Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 842
  • Last Modified:

SMTP Gateway will not relay

I have configured an SMTP gatway in my DMZ which has a remote domain (lets call it mydomain.org.uk) incoming and outgoing relay worked fine until I removed the server from the domain and placed it in a work group. now it tells me it cannot relay to external domains when I send a mail or telnet onto the box.

The exchange 2003 server has an smtp connector set to forward the mail to the smart host with the correct ip in brackets.

The smtp gateway has the IP addresses of both of my exchange servers in the "allow relay" under the "relay" section of the SMTP virtual server.

Any ideas?
  • 3
  • 3
1 Solution
Just so you know moving exchange server from a domain is not supported by microsoft
they only sugest was 258243 XADM: How to Back Up and Restore an Exchange 2000 Server Computer by Using the Windows Backup Program.
If you are using DMZ i bat you are using a Firewall check if the smtp port is open from your exchange server to your SMART HOST in your DMZ.
- In Internet Services Manager, add the SMTP mail domain for which you want the Windows server to relay. To add the SMTP domain:
a. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
b. Expand the server you want, and then expand the default SMTP virtual server. By default, the default SMTP virtual server has a local domain with the fully qualified domain name for the server.
c. To create the inbound SMTP mail domain, right-click Domains, point to New, and then click Domain.
d. In New SMTP Domain Wizard, click Remote as the domain type, and then click Next.
e. In Name, type the domain name of your SMTP mail domain for your Exchange organization.
f. Click Finish.

NOTE: step (b) above is important in your scenario since you removed your SMTP server from domain to workgroup

- Configure the SMTP mail domain you just created for relay:
a. In Internet Services Manager, right-click the SMTP mail domain, and then click Properties.
b. Click Allow the Incoming mail to be Relayed to this Domain.
c. Click Forward all e-mail to smart host, and then type the IP address in square brackets ([ ]) or the FQDN of the Exchange server responsible for receiving e-mail for the domain. For example, to enter an IP address, type []. d. Click OK.
JordansGhostAuthor Commented:
Yomanex - I think you have the worng end of the stick

ikm7176 - This is the way i set it up before, i removed it all and reconfigured SMTP as above and same effect incoming relay to remote domain works just fine. outbound mail fails saying my domain not allowed to relay. I think it might have something to do with checkpoint firewall hiding the IP of the mail server.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Hope your checkpoint firewall is not blocking the ports

Post the NDR you are recieving
what are the relay settings in your SMTP gateway server

This step is for hosts, which are most likely your internal servers that would need to send to all domains on the Internet. It is not recommended to not have any restrictions because anyone can use your server as an open relay. It is recommended to only allow the minimum, necessary hosts to openly relay to all domains. To do so:
1.      Open the properties of the Default SMTP Virtual Server.
2.      On the Access tab, click Relay.
3.      Click Only the list below, click Add, and then add the hosts that need to use this SMTP host to send email. On the dialog box that appears, you have the following options:
 -Single computer: Specify one particular host that you want to relay off of this server. If you click the DNS Lookup button, you can lookup an IP address of a specific host.
-Group of computers: Specify a base IP address for the computers that you want to relay. You have to specify the octets in the IP address for hosts that you will allow to relay. For example: If the IP address is, and you want any hosts with the first two octets 192.68 to relay, specify for the subnet mask.
-Domain: Select all of the computers in a domain by domain name that will openly relay. This option adds processing overhead, and might reduce the SMTP service performance because it includes reverse DNS lookups on all IP addresses that try to relay to verify their domain name.
JordansGhostAuthor Commented:
Thanks for the advice. It turns out the checkpoint firewall was masking the internal IP of the exchange server behind the DMZ gateway. I've set it to not do this and it now works fine.
JordansGhostAuthor Commented:
I will accept your answer ikm7176 as it clearly displays how to correclt set up an SMTP gatway. it just turned out my issue was the firewall.

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now