need to create a dedicated receive connector and enable relaying on that connector, that's why you need another IP address
0
 

Expert Comment

by:proactech
Thanks very much
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 

Expert Comment

by:Sw00p
Hi there

If creating an additional connector as per your instructions, does the default receive connector which is set to listen on all assigned IP addresses need to be changed to listen on a specific IP instead of all?

Thanks
0
 
LVL 49

Author Comment

by:Akhater
Hi Sw00p no there is not need to change the default SMTP connector.

"All unassigned IP addresses" means any IP not specified in another connector
0
 

Expert Comment

by:DEADSETONFINISHING
This appears to be a common problem. I spent about 8 hours hunting for solutions on the web. This is the only one that worked!

A lot of people mentioned that you should set up a new receive connector, but you are the only one that mentioned the need to bind it to a new ip address.

well done
0
 
LVL 2

Expert Comment

by:PSGITech
do i need to bind to a new ip?  I only have one card in the server.  I just tried this and it works find to insternal address but not outside addresses
0
 
LVL 49

Author Comment

by:Akhater
you can have 2 IPs on the same NIC, there is no need for another NIC
0
 
LVL 2

Expert Comment

by:PSGITech
if it works to install addresses doesn't that mean it is fine, just something else needs to be setup to send it out of the network?
0
 

Expert Comment

by:CDHhelpdesk
UPDATE - You dont have to use another IP address.  Just create the connector and run the Power Shell command to enable Relay Access.

The key is the powershell command for some reason.  I didnt have to do this with copiers, but with Symantec Backup Exec you seem to have to use the powershell command to get it to work.

0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Join & Write a Comment

This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month