Solved

Relaying denied based on private IP address

Posted on 2009-07-13
12
604 Views
Last Modified: 2012-05-07
Hey guys.

I'm trying to set up frontbridge (exchange hosted spam filtration) as a smart host on my exch07 machine.. Now I know how to set up a smart host but when I push email to mail.messaging.microsoft.com (outbound mail server)I get a relaying denied error.

Exchange hosted services requires me to have my outbound IP address registered with them..It is..however, the bounce email shows that they are checking the INTERNAL ip address of my exch07 server. (192.168.0.50)..I cannot add an internally non routed IP address to their service...so I guess I need to be able to change the REPORTED Ip in exchange 2007..anyone know how to do that?

me@mycompany.com
mail199-sin.bigfish.com #554 <me@mycompany.com>: Relay access denied ##

Original message headers:

Received: from exch07svr.clientsurl.com ([192.168.0.50]) by exch07svr.clientsurl.com
 ([192.168.0.50]) with mapi; Mon, 13 Jul 2009 11:49:31 -0700
From: Administrator <Administrator@clientsurl.com>


0
Comment
Question by:MultiTrends
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 27

Expert Comment

by:shauncroucher
ID: 24843085
This portion of the header is showing your server accepting the mail you have sent using Outlook. It is not showing the conversation between your server and the smarthost.

You should be able to use Outlook Express / Windows mail with the credentials you have been given to authenticate with and this will eliminate any configuration on Exchange. I suspect either the credentials are not correct OR your external IP has not been registered with them (have you checked the IP that your exchange server uses and double checked with them that they have it registered?).

Shaun
0
 
LVL 2

Author Comment

by:MultiTrends
ID: 24843192
No, this is the bounced email. The correct external IP is registered with Frontbridge. However, the only thing I can see is that in the bounce, the private IP is listed. I cannot list a private IP with frontbridge.

THere are not supposed to be any credentials with Frontbridge. It's an 'open' relay, open meaning, they only allow inbound connections from IPs they have listed in their DB.
0
 
LVL 2

Author Comment

by:MultiTrends
ID: 24843201
Oh and no, i'm not going to configure each workstations copy of outlook to use an outbound mail server other than my exchange server.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:shauncroucher
ID: 24843217
So what happens when you run a telnet SMTP test? At what stage do you get the failure? It sounds like an issue their end to me.

0
 
LVL 2

Author Comment

by:MultiTrends
ID: 24843286
When I manually telnet to the FB servers from inside it does the same deal (manually submitting an email)..

It's totally on their end but they are dumb and can't figure that out so i'm trying to work around the issue.
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 24843338
so at what stage do you get the error when using telnet test? EHLO / RCPT TO / MAIL FROM?

If this is issuing an error, you will not be able to workaround the issue. Your best bet will be to call them and say you have tested the facility using telnet (the most basic way to test the service) and this has failed. They cannot give you any reason then why it should not work.

Do you have multiple external IP addresses by the way, sometimes a firewall IP address can be seen with outbound IP's instead of the one you are using for your mail server. Just a secondary thought.

Shaun
0
 
LVL 2

Author Comment

by:MultiTrends
ID: 24843500
RCPT to is the last line..as soon as you ID that you're relaying it tosses you.

It's definitely 100% their issue.. I've registered my IP like they want and it still doesn't work.

Only reason I'm doing this is because telus found it prudent to block emails from our domain for reasons unknown and doesn't provide a number or service center or techsupport techs that know anything...

nor do they indicate who their blacklist provider is or even a suggestion as to what I can do to remove this domain from their apparent blacklist (even though we're clean and not on any other blacklists)
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 24843606
Your domain will not be blacklisted. Blacklists work on IP address.

You can see if your IP is on common blacklists by using mxtoolbox.com facility

In any case, if your smarthost provider is offering a facility where they allow you to relay mail to them by adding your IP address to their system they are the ones you need to speak with by the sounds of things.

Shaun
0
 
LVL 2

Author Comment

by:MultiTrends
ID: 24843639
Yeah I know we are 100% of blacklists..except the 'value added solution' from telus.. Which they provide no information on even to their own techs. If you're on it, your screwed pretty much.
0
 
LVL 2

Author Comment

by:MultiTrends
ID: 24843651
I'm kind of thinking of setting up a relay agent on our secondary connection which happens to be telus, so our client can forward emails destined for a telus address to our smart host which relays in to their own mail servers..lets see them blacklist their own email servers.
0
 
LVL 27

Accepted Solution

by:
shauncroucher earned 500 total points
ID: 24843679
If you are having trouble delivering mail to telus users, you could use a smarthost yes, this should work as the mail will not be seen as coming from your IP address.

Shaun
0
 
LVL 2

Author Comment

by:MultiTrends
ID: 24851324
sweet hey-zeus they figured it out. Only took them two days too.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question