550 5.7.1 Unable to relay


Im having a major problem with relaying email.  This is the scenario.

Im using helpdesk software on a server in the DMZ.  I need to reply to emails from the helpdesk software to external email addresses.  I can reply to internal emails from the helpdesk software with no problems.

On the Helpdesk software I have it setup for SMTP to point to my Exchange 2007 server on the LAN.  
I can telnet from my helpdesk server on port 25 to the Exchange server and from the Exchange to the helpdesk server with no problems.
I have setup a Receive Connector in Exchange and have the remote server as the Helpdesk server.  And have the Anonymous users selected.

I have followed the following below
And had no luck.

The error I get in the log of the Helpdesk software is
550 5.7.1 Unable to relay

Any help on this would be great.
Who is Participating?
SpuddistConnect With a Mentor Author Commented:
Ive enabled SMTP on the helpdesk server and pointed the software to the helpdesk server rather the the email server.  All works now.
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Why is the helpdesk server in the DMZ?
SpuddistAuthor Commented:
Because its open to the net for external users to login and make requests.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Do you have the option for the helpdesk software to use a specific username and password to send the emails with? I'd advise against ever allowing anonymous authentication for a server that's on the DMZ. If the server was inside the organisation and protected pretty heavily from outside access, then maybe let it relay anonymously, but definitely not from the DMZ.

Having said that, i'm surprised to see that the anonymous authentication doesn't work if you've put the helpdesk server in the receive connector for relaying. Have you made sure that the Receive Connector is Enabled in the Exchange console?

You've said that you can telnet to port 25 on the exchange server, but have you tried submitting mail over the telnet session?
SpuddistAuthor Commented:
Yes there's an option for a username and password.  Ive tried with that as well and no luck.
Ive just tried anonymous just to see if I could get it going.

The connector is enabled.  I never had it disabled.

Just tried the sending from telnet and it failed with the following error.
550 5.7.1 Unable to relay
I have Outlook 2007 installed on the Helpdesk server and it can send and receive emails no problems.

Do you think this could be a permissions issue?

It sounds like more of a Receive Connector issue than a permissions issue. What it sounds like, is that if you've correctly setup the Receive Connector and it's Enabled, for one reason or another it's not being selected as the active one when you're connecting to exchange from the Helpdesk server. Being unable to connect with a username and password from the server itself also sounds strange - if you can connect with Outlook 2007 then there's no reason the same username and password shouldn't be able to send via SMTP to the Exchange Server.

Here are a couple of things to check:
In the Exchange Console, go to Server Configuration -> Hub Transport
Check all Enabled Receive Connectors, and ensure that ONLY ONE has Port 25 enabled (in the Network tab)
If more than one Receive Connector has port 25 enabled, then it's possible that the wrong connector is accepting the connection, and refusing relay because the other connector has the correct IP setup and "anonymous users" selected. So, make sure that there's only one connector setup on Port 25.

Once you're sure that only one connector has Port 25 'enabled', click the Permission Groups tab and ensure that "Anonymous users" is selected.
Run this command from the Exchange Management Shell:
Get-ReceiveConnector "Receive Connector Name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Do you know what identity the Helpdesk server actually runs under - is it NETWORK SERVICE or something along those lines, or have you specified another user for it to logon with? It might also be worth trying to add the username under which helpdesk runs, like so:

Get-ReceiveConnector "Receive Connector Name" | Add-ADPermission -User "HELPDESKSERVER\USERNAME" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Where "HELPDESKSERVER" is the machine name of your helpdesk server, and USERNAME is the username under which the helpdesk application runs.
SpuddistAuthor Commented:
I have 4 Connectors in the Receive Connectors tab.
Client Exchange Server \ port 587\, - -\ Exchange User
Default Exchange server \Port 25 \  - -\ Anonymous users, exchange Users, Exchange servers, Legacy Exchange Servers
Mimecast Inbound \ Port 25\ Mimecast IPs\ Anonymous
Then I have the new connector which is the  helpdesk\ port 25\ helpdesk server IP\ Anonymous

The service is running under the Locasl system.  
I will try these commands now.  Sorry for the late reply I was stuck in a meeting.

SpuddistAuthor Commented:
As you can see there are another two connectors with port 25.  3 including the new helpdesk one. I cant disable them at the moment as people are using them so I will do it tonight.  And try again.

i tried running that command with the server name and username and no luck it comes up with the following.  It doesnt recoginsed the server and username.

[PS] C:\Windows\System32>Get-ReceiveConnector "Helpdesk" | Add-ADPermission -
User "helpdeskserver\helpdesk" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
Add-ADPermission : User or group "helpdeskserver\helpdesk" was not found. Please make sur
e you have typed it correctly.
At line:1 char:54
+ Get-ReceiveConnector "Servicedesk" | Add-ADPermission  <<<< -User "mars\helpd
esk" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
SpuddistAuthor Commented:
I disabled the other receive connectors that had port 25 and tried it and it didnt work.  Ive given up and Im going to enable SMTP on the helpdesk server.  
Thanks Vixtro for the help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.