[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5771
  • Last Modified:

Mailbox unavailable. The server response was: 5.7.1 Unable to relay

I'm getting the above error message. My code is posted below.  The code below has worked fine for several months.

This last week, I started getting the error message stated in the title of the question.  
The mailserver and the website are hosted on 2 different servers.  

Anyone know why this has stopped working?  How I can fix it?

Dim mail As New MailMessage
Dim fromAddress As New MailAddress("me@mydomain.com")
mail.From = fromAddress 
mail.Subject = "blah"
mail.Body = "123, abc"

Dim mailClient As String = "myMailServer.com"
Dim smtp As New SmtpClient(mailClient)

Open in new window

  • 2
  • 2
2 Solutions
BobBarker_99Author Commented:
Oh, missing the last line...


If you're trying to relay via the Exchange Server (in other words, have it deliver mail to a domain it does not control), it's possible someone has reset the relay configuration and switched this behaviour off. An Exchange Server will accept mail in its default configuration for any email domains it is authoritative for, but for security reasons, it won't relay mail for other domains (this would turn it into a server abused by spammers).

What version of Exchange is the Exchange Server running, and how do you want to allow relay?

Probably the easiest method is to allow your web server's IP address to relay via the server. If Exchange 2003, do that by editing the SMTP Virtual Server and changing the Relay settings. More information at http://www.quantumsoftware.com.au/support/kb/Article.aspx?ID=50.

In Exchange 2007, this is a little more difficult. You'll need another Receive Connector, configured to accept mail from the web server's IP address, and with permissions granted to allow relay. See http://exchangepedia.com/blog/2007/01/exchange-server-2007-how-to-allow.html. Be sure to read all the security notes and ensure you understand what you are opening up before proceeding. Those notes should also apply to Exchange 2010.

BobBarker_99Author Commented:
I had tech services setup the recieve connector, and had them add the servers IP address.

My code is the same, except that I now also use authentication.
Dim myCred As new NetworkCredential("myLogin", "myPass")
smtp.Credentials = myCred

I now get the following exception:
Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send as this sender

Aha - that indicates a permission error on the receive connector. You actually need to give (or have tech services give) permissions to that user account on the receive connector.

The command you use at Exchange Management Shell to add the appropriate permissions to your Receive Connector would be as follows:

Get-ReceiveConnector "Name of Connector" | Add-ADPermission -user "DOMAIN\myLogin" -ExtendedRights "ms-Exch-SMTP-Submit ms-Exch-SMTP-Accept-Any-Recipient ms-Exch-SMTP-Accept-Any-Sender ms-Exch-SMTP-Accept-Authoritative-Domain-Sender"

In short, what the permissions you are granting there do is as follows:

* ms-Exch-SMTP-Submit allows the user myLogin to submit messages to the receive connector. Required for any communication to work properly
* ms-Exch-SMTP-Accept-Any-Recipient does the job of allowing relay. It allows any recipient to be sent to via the connector, bypassing Exchange's default behaviour of only accepting mail to domains it is authoritative for
* ms-Exch-SMTP-Accept-Any-Sender allows any sender address to be used - it bypasses sender field anti-spam checks
* ms-Exch-SMTP-Accept-Authoritative-Domain-Sender allows messages to be sent via the receive connector with the sender field set to an email address of another user on the network.

Take this example:

Application Server connects to receive connector as myLogin.
* Exchange allows connection by ms-Exch-SMTP-Submit (assuming correct credentials)
Application Server sends the MAIL FROM header and specifies a sender
* Exchange accepts the sender by default - ms-Exch-SMTP-Accept-Any-Sender doesn't force it to check the sender isn't banned in anti-spam lists
* However, if the sender was another user @yourdomain.com (Exchange being authoritative for yourdomain.com), this step would fail. This is because Exchange knows the authenticated user myLogin has email address myLogin@yourdomain.com. To bypass this and allow any sender @yourdomain.com, the ms-Exch-SMTP-Accept-Authoritative-Domain-Sender bypasses this, so the myLogin user can send messages pertaining to be from ANY user @yourdomain.com.
Application Servers sends RCPT TO and specifies the recipient.
* Exchange allows this, per the ms-Exch-SMTP-Accept-Any-Recipient permission
The session continues and the email is sent.

You may want to bypass the ms-Exch-SMTP-Accept-Any-Sender and Authoritative-Domain-Sender permissions, depending on your configuration. However, the above 4 permissions are those I most often find myself configuring, because applications need to send from many email addresses - noreply@yourdomain, service@yourdomain and so on.

Get-ReceiveConnector "Name of Connector" | Add-ADPermission -user "DOMAIN\myLogin" -ExtendedRights "ms-Exch-SMTP-Submit ms-Exch-SMTP-Accept-Any-Recipient ms-Exch-SMTP-Accept-Any-Sender ms-Exch-SMTP-Accept-Authoritative-Domain-Sender"

Open in new window


Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now