External Relay Setup User Authentication

Starquest321
Starquest321 used Ask the Experts™
on
I tried to create a Hub Transport for a specific server which sends email reports coming from a specific user. I get a 550 5.7.1 error - unable to relay. What am I doing wrong?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Have you tried adding the server's IP to allowed senders group?

1. Exchange Management Console --> Server Configuration

2. Right-click Hub Transport, select properties

3. Select Network tab, then add user's IP under "Receive mail from remote servers that have these IP addresses"

Author

Commented:
Yes - I setup a new recieve connector and added the server IP address. That was successful. The problem is that the "user unknown: 550 5.5.1" The user who sends the message is a known user on the Exchange box and the name/password is correct.
Do you have additional info as to what's happening with your relay?

Not sure if you may be experiencing a similar issue, authenticated user, but read the thread below:

http://www.petri.co.il/forums/showthread.php?t=34194

Author

Commented:
Add-AdPermission -Identity "Default Receive Connector" -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

I added that command in the Exchange shell. When I run the software to generate the email from the user I now get a "User Unknown" failure. . .

Author

Commented:
I tried adding the SELF as a user but got the following error:

8-7-2011-6-45-15-PM.png
Commented:
It is not a recommended procedure to change the Default receive connector to use Relay or make it Externally secure receive connectors - You may face issues with the mails coming from other Servers getting stuck with additional queue information cannot achieve Exchange server authentications.

Instead create a new receive connector.
Add the IP address of the server which sends reports over this Hub transport server.

Go to properties page again and change the permission to use only TLS and Externally secure and the authentication to use Anonymous and Exchange server.

This will give your server which sends reports over the hub server the permissions required to send mails over it.

you can refer this for more details.
http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx

Do not change the Default receive connector to do this!

Author

Commented:
I thought so ..  .but I read the article and that is what is said. The only command I really ran on the default connector is the:


Add-AdPermission -Identity "Default Receive Connector" -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender


How can I undo that?

Commented:
Run Remove-AdPermission -Identity "Default Receive Connector" -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

You can also change it from ADSIEDIT.MSC

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial