Solved

550 Unable To Relay when webserver tries to send external email

Posted on 2009-04-13
5
544 Views
Last Modified: 2013-11-30
I have a web server that is located behind the DMZ interface of our firewall.  The website allows customers to send emails of collections lists.  I have allowed the web server smtp access to the exchange server in our internal network.  On the firewall audits I can see that the traffic is passing the firewall.  The web server will send the email to internal email addresses, but when it tries to send to external email addresses, the exchange server returns a 550 unable to relay error message.  I followed these directions from Microsoft (http://technet.microsoft.com/en-us/library/bb232021.aspx), but the server still will not email external users.  Any suggestions or assistance would be greatly appreciated.  
0
Comment
Question by:beefwilliams
  • 3
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
AClockworkTech earned 500 total points
ID: 24132797
I believe you have to add the Firewall's LAN interface to the allowed relay list in Exchange for this to work, depending on how your firewall is handling Masquerading from the DMZ network into your LAN.  Alternatively, you can use SMTP authentication.
0
 

Author Comment

by:beefwilliams
ID: 24137804
Thanks for the suggestion.  I added the firewall interface to the allow relay list in Exchange.  However, that change did not resolve the issue.  The program on the web server that handles the emailing will not allow me to enter in any type of user name so I don't know if authentication of any type will work.  
0
 

Author Comment

by:beefwilliams
ID: 24138659
I j ust noticed that the email address is not linked to an active directory user account.  Would that cause this problem?
0
 
LVL 5

Expert Comment

by:AClockworkTech
ID: 24139339
No, it should be fine.  Did you make sure to run the following code from the Exchange Management Shell?  Also make sure "Anonymous Users" is checked in the "Permissions" tab on the receive connector properties in the Console.
Get-ReceiveConnector "ServerName\Receive Connector Name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient" 

Open in new window

0
 

Author Comment

by:beefwilliams
ID: 24139521
After looking in the SmtpReceive logs, I noticed that instead of the DMZ firewall interface IP address, it had the firewall internal IP address listed.  Once I added the firewall internal ip as a receive connector, the external emailing problem was fixed.  Thanks again for your help!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question