Exchange 2007: Unable to relay 'log'


Does exchange 2007 has a log where i can find the relay errors?

I have created a 'relay access' receive connector for an external server which is connected with a business 2 business vpn connection to our lan but the external server gets the 'unable to relay' error message when sending messages...
I've added a test server from our lan to the remote access list to test the relay access ant it works, but no success with the external server.

I'm not sure that the correct IP is added to the remote servers list.
So, does exchange has a log where i can find the relay erros, source ip's,..

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mahmoud SabrySenior IT Systems EngineerCommented:
find the below article by Akhater from Exchange experts

First of all you should know that a mail server should be configure to unconditionally (not talking about spam/viruses here) accept emails sent to users in the SMTP domains it is serving. However, to avoid spamming others and being blacklisted, it should be very careful about who gets to send emails to other SMTP domains using its services, and that's what is called relaying.

This should explain why, in the above scenario, emails sent to internal users are received but not to external one, that is because Exchange is refusing to relay. To solve your problem and enable your application/web server to be able to send external emails, you should allow it (or its IP address) to relay emails through your Exchange server and here is how to do it in Microsoft Exchange 2007 and Microsoft Exchange 2010.

   1. Add another internal IP to your exchange server, say
   2. Create a new receive connector, configure it to listen only to the newly added IP address & accept SMTP connections only to the application\web server IP address. This can be done by GUI using Exchange Management Console or through Exchange Management Shell by running

      New-ReceiveConnector -Name AllowRelay -usage Custom -Bindings '' -fqdn -RemoteIPRanges WebServerIpAddress -server MYEXCHANGESERVER -permissiongroups AnonymousUsers

   3. Now that the connector is created, you should allow relaying on that connector, this can only by achieved using Management Shell as shown below.

      Get-ReceiveConnector AllowRelay | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

   4. Finally configure your web server or Application to use the Exchange server's newly assigned IP as SMTP server.

N.B.:Make sure to change the by the additional IP you added to your Exchange server, WebServerIpAddress with the IP of your Webserver/application, MYEXCHANGESERVER by the name of your exchange 2007/2010 and by the FQDN of your exchange server.
Shreedhar EtteCommented:

Refer this article to configure relay:

Hope this helps,

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mahmoud SabrySenior IT Systems EngineerCommented:
to see the log for this, enable logging for the relay receive connector
 to do so, right click the rely connector, properties, in the protocol logging level, select verbose

look to the log in the logging path, by default C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs\ProtocolLog\SmtpReceive in the HUB transport server

look in to the log and verify that the ip of the remote SMTP is the IP address of your server
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

KozznAuthor Commented:
Thx all for the info,

i  have an edge transport server in the dmz, do i have to create the new receive connector also on the edge? or only on the exchange server?
Mahmoud SabrySenior IT Systems EngineerCommented:
make it in the HUB and it will replicate directly to Edge serevr

to force the replication
from HUB, using EMS
KozznAuthor Commented:
I had created the receive connector on the edge.
I removed it now on the edge, did a force repliciation command with the 'Start-EdgeSynchronization' on the hub but it won't appear in the receive connector on the edge...
Mahmoud SabrySenior IT Systems EngineerCommented:
did u created the new relay connector on the HUB?

it must be created first on the hub , then it will be replicated to the edge
KozznAuthor Commented:
I have created it first on the hub(exchange server), than i did a ''Start-EdgeSynchronization'  but it didn't appear on the edge.

On the hub, i added a second IP on the nic and assigned only that IP to the 'use these local ip-addresses to receive mail...' network tab in the receive connector i created before.
Is this the right way to configure it?
What IP address do i have to configure on the edge in the 'use these local ip-addresses to receive mail...' network tab in the receive connector?

Should I open port 25 to the second IP of the hub in our firewall?
KozznAuthor Commented:
It works, thx!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.