SMTP Gateway will not relay

Posted on 2004-11-26
Last Modified: 2006-11-17
I have configured an SMTP gatway in my DMZ which has a remote domain (lets call it incoming and outgoing relay worked fine until I removed the server from the domain and placed it in a work group. now it tells me it cannot relay to external domains when I send a mail or telnet onto the box.

The exchange 2003 server has an smtp connector set to forward the mail to the smart host with the correct ip in brackets.

The smtp gateway has the IP addresses of both of my exchange servers in the "allow relay" under the "relay" section of the SMTP virtual server.

Any ideas?
Question by:JordansGhost
    LVL 6

    Expert Comment

    Just so you know moving exchange server from a domain is not supported by microsoft
    they only sugest was 258243 XADM: How to Back Up and Restore an Exchange 2000 Server Computer by Using the Windows Backup Program.
    If you are using DMZ i bat you are using a Firewall check if the smtp port is open from your exchange server to your SMART HOST in your DMZ.
    LVL 20

    Expert Comment

    - In Internet Services Manager, add the SMTP mail domain for which you want the Windows server to relay. To add the SMTP domain:
    a. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
    b. Expand the server you want, and then expand the default SMTP virtual server. By default, the default SMTP virtual server has a local domain with the fully qualified domain name for the server.
    c. To create the inbound SMTP mail domain, right-click Domains, point to New, and then click Domain.
    d. In New SMTP Domain Wizard, click Remote as the domain type, and then click Next.
    e. In Name, type the domain name of your SMTP mail domain for your Exchange organization.
    f. Click Finish.

    NOTE: step (b) above is important in your scenario since you removed your SMTP server from domain to workgroup

    - Configure the SMTP mail domain you just created for relay:
    a. In Internet Services Manager, right-click the SMTP mail domain, and then click Properties.
    b. Click Allow the Incoming mail to be Relayed to this Domain.
    c. Click Forward all e-mail to smart host, and then type the IP address in square brackets ([ ]) or the FQDN of the Exchange server responsible for receiving e-mail for the domain. For example, to enter an IP address, type []. d. Click OK.

    Author Comment

    Yomanex - I think you have the worng end of the stick

    ikm7176 - This is the way i set it up before, i removed it all and reconfigured SMTP as above and same effect incoming relay to remote domain works just fine. outbound mail fails saying my domain not allowed to relay. I think it might have something to do with checkpoint firewall hiding the IP of the mail server.
    LVL 20

    Expert Comment

    Hope your checkpoint firewall is not blocking the ports

    Post the NDR you are recieving
    LVL 20

    Accepted Solution

    what are the relay settings in your SMTP gateway server

    This step is for hosts, which are most likely your internal servers that would need to send to all domains on the Internet. It is not recommended to not have any restrictions because anyone can use your server as an open relay. It is recommended to only allow the minimum, necessary hosts to openly relay to all domains. To do so:
    1.      Open the properties of the Default SMTP Virtual Server.
    2.      On the Access tab, click Relay.
    3.      Click Only the list below, click Add, and then add the hosts that need to use this SMTP host to send email. On the dialog box that appears, you have the following options:
     -Single computer: Specify one particular host that you want to relay off of this server. If you click the DNS Lookup button, you can lookup an IP address of a specific host.
    -Group of computers: Specify a base IP address for the computers that you want to relay. You have to specify the octets in the IP address for hosts that you will allow to relay. For example: If the IP address is, and you want any hosts with the first two octets 192.68 to relay, specify for the subnet mask.
    -Domain: Select all of the computers in a domain by domain name that will openly relay. This option adds processing overhead, and might reduce the SMTP service performance because it includes reverse DNS lookups on all IP addresses that try to relay to verify their domain name.

    Author Comment

    Thanks for the advice. It turns out the checkpoint firewall was masking the internal IP of the exchange server behind the DMZ gateway. I've set it to not do this and it now works fine.

    Author Comment

    I will accept your answer ikm7176 as it clearly displays how to correclt set up an SMTP gatway. it just turned out my issue was the firewall.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    This video discusses moving either the default database or any database to a new volume.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now