Exchange 2010 - Receive Connector for Anonymous access (ip restrictions) issues...

Mathiau
Mathiau used Ask the Experts™
on
Hello,


to get to the point.

we have 2 seperate networks

1. Server network on        1.1.1.1
2. Workstation network    2.2.2.2

On the Workstation network we have ouir DC's and an Exchange 2010 box.

We have an MSSQL 2008 R2 system on the Server network that runs the reporting services that needs to send out emails to external clients.

Since through the GUI you cant not set Authentication methods (which is beyond me why... and have to do it via editing files) i wanted to allow the MSSQL server to send emails through our exchange server and out to the world, also later some other servers can make use of this Connector and all i have to do is allow the IP in.

My understanding is i just needed to create a new Receive Connector, allowing Anonymous access and no authentication. I did this, created it, assigned it a seperate internal IP on a 2nd NIC i put in, and then did my port forward rules on the firewall.

So right now i have hosted:

Main Exchange system 3.3.3.3
New receive connector on 4.4.4.4

I have restarted the transport role and the entire exchange server, but no matter what, I can either not connect, in outlook testing i get a "service not availible error", or i get a "relaying is not allowed" error, which it should be no?

Our main Exchange server accepted domain is say  email.eu , and then sending address of the test account is noreply@sending.eu

Just to double check i redid the Receive Connector

Name: External Servers
Intended use: Internet

Local Network Settings

Added the internal IP not in use and removed the "all availible"

10.0.1.3 port 25   (other receive connectors run on 10.0.1.2)
network
FQDN i made the same as the other receive connectors

mail.mail.eu

Completes successfully.

 permissions
 Authentication

What am i doing wrong?

I wish to use IP restirction to allow a system to relay through this server or not.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
i found this guide

http://exchangeserverpro.com/how-to-configure-a-relay-connector-for-exchange-server-2010

and i used the authentication settings


Select the Permission Groups tab and tick the Exchange Servers box.

Select the Authentication Tab and tick the Externally Secured box.


and so far it could be working, but that doesnt seem like the correct settings to be using?

Author

Commented:
Appears as though it is working now, sent emails from

noreply@sending.eu are making it out to hotmail and gmail now with those settings.


Select the Permission Groups tab and tick the Exchange Servers box.

Select the Authentication Tab and tick the Externally Secured box.

and not using the "anonymous" setting.
Senior System Engineer
Commented:
You need to create a new receive connector and give relay permission to the application box.

simply follow :
http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx
http://blogs.technet.com/b/exchange/archive/2006/11/17/3397307.aspx

Thanks

Author

Commented:
So i now have a postfix server but it wont connect, i assume this is because it is not an exchange server or using the same protocols.....


http://www.experts-exchange.com/OS/Linux/Q_27249240.html
SurajSenior System Engineer

Commented:
You mean you have a post fix between the application and the exchange server ?

Author

Commented:
Yes, for this other set up it is

Game server  ---> sends emails to the postfix server -----> sends to the Exchange.

Game server and postfix on on the same LAN and IP network in a co-location, exchange is in our offices.

by simply checking off the "Anonymous" permission it appears to be working, was reading something about post fix not being enabled by default to use

"The Exchange Server will offer GSSAPI (Kerberos) but it seems that Cyrus SASL providing authentication service to Postfix was not configured to handle GSSAPI."

So this error would occur with trying to use authentication

(delivery temporarily suspended: SASL authentication failed: server mail.mail.com[1.1.1.1] offered no compatible authentication mechanisms for this type of connection security)

so even using authentication it would fail, with had failed, i assume enablding the Anonymous permission this then allows SASL connections....

Author

Commented:
got me going in the right direction.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial