• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 727
  • Last Modified:

Allowing Application server to send email externally?

We have an Exchange 2007 environment that has two Exchange boxes... one sits in a DMZ for CAS / Transport and the other internally for Mail / Transport.

I need to allow an application server to send out email externally. I've configured a receive connector and we are now getting internal email routed correctly from the Application server but external isn't being sent out.

Can anyone advise? As I need this sorting quickly.
0
Mr_OCD
Asked:
Mr_OCD
  • 10
  • 6
  • 5
  • +1
1 Solution
 
Hendrik WieseCommented:
0
 
Mr_OCDAuthor Commented:
Thanks as mentioned already created the receive connector on the internal Exchange server.

Internal email works fine. External emails are not being sent out...
0
 
Hendrik WieseCommented:
Is you Anti Spam enabled? Because this would block it.

PS: Read the comments on the link that I posted.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
Hendrik WieseCommented:
As suggested in the comments of the link I posted, please have a look at http://blogs.msexchange.org/zinman/2006/12/31/allowing-application-servers-to-relay-off-exchange-server-2007/
0
 
Hendrik WieseCommented:
Sorry that is just a link back url to the previous post. Look at Scott Landry suggestion at the initial url.
0
 
Ahmed786Commented:
You should create two receive connectors

1> One with anonymous access

2> Create Second receive connector with  externally secured enabled.


Hope this may solve ur issue.
0
 
Mr_OCDAuthor Commented:
I assumed anonymous access was taken care of via the Exchange default connector?

I've looked at the comments in the link posted and they don't really provide further information on my issue. Spam controls are not the problem. Connector has been setup using option 1.

0
 
Ahmed786Commented:
Have you tried to restart the Exchange Transport Service after doing all this ? if not then please do it.
0
 
Mr_OCDAuthor Commented:
Yes the ETS has been restarted ...
0
 
Ahmed786Commented:
what error are you getting in logs.
0
 
Ahmed786Commented:
you should enable SMTP log on the Receive Connector which used to receive message from application server to troubleshoot the issue.

Below is the microsoft article on how to disable or enable logging

http://technet.microsoft.com/en-us/library/bb124531.aspx

You should any info in that SMTP log i.e any error to troubleshoot further.
0
 
gleekCommented:
Have you run the following shell command against the connector?  This is a common issue when relaying mail directly to an exchange server and wanting it to then go outbound.

Get-ReceiveConnector "<Send Connector Identity>" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
0
 
Mr_OCDAuthor Commented:
No I haven't! ... Something else to try ... :)

What is the send connector identity? - I've tried the name of the connector and it errors?
0
 
gleekCommented:
sorry i meant receive connector.

you can do a get-receive connector and it should tell you the identity.  Like for instance you have a recieve connector named "Relay" on EXCHANGE01.  The identity would be EXCHANGE01\Relay
0
 
Mr_OCDAuthor Commented:
Thanks ... got as far as "NTAuthority\Anonymous Logon" was not found...
0
 
gleekCommented:
there is a space between NT and Authority  be sure to type it exactly as i've pasted

"NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
0
 
Mr_OCDAuthor Commented:
Ok thanks. Done that still not working so time to run some SMTP logging.
0
 
Ahmed786Commented:
yes for enabling logging refer my above pasted microsofts article.
0
 
gleekCommented:
ok so now lets review. Making sure these are all true statements.

- Created a receive connector on the hub server (is this the dmz hub or internal hub?)
- Verified the Hub server being relayed to is in scope of a send connector that can send to the internet
- Verified this Hub server has permissions to send to your SMTP appliance or whatever sends outbound from your environment.
- Enable verbose logging on the receive connector
- Set receive connector to anonymous and have run the above pshell command against it

0
 
Mr_OCDAuthor Commented:
That's correct.

- New receive connector on internal HUB server
- HUB server can relay to send connector
- Permissions set
- Verbose logging setup on new receive connector
- pshell command has been run successfully
0
 
Mr_OCDAuthor Commented:
Restarted Transport service again.

Interesting that the SMTP log send log is showing empty...
0
 
gleekCommented:
what does the receive connector log show?  Is the IP of your  server hitting the log?
0
 
Mr_OCDAuthor Commented:
It shows the IP of the Application server hitting the log...
0
 
gleekCommented:
ok is there a valid reply email address of these relays?  Is there an NDR coming back?

If theres no NDR and the server is hitting the receive connector there has to be something misconfigured on your send connector or how the mail flows out.
0
 
Mr_OCDAuthor Commented:
There is not a valid reply address (it is a noreply@ address) so we get an NDR when replying.

I was going to say it must be a send connector / mailflow issue next...

It's driving me mad this ... :)
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 10
  • 6
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now