SMTP Relay Issues on Exchange 2003 for POP mail clients

Previously I was working with Windows 2003 SMTP mail service and could not get the relay restrictions from external clients to work. (See

I now have Exchange 2003 Server running in my test domain and ran into the same exact problem with external clients unable to authenticate for outgoing mail. With a POP3 client setup outside of the network, I would receive an error 550 5.7.1 unable to relay for unless I was sending to someone within my domain.

I have checked the settings on the Exchange server and ensured that the box is checked for allowing "..all computers which successfully authenticate to relay, regardless of the list above" under the Exchange 2003 MMC snap-in for SERVERS|PROTOCOLS|SMTP|DEFAULT SMTP VIRTUAL SERVER|ACCESS. However this did not resolve the issue until I checked the box "Allow messages to be relayed to these domains" under CONNECTORS|INTERNET MAIL SMTP CONNECTOR (Server)|ADDRESS SPACE.

When I did this, I received a the following warning:

"This option is only visible for SMTP connectors. Use this option to allow incoming messages to be relayed through the SMTP connector to the domains whose address spaces are listed on this tab. The default is to block relays, except from those users and computers that are able to authenticate. If your SMTP virtual server is on the Internet, you should leave relaying disabled in order to prevent your server from being used to propagate unsolicited commercial e-mail."

Why can't the POP mail clients relay with the first option? Why do I have to enable the second option on the SMTP connector? Is this right?

I have limitations on my external clients on accessing the Exchange Server. OWA via https works fine, but they have been used to using the Full Outlook client with our existing e-mail provider via POP Mail. I am trying move us away from the outsourcing of our e-mail with as little client impact as possible which is why I am messing with the POP mail configuration.

I am concerned about opening the server up for unsolicited relay but enabling the option under the SMTP connector. Please advise.
Who is Participating?
"504 5.7.4 Unrecognized authentication type" sounds like you don't have authentication enabled at all.

I have just tested it on another Exchange server and got the expected response.

Have you attempted to change the authentication settings in any way?

ESM, Servers, <your server>, Protocols, SMTP. Right click on the SMTP VS and choose Properties. On the access tab choose Authentication. Ensure that all three authentication types are enabled. DO NOT ENABLE Require TLS, as that will cause problems.

Apply/OK out.

Back on the Access tab, click on the relay button.
It should be set to "Only the list below" and the list below should be blank.

The option at the bottom about "All all computers..." can be enabled, however this leaves your server exposed to an authenticated user attack. You should secure it to lock the server down. This means creating a group of your users who will be relaying through the server. The idea being to EXCLUDE the administrator account, which is the account usually attacked in an authenticated user attack.

Apply/OK out.

Then drop in to a command prompt and type


and press enter.

The IIS system will reset.

Then try again.
If you continue to get the authentication error then something else could be interfering with the traffic.

If you have the option set on the SMTP Connector about allowing relaying to the domains, and the domain in the list is * then you are an open relay. Change the setting NOW. Otherwise you will be blacklisted and have a lot bigger problems to deal with when the server is found. You may also get kicked off the internet connection by your ISP.

POP3 should be the last protocol used for remote Exchange access. The order of preference is


When you configure the clients to authenticate when sending email, what format to you use for the username?


something else?

habanagoldAuthor Commented:
O.K. I have turned that off and I susupected as much but my relay problem goes away.However, with this off the problem is back again. External POP clients recieve the "550 5.7.1 unable to relay for".

I have use the credentials as, domain\username and when I run the Outlook test it works fine. However, when I try to send mail to someone in another domain, I get the error.

I posted my previous thread on this issue because I ran into the same problem trying to setup Windows 2003 Server mail service. The answer I got on this was that it was unsupported or not designed to function that way. I was told that if I went to Exchange, this would no longer be a problem.

I can't user RCP/HTTP because my prodution domain is still on W2K SP4 DC's. I wasted time trying to get this to work until I found that out. We don't have the money to upgrade which is why I am trying to get these other services to work.

What is stopping the clients from successfully authenticating to the Exchange Server with POP mail?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

The relay probably will return if you turn off that option because you are an open relay - no authenticate required. Anyone and their dog can relay off your server. If you worked for me and had set that option you would be looking for another job right now.

The authentication settings don't matter when you are sending to a user on the same domain because you are not relaying. Exchange will accept email for its own domain on an anonymous connection because that is how email is sent around the internet.

I have just read the thread that you posted in the question above. Some of what was posted I agreed with and some I did not. You can bounce email off the Windows SMTP service, you need to create accounts in Windows to use for authentication. I have the SMTP service installed on my web site's dedicated server so that I have a server on the internet that I can bounce email off.

When you are setting up the client you must specify authentication credentials. You cannot simply enable the option to authenticate and use the same credentials as POP3. The credentials are in a different format.

Ensure that on the SMTP virtual server in Exchange that anonymous and basic authentication is set.
Ensure that the option about authenticated relaying is set and you haven't set the server to allow relaying from an IP address.

You can actually test this from a telnet prompt. However it isn't pretty because SMTP authentication uses BASE64.
However this guide shows you what you need to do if you want to test it.

habanagoldAuthor Commented:
You suggestions are not very clear so I am doing the best that I can to determine what you mean. According to the point ratings, you seem to be very knowledgeable about this are but I must confess you are probably not a people person. The comment regarding me "looking for another job" was way out of line and uncalled for. In fact it insulted me and I do not wish to have anymore help from you unless you preface it with an apology. If you can't do that, I don't want your condescending help.
habanagoldAuthor Commented:
I am familar with using telnet to connect and test SMTP. However, in this case, when I type in the verb "auth login" I get the error "504 5.7.4 Unrecognized authentication type". Anyone else care to help?
You turned your server in to an open relay. Do you have any idea how serious that is?

Your company could have found itself without any email, no internet access and blacklisted making your email service unusable. Open relays are not acceptable by most ISPs because they are abused by spammers. In case you haven't noticed, the world is in a war against spam. Anyone who has had to deal with a full scale spam onslaught has very little sympathy for anyone who makes changes to their server that causes the spam problems to increase.

If you didn't like my remark, then I apologise. However it was made to make you aware of how serious I consider making a server an open relay.

This is a highly technical topic area. As such as experts we expect the people posting in the topic are to have some degree of technical knowledge.

This is not a how to web site and is unsuitable for that task as we cannot post screenshots. Very often you will be pointed at parts of Exchange or articles elsewhere that provide information on setting up parts of Exchange.

Also be aware that I am not sat in front of your server, have no idea on your technical knowledge or experience. Therefore I do not know what you are doing or what you have done to date. As experts we have to take a guess.
If something isn't clear to you then you have to post exactly what is not clear, otherwise we do not know.

SMTP Relay Issues on Exchange 2003 for POP mail clients
Possible correction!

I ran into this problem as well.

The above Accepted Solution almost fixed it!  I changed one element and everything works now.

From above, "...Access tab, click on the relay button. It should be set to "Only the list below" and the list below should be blank."

Access tab, Relay button; the list should be blank, but the radio button that worked for us was "All except the list below", rather than "Only the list below".

If Relay is set for "Only the list below", and the list is left blank--NO email gets through as the list has nothing.
Congratulations, you've just made yourself an open relay again.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.