I have the following set up:
1. SBS2003 server with Exchange 2003 SP2 installed. 2 local IP addresses on one NIC
2. A PIX 501 firewall connecting the Exchange server to the internet (SMTP fixup is off, port 25 forwarded to local IPs for each Exchange SMTP virtual server)
3. Exchange configured with 2 SMTP virtual servers, one with anonymous connections allowed for inbound internet mail traffic and one with basic authentication only for external POP3/SMTP mail clients. Each one answers on only one local IP address.
4. The primary external IP address is referenced in external dns as mail.domain.com with appropriate A and MX records.
5. The secondary external IP address has no DNS entries associated with it.
6. The inbound SMTP virtual server is configured as follows:
a. The test user is manually entered in the Users button on the Authentication box dialog.
b. No TLS or other encryption is specified
c. The Connection dialog is set to "All Except the List Below"
d. The Relay dialog is set to "All Except the List Below" and "Allow all users with successfully authenticate to relay..."
7. I've stopped and started both SMTP virtual servers and the SMTP service itself.
8. I can connect via telnet to the external IP address of the inbound SMTP VS and the test goes like this:
a. I enter "ehlo"
b. I enter "auth login"
c. I enter <encoded username> (with no domain/username or email@example.com)
d. I enter <encoded password>
e. Response from server "535 5.7.3 Authentication unsuccessful."
9. I've tried connecting via Outlook 2007 and Windows Mail without any luck. I've tried every domain and username combination I can think of (domain.internal and domain.com) and verified the username and password several times.
I'm down to wondering if there's a network transmission problem or something similar. I started looking at MTUs and the like but decided to ask for second opinions before I dust off Ethereal.
Am I missing something obvious here? Everything looks like it should work. Do I need a DNS A record for the second SMTP VS and the to configure that name in the Delivery - Advanced - FQDN field? Am I formatting the username incorrectly?