exchange 2007: how to allow authencated user to relay?

I would like to know how to allow authenticated user to relay through our exchange 2007 server.
But not open relay.
okamonAsked:
Who is Participating?
 
ckeshavSr. Infrastructure SpecialistCommented:
This will not work because you are trying to use your SMTP server which is authoritative to send mails from your domain(say abc.om), but you are trying to send out mails from your Exchange server but the From ID would be of your customer domain(say xyz.com) Your STMP server will accept mails as you have allowed relay but it will you to change the From Domain to send mail.
You may to add your customer domain in the authoritative domain and try sending the mail

I'm not sure of your exact setup. It is better you post the exact setup while posting the question.
From my understanding you don't have any relay server or Edge server. If you have then what I'm suggesting above would not be relevant

0
 
ckeshavSr. Infrastructure SpecialistCommented:
What is the exact requirement.
Authenticated user are not required to relay they are authenticated to send mail.
But still you can create a different receive connector and add the IP's of the system from which the user wants to send mail. I'm not sure if this is your requirement.
0
 
Jamie McKillopIT ManagerCommented:
Hello,

The default client receive connector is configured on port 587. Make sure your mail client is set to use that port and it should work.

JJ
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
MbhushanCommented:
Thats true, Authenticated user are not required to relay they are authenticated to send mail.


It is required to Create a Receive Connector that Grants Anonymous Relay Permission  to Specific Source IP Addresses

For example, to create a new Receive connector named "Our Relay Connector" that listens on local IP address 10.5.2.10 on port 25 from a source server at IP address 10.5.5.110, run the following command

New-ReceiveConnector -Name "Our Relay Connector" -Usage Custom -PermissionGroups AnonymousUsers -Bindings 10.5.2.10 -RemoteIpRanges 10.5.5.110
0
 
okamonAuthor Commented:
I thought that too, but it was not working for me. Here is my situation, I am configuring a software on a customer server. And since they don't have SMTP server to use, so I used our smtp server.
I specify our smtp server's internet FQDN(ex:mail.abc.com) and enter my domain user name and password. I don't have problem sending email to any internal users(user@abc.com), BUT I cannot send mail to external user (for ex: xyz.com). Note, The port 25 is not blocked by their ISP
0
 
Jamie McKillopIT ManagerCommented:
@ckeshav

What you have posted is incorrect. If the client is permitted to relay, the from domain does not matter. This could cause some issues with anti-spam solutions but it would not prevent Exchange from relaying the message.

The problem here is that the Default receive connected on port 25 is setup by default with Exchange Server authentication. This is intended so that only Exchange servers themselves can use the connector. There is a Client receive connector that is setup by default on port 587 that has basic and integrated authentication enabled by default. You can either change the sending server to use port 587 to send to your server or change the security on the default receive connector so that Basic Authentication is enabled.

JJ
0
 
ckeshavSr. Infrastructure SpecialistCommented:
JJ - Please try to understand the requirement.

He is trying to send a mail from some application outside his environment, using his SMTP server but the from ID would be of the customer. I'm not sure if he has a relay server or Edge server in between.
If his directly connecting to a Internet facing CAS server, this would not work and that is the reason it is not working.
0
 
Jamie McKillopIT ManagerCommented:
I understand his requirement and what you said is still wrong. As long as the receive connector is setup correctly and he is authenticating, he will be able to relay, regarless of what From address he uses.

JJ
0
 
okamonAuthor Commented:
.
0
 
MbhushanCommented:
Test open relay

Telnet to mail.myserver.com at port 25 and issue all the following commands:
helo client.server.com
mail from: user@yourdmian.com
rcpt to: mbhushan@hotmail.com

telnet mail.myserver.com 25

Output:

Trying 202.51.x.xxx...
Connected to mail.myserver.com.
Escape character is '^]'.
220 mail.myserver.com ESMTP Postfix
helo client.server.com
250 mail.myserver.com
mail from: user@yourdmian.com
250 Ok
rcpt to: mbhushan@hotmail.com
554 : Relay access denied

As you see access denied to send email i.e. my mail server is NOT open relay.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.