Solved

Exchange 2007 Wont Relay

Posted on 2009-05-19
19
992 Views
Last Modified: 2012-06-27
I am trying to setup a simple application relay through the Exchange 2007 Server and it is giving me nothing but a headache. I have followed the directions in this link backwards and forwards and can not get it to work.
http://msexchangeteam.com/archive/2006/12/28/432013.aspx 
I tried both option 1 and option 2. I had a feeling it may be related to the fact that the local IP's and the remote IPs are in the same network. I originally had the remote IPs setup to include the entire LAN then I cut it back to just the two IPs I was testing with. When I telnet into the server I can get to the RCPT to: section and then it errors out with the 550 5.7.1 Unable to relay for....
I have restarted the Transport service in the hope that might help but no joy. Any help would be appreciated.
0
Comment
Question by:m_m_cooper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
  • 3
19 Comments
 
LVL 5

Expert Comment

by:Neranel
ID: 24425595
Have you setup a specific receive connector for the source of your relay?  With Exchange 2007 you need difference receive connectors.
0
 
LVL 5

Expert Comment

by:Neranel
ID: 24425605
See this for more information on the setup of the additional receive connector
 
http://msexchangeteam.com/archive/2006/12/28/432013.aspx  
0
 

Author Comment

by:m_m_cooper
ID: 24425613
Yes. As the link suggest I setup a recieve connector specifically for the relay.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 5

Expert Comment

by:Neranel
ID: 24425627
Wow, i just gave you the same link, sorry.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24425636
Just specify the application server IP address in the remote network settings in the wizard. It's pretty simple as it says in the link.

Rajith.
0
 

Author Comment

by:m_m_cooper
ID: 24425645
Tried that
0
 
LVL 5

Expert Comment

by:Neranel
ID: 24425646

Here is the 5.7.1 error.  Make sure you allow connections from all sources on your receive connector.  Its rejecting the relay because it is failing authentication.
5.7.1

General access denied error (the sender of the message does not have privileges necessary to complete delivery).

Check privileges for the sender and resend the message.
0
 
LVL 5

Expert Comment

by:Neranel
ID: 24425664
this page is wrong in the link
http://msexchangeteam.com/photos/postpictures2/images/432010/original.aspx
go to that page on your receive connector and check everything, but anonymouse users should be enough, but some application servers need the others.
0
 
LVL 5

Expert Comment

by:Neranel
ID: 24425677
unless you can provide SMTP Authentication from the sending application you need to open the permissions as explained in my previous post.
0
 

Author Comment

by:m_m_cooper
ID: 24425679
The sender is anonymous. As the link suggests I enabled this in the receive connector.
0
 
LVL 5

Expert Comment

by:Neranel
ID: 24425855
then you should be working, can you post the exchange logs?
0
 

Author Comment

by:m_m_cooper
ID: 24426375
I checked the event log and I am getting "Receive connector 0.0.0.0:25 requires Transport Layer Security (TLS) before the MailFrom command can be run, but the server can't achieve it. Check the authentication settings of this connector." when I try to telnet into the server and send a message. I removed TLS from the connector I want to use but it seems like the other connector is taking precedence.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24429448
As the link says, there are two options. Either to use "Exchange Users" in permission group and TLS & Externally Secured in authentication tab.

OR

Anonymous in permission group and TLS in authentication tab. Don't mix both options. If you can, pose the snapshots of all tabs.

And restart the MS Exchange Transport Service.
0
 
LVL 5

Expert Comment

by:Neranel
ID: 24431126
have you added the relay permission to the connector?
 

Get-ReceiveConnector "CRM Application" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Open in new window

0
 

Author Comment

by:m_m_cooper
ID: 24431999
Rajit- It says to use "Exchange server" and yes I have tried both methods.
Just now I have repeated both methods to verify it did not work. Attached are the screens from the tabs.
Neranel- I did run that command in the Exchange Shell

Relay.docx
0
 

Author Comment

by:m_m_cooper
ID: 24432030
Rajit- I also restarted the transport service after each configuration change.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24432450
Is the application using an authenticated session?
0
 

Author Comment

by:m_m_cooper
ID: 24445993
no I don't think so. The APC asks for a from address but no password.
0
 

Accepted Solution

by:
m_m_cooper earned 0 total points
ID: 24447189
Finally figured this dang thing out. We had installed the Server 2003 SMTP service. Once we removed it everything worked just like the article said it should. Thanks.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question