Solved

550 Unable To Relay when webserver tries to send external email

Posted on 2009-04-13
5
518 Views
Last Modified: 2013-11-30
I have a web server that is located behind the DMZ interface of our firewall.  The website allows customers to send emails of collections lists.  I have allowed the web server smtp access to the exchange server in our internal network.  On the firewall audits I can see that the traffic is passing the firewall.  The web server will send the email to internal email addresses, but when it tries to send to external email addresses, the exchange server returns a 550 unable to relay error message.  I followed these directions from Microsoft (http://technet.microsoft.com/en-us/library/bb232021.aspx), but the server still will not email external users.  Any suggestions or assistance would be greatly appreciated.  
0
Comment
Question by:beefwilliams
  • 3
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
AClockworkTech earned 500 total points
ID: 24132797
I believe you have to add the Firewall's LAN interface to the allowed relay list in Exchange for this to work, depending on how your firewall is handling Masquerading from the DMZ network into your LAN.  Alternatively, you can use SMTP authentication.
0
 

Author Comment

by:beefwilliams
ID: 24137804
Thanks for the suggestion.  I added the firewall interface to the allow relay list in Exchange.  However, that change did not resolve the issue.  The program on the web server that handles the emailing will not allow me to enter in any type of user name so I don't know if authentication of any type will work.  
0
 

Author Comment

by:beefwilliams
ID: 24138659
I j ust noticed that the email address is not linked to an active directory user account.  Would that cause this problem?
0
 
LVL 5

Expert Comment

by:AClockworkTech
ID: 24139339
No, it should be fine.  Did you make sure to run the following code from the Exchange Management Shell?  Also make sure "Anonymous Users" is checked in the "Permissions" tab on the receive connector properties in the Console.
Get-ReceiveConnector "ServerName\Receive Connector Name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient" 

Open in new window

0
 

Author Comment

by:beefwilliams
ID: 24139521
After looking in the SmtpReceive logs, I noticed that instead of the DMZ firewall interface IP address, it had the firewall internal IP address listed.  Once I added the firewall internal ip as a receive connector, the external emailing problem was fixed.  Thanks again for your help!
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now