550 5.7.1 Unable to relay


Im having a major problem with relaying email.  This is the scenario.

Im using helpdesk software on a server in the DMZ.  I need to reply to emails from the helpdesk software to external email addresses.  I can reply to internal emails from the helpdesk software with no problems.

On the Helpdesk software I have it setup for SMTP to point to my Exchange 2007 server on the LAN.  
I can telnet from my helpdesk server on port 25 to the Exchange server and from the Exchange to the helpdesk server with no problems.
I have setup a Receive Connector in Exchange and have the remote server as the Helpdesk server.  And have the Anonymous users selected.

I have followed the following below
And had no luck.

The error I get in the log of the Helpdesk software is
550 5.7.1 Unable to relay

Any help on this would be great.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Why is the helpdesk server in the DMZ?
SpuddistAuthor Commented:
Because its open to the net for external users to login and make requests.
Do you have the option for the helpdesk software to use a specific username and password to send the emails with? I'd advise against ever allowing anonymous authentication for a server that's on the DMZ. If the server was inside the organisation and protected pretty heavily from outside access, then maybe let it relay anonymously, but definitely not from the DMZ.

Having said that, i'm surprised to see that the anonymous authentication doesn't work if you've put the helpdesk server in the receive connector for relaying. Have you made sure that the Receive Connector is Enabled in the Exchange console?

You've said that you can telnet to port 25 on the exchange server, but have you tried submitting mail over the telnet session?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

SpuddistAuthor Commented:
Yes there's an option for a username and password.  Ive tried with that as well and no luck.
Ive just tried anonymous just to see if I could get it going.

The connector is enabled.  I never had it disabled.

Just tried the sending from telnet and it failed with the following error.
550 5.7.1 Unable to relay
I have Outlook 2007 installed on the Helpdesk server and it can send and receive emails no problems.

Do you think this could be a permissions issue?

It sounds like more of a Receive Connector issue than a permissions issue. What it sounds like, is that if you've correctly setup the Receive Connector and it's Enabled, for one reason or another it's not being selected as the active one when you're connecting to exchange from the Helpdesk server. Being unable to connect with a username and password from the server itself also sounds strange - if you can connect with Outlook 2007 then there's no reason the same username and password shouldn't be able to send via SMTP to the Exchange Server.

Here are a couple of things to check:
In the Exchange Console, go to Server Configuration -> Hub Transport
Check all Enabled Receive Connectors, and ensure that ONLY ONE has Port 25 enabled (in the Network tab)
If more than one Receive Connector has port 25 enabled, then it's possible that the wrong connector is accepting the connection, and refusing relay because the other connector has the correct IP setup and "anonymous users" selected. So, make sure that there's only one connector setup on Port 25.

Once you're sure that only one connector has Port 25 'enabled', click the Permission Groups tab and ensure that "Anonymous users" is selected.
Run this command from the Exchange Management Shell:
Get-ReceiveConnector "Receive Connector Name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Do you know what identity the Helpdesk server actually runs under - is it NETWORK SERVICE or something along those lines, or have you specified another user for it to logon with? It might also be worth trying to add the username under which helpdesk runs, like so:

Get-ReceiveConnector "Receive Connector Name" | Add-ADPermission -User "HELPDESKSERVER\USERNAME" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Where "HELPDESKSERVER" is the machine name of your helpdesk server, and USERNAME is the username under which the helpdesk application runs.
SpuddistAuthor Commented:
I have 4 Connectors in the Receive Connectors tab.
Client Exchange Server \ port 587\, - -\ Exchange User
Default Exchange server \Port 25 \  - -\ Anonymous users, exchange Users, Exchange servers, Legacy Exchange Servers
Mimecast Inbound \ Port 25\ Mimecast IPs\ Anonymous
Then I have the new connector which is the  helpdesk\ port 25\ helpdesk server IP\ Anonymous

The service is running under the Locasl system.  
I will try these commands now.  Sorry for the late reply I was stuck in a meeting.

SpuddistAuthor Commented:
As you can see there are another two connectors with port 25.  3 including the new helpdesk one. I cant disable them at the moment as people are using them so I will do it tonight.  And try again.

i tried running that command with the server name and username and no luck it comes up with the following.  It doesnt recoginsed the server and username.

[PS] C:\Windows\System32>Get-ReceiveConnector "Helpdesk" | Add-ADPermission -
User "helpdeskserver\helpdesk" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
Add-ADPermission : User or group "helpdeskserver\helpdesk" was not found. Please make sur
e you have typed it correctly.
At line:1 char:54
+ Get-ReceiveConnector "Servicedesk" | Add-ADPermission  <<<< -User "mars\helpd
esk" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
SpuddistAuthor Commented:
I disabled the other receive connectors that had port 25 and tried it and it didnt work.  Ive given up and Im going to enable SMTP on the helpdesk server.  
Thanks Vixtro for the help.
SpuddistAuthor Commented:
Ive enabled SMTP on the helpdesk server and pointed the software to the helpdesk server rather the the email server.  All works now.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.