[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Legacy app can't send emails through Exchange 2010 - Send / Recevie connectors

Posted on 2012-08-20
27
Medium Priority
?
865 Views
Last Modified: 2012-10-22
Hi,

We have a legacy application that is installed on a bunch of workstations. The application uses a .dat file that is placed on a shared drive and read the SMTP configuration (email account, server IP, port, etc.)

We are ready to switch the email flow from Exchange 2003 to Exchange 2010 but I need the application to send through the new server first.

When sending through the CASArray IP the email only goes through when is being sent to an internal email address, however any attempt to send to an external domain it fails.

My connectors are configured as follows:

1.) Send Connector:

a.)Internet Email (Exchange 2010) -  

Adress Space SMTP * Cost 1
Network - User DNS MX records
Source Servers -  CASHT01 and CASHT02 (my 2 HT servers)

b.) SMTP - This is the one that was created by Exchange 2010 when the 2003 servers where found.

2.) Receive Connectors:

2 CAS servers:

CASHT01

Default CASHT01
Network - 0.0.0.0 - 255.255.255.255
Authentication - TLS , Basic Authentication, Exchange Server Authentication, Integrated Windows Authentication.
Permission Groups: Anonymous, Exchange users, Exchange Servers, Legacy Exchange Servers.

CASHT02

Default CASHT02
Network - 0.0.0.0 - 255.255.255.255
Authentication - TLS , Basic Authentication, Exchange Server Authentication, Integrated Windows Authentication.
Permission Groups: Anonymous, Exchange users, Exchange Servers, Legacy Exchange Servers.

Note: The .DAT file provides email address, port, SMTP IP address but it does not provide the account password.

Any idea what is preventing the email to go through? Anything wrong with the current configuration?

Thank you.
0
Comment
Question by:llarava
  • 15
  • 12
27 Comments
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38313587
What you are asking for is access to relay the email through Exchange, for this you'll need to create relay connector and bind the connector to your work station IP Addresses, so that no other work station or device can access it.

Use the following link to create a relay SMTP Send connector.

Regards,
Exchange_Geek
0
 

Author Comment

by:llarava
ID: 38313727
I have created a new Receive Connector with the following configuration:

Network:
IP's to receive - All IPv4

Receive mail from remote servers that have these IPs

For testing the IP of one of the workstations that runs the legacy app

Authentication

I have only selected TLS and Externally secure.

Permission Groups:

Selected Exchange Servers

I have tried but it doesn't work.

Here is what I can see on the verbose SMTP log:

2012-08-20T19:51:28.422Z,CASHT01\Default CASHT01,08CF30C972E88B81,37,172.20.200.40:25,172.20.200.11:47617,>,221 2.0.0 Service closing transmission channel,
2012-08-20T19:51:28.422Z,CASHT01\Default CASHT01,08CF30C972E88B81,38,172.20.200.40:25,172.20.200.11:47617,-,,Local
2012-08-20T19:51:40.829Z,CASHT01\Default CASHT01,08CF30C972E88B85,0,172.20.200.40:25,172.20.200.43:20645,+,,
2012-08-20T19:51:40.829Z,CASHT01\Default CASHT01,08CF30C972E88B85,1,172.20.200.40:25,172.20.200.43:20645,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2012-08-20T19:51:40.829Z,CASHT01\Default CASHT01,08CF30C972E88B85,2,172.20.200.40:25,172.20.200.43:20645,>,"220 CASHT01.domain.local Microsoft ESMTP MAIL Service ready at Mon, 20 Aug 2012 15:51:40 -0400",
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,3,172.20.200.40:25,172.20.200.43:20645,<,ehlo Administrators-Mac-mini.local,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,4,172.20.200.40:25,172.20.200.43:20645,>,250-CASHT01.domain.local Hello [172.20.200.43],
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,5,172.20.200.40:25,172.20.200.43:20645,>,250-SIZE,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,6,172.20.200.40:25,172.20.200.43:20645,>,250-PIPELINING,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,7,172.20.200.40:25,172.20.200.43:20645,>,250-DSN,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,8,172.20.200.40:25,172.20.200.43:20645,>,250-ENHANCEDSTATUSCODES,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,9,172.20.200.40:25,172.20.200.43:20645,>,250-STARTTLS,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,10,172.20.200.40:25,172.20.200.43:20645,>,250-X-ANONYMOUSTLS,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,11,172.20.200.40:25,172.20.200.43:20645,>,250-AUTH NTLM,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,12,172.20.200.40:25,172.20.200.43:20645,>,250-X-EXPS GSSAPI NTLM,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,13,172.20.200.40:25,172.20.200.43:20645,>,250-8BITMIME,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,14,172.20.200.40:25,172.20.200.43:20645,>,250-BINARYMIME,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,15,172.20.200.40:25,172.20.200.43:20645,>,250-CHUNKING,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,16,172.20.200.40:25,172.20.200.43:20645,>,250-XEXCH50,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,17,172.20.200.40:25,172.20.200.43:20645,>,250-XRDST,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,18,172.20.200.40:25,172.20.200.43:20645,>,250 XSHADOW,
2012-08-20T19:51:41.063Z,CASHT01\Default CASHT01,08CF30C972E88B85,19,172.20.200.40:25,172.20.200.43:20645,<,mail FROM:<traffic@domain.com> size=1770866,
2012-08-20T19:51:41.063Z,CASHT01\Default CASHT01,08CF30C972E88B85,20,172.20.200.40:25,172.20.200.43:20645,*,08CF30C972E88B85;2012-08-20T19:51:40.829Z;1,receiving message
2012-08-20T19:51:41.063Z,CASHT01\Default CASHT01,08CF30C972E88B85,21,172.20.200.40:25,172.20.200.43:20645,>,250 2.1.0 Sender OK,
2012-08-20T19:51:41.063Z,CASHT01\Default CASHT01,08CF30C972E88B85,22,172.20.200.40:25,172.20.200.43:20645,<,rcpt TO:<lara@gmail.com>,
2012-08-20T19:51:41.063Z,CASHT01\Default CASHT01,08CF30C972E88B85,23,172.20.200.40:25,172.20.200.43:20645,*,Tarpit for '0.00:00:05',
2012-08-20T19:51:41.079Z,CASHT01\Default CASHT01,08CF30C972E88B86,0,172.20.200.40:25,172.20.200.43:52191,+,,
2012-08-20T19:51:41.079Z,CASHT01\Default CASHT01,08CF30C972E88B86,1,172.20.200.40:25,172.20.200.43:52191,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2012-08-20T19:51:43.235Z,CASHT01\Default CASHT01,08CF30C972E88B87,0,172.20.200.40:25,172.20.200.11:47625,+,,
2012-08-20T19:51:43.235Z,CASHT01\Default CASHT01,08CF30C972E88B87,1,172.20.200.40:25,172.20.200.11:47625,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2012-08-20T19:51:43.235Z,CASHT01\Default CASHT01,08CF30C972E88B87,2,172.20.200.40:25,172.20.200.11:47625,>,"220 CASHT01.domain.local Microsoft ESMTP MAIL Service ready at Mon, 20 Aug 2012 15:51:43 -0400",
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38313753
Provide me the FL output of the newly created receive connector please.

Regards,
Exchange_Geek
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:llarava
ID: 38313787
Hi,

Sorry what do you mean with FL output?
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38313798
Type the following

Get-ReceiveConnector "name of the newly created connector" | FL >>RC.txt

Edit RC.txt so you remove sensitive information and attach it here.

Regards,
Exchange_Geek
0
 

Author Comment

by:llarava
ID: 38313943
Here is the output. I have changed the domain name and use "domain" everything else is the same.

BinaryMimeEnabled                       : True
Bindings                                : {0.0.0.0:25}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : CASHT01.domain.Local
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 12
MaxLogonFailures                        : 3
MaxMessageSize                          : 10 MB (10,485,760 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : ExchangeServers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : None
RemoteIPRanges                          : {172.24.142.2}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : CASHT01
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : MACTIVE-ReceiveConnector
DistinguishedName                       : CN=MACTIVE-ReceiveConnector,CN=SMTP Receive Connectors,CN=Protocols,CN=CASHT0
                                          1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administra
                                          tive Groups,CN=domain Post,CN=Microsoft Exchange,CN=Services,CN=Configurati
                                          on,DC=domain,DC=Local
Identity                                : CASHT01\MACTIVE-ReceiveConnector
Guid                                    : 906694e9-1e91-4fa5-80db-1027942660c5
ObjectCategory                          : domain.Local/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 8/20/2012 4:38:34 PM
WhenCreated                             : 8/20/2012 4:37:10 PM
WhenChangedUTC                          : 8/20/2012 8:38:34 PM
WhenCreatedUTC                          : 8/20/2012 8:37:10 PM
OrganizationId                          :
OriginatingServer                       : dc1.domain.Local
IsValid                                 : True
0
 

Author Comment

by:llarava
ID: 38313993
One more thing I have seen from the SMTP logs is that any email that is sent by the app from the desktops looks like this

,172.20.200.40:25,172.20.200.43:

.40:25 is the CASHT01 I am still trying to figure out what is the .43 IP
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38314009
I'm hoping you ran this

New-ReceiveConnector -Name RelayConnector -usage Custom -Bindings ’192.168.1.17:25' -fqdn server.domain.com -RemoteIPRanges 192.168.1.100 -server MYEXCHANGESERVER -permissiongroups ExchangeServers -AuthMechanism ‘TLS, ExternalAuthoritative’

Regards,
Exchange_Geek
0
 

Author Comment

by:llarava
ID: 38314018
I created the connector through the EMC but that shouldn't make a difference. I have not created a new IP, I am not sure should I create a new IP for this connector.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38314033
oh yes it does a big way - that is why i gave you the article. sob sob sob

Regards,
Exchange_Geek
0
 

Author Comment

by:llarava
ID: 38314048
I assume it does make a difference, but I guess I just don't understand the need of a new IP. Also where do you need to configure the new IP? just in the connector? what is the reason for the new IP?
0
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 2000 total points
ID: 38314056
-Bindings ’192.168.1.17:25' -fqdn server.domain.com -RemoteIPRanges 192.168.1.100

Binding refers to your Exchange Server
:25 refers to Port 25
RemoteIPRanges refers to the (Application) IP that is going to connect to the server to relay.

Most importantly "-AuthMechanism ‘TLS, ExternalAuthoritative’" - this provides the ability to relay with extended rights.

Regards,
Exchange_Geek
0
 

Author Comment

by:llarava
ID: 38314065
Ok.

Bindings ’192.168.1.17:25' -fqdn server.domain.com -RemoteIPRanges 192.168.1.100

192.168.1.17 is what? a new IP or my CASarray IP?

Also server.domain.com refers to my casarray.domain.com?

Everything else I got it.
0
 

Author Comment

by:llarava
ID: 38314068
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38314074
Bindings ’192.168.1.17:25' -fqdn server.domain.com -RemoteIPRanges 192.168.1.100

192.168.1.17 is what? This belongs to your hub server NOT CAS, Hub manages your mail flow not CAS.

Also server.domain.com refers to my the banner that'll you would receive - simply refer this to your hub server FQDN

Regards,
Exchange_Geek
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38314080
I'd agree, however using EMC sometimes causes issues - so shell is preferred.

Regards,
Exchange_Geek
0
 

Author Comment

by:llarava
ID: 38314100
Bindings ’192.168.1.17:25' -fqdn server.domain.com -RemoteIPRanges 192.168.1.100

192.168.1.17 is what? This belongs to your hub server NOT CAS, Hub manages your mail flow not CAS.

So this is the HT IP.

I have 2 HT servers, how do I need to proceed in that case?
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38314108
You'll need to create individual relay connector on each one, receive connectors aren't shared across servers.

Regards,
Exchange_Geek
0
 

Author Comment

by:llarava
ID: 38314207
I have recreated the connector with EMS and the same result. The thing is that I don't see anything on logs that says that it failed. This is being sent by an APP that runs on MACs.

In the article below the guy shows an app to test SMTP without authentication.

http://www.bunkerhollow.com/blogs/matt/archive/2010/03/14/allow-applications-to-send-email-through-exchange-2010.aspx

All the SMTP clients that I have test require you to specify user/password. Do you know of a good SMTP client to test this from a PC?

I am trying the helo commands but they don't work.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38314235
Work with a simple test

Telnet IPAddressof HubServer 25, so this means if my hub had an IP 172.1.1.100 the command would have been

telnet 172.1.1.100 25 and hit enter, this should come up with the banner that you mentioned in the FQDN while creating the new receive connector

This needs to be done from the application server/machine that you've allowed to relay.

BTW when you work with the application to relay, did you specify the IP address of hub to connect to? It should be the same IP that you mentioned while creating the receive connector.

Regards,
Exchange_Geek
0
 

Author Comment

by:llarava
ID: 38314401
Well, I have a physical appliance to do load balancing and latelty I have been working on getting all that stuff working. I think that by mistake I have specified the CASarray IP into the application as the SMTP server.

On the Exchange servers the connectors are configured with the HT servers and their IPs but the workstation with the app is trying to send email to the CASArray VIP. The thing that doesn't make sense is that when the emails are sent to a internal address via the CAS Vip they are relayed correctly, however when an external domain is used they fail.

From the app I can only specify a single SMTP server and I have to HT servers is there a way to provide redundancy there as well in case one of the HT is not available?
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38314409
If you can create a VIP for load balancing that would in-turn point to local HUB Servers that'll help you. Here is how it would.

have you application send relay emails to VIP of LB -> which in turn would relay to hub servers.

So, on the hub servers you'll only have to add the IP of LB to give it to access. You're application servers would then connect to LB IP for relay purpose, for this you'll possibly need a dummy A Record such as Hub-Relay which would say point to 192.168.1.101 in DNS.

so, your app server would connect to Hub-Relay and Hub-Relay can divide the traffic to both hub servers.

Is this what you want?

Regards,
Exchange_Geek
0
 

Author Comment

by:llarava
ID: 38314418
Yes, tha's the way I have my CAS servers. I understand the LB side, what do I need to do on the Exchange side for the connectors?

Let's say that the

VIP is 1.1.1.1
My HT severs IPs are 1.1.1.2 HT01
1.1.1.2 HT02.  

How do I need to configure the Send Connectors at that point? For example

-Bindings ’1.1.1.1:25' -fqdn server.domain.com -RemoteIPRanges IPfromworkstationwithAPP

Also do I have to change the IP for the other SMTP send connector and use the VIP for redundancy or this is going to be managed by AD Sites?
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38314429
Retyping the example

VIP facing Exchange 1.1.1.1
VIP facing Application 1.1.1.2
HT1 1.1.1.3
HT2 1.1.1.4

Now, I am assuming LB would talk to Applications on separate IP than Exchange, so the command would be

ON HT1
-Bindings ’1.1.1.3:25' -fqdn server.domain.com -RemoteIPRanges 1.1.1.1

ON HT2
-Bindings ’1.1.1.4:25' -fqdn server.domain.com -RemoteIPRanges 1.1.1.1

Regards,
Exchange_Geek
0
 

Author Comment

by:llarava
ID: 38316210
Hi,

I am using a KEMP HW Load Balancer applicance with Exchange 2010. I am LB the SMTP as follows:

VIP: 172.20.200.38:25 tcp SMTP - Internal  - This is the internal SMTP  

172.20.200.40  CASHT01
172.20.200.41  CASHT02

When the app is pointed to .38 the application can only send internal emails and it fails when an email is sent to an external domain.

However when the app is pointed to one of the HT servers directly for example CASHT01 then internal/external email can be sent with no issues.
0
 

Author Comment

by:llarava
ID: 38316289
Here is what I am getting through the the VIP. If I use the HT01 or HT02 everything works with no problem but If I use the VIP for the SMTP then I get an "Unable to relay" when I send something to an external domain.

250 CASHT01.Syracuse.Local Hello [172.22.142.19]
MAIL From:llara@domain.com
501 5.5.4 Unrecognized parameter
MAIL From:llara@domain.com
501 5.5.4 Unrecognized parameter
MAIL FROM:llara@domain.com
250 2.1.0 Sender OK
RCPT TO:lluis.lara@externaldomain.com
550 5.7.1 Unable to relay

This is what I have so far:

- On both hub transport servers I have created a seperate receive connector "Relaying Apps" for the relaying applications
- On both hub transport servers I added the app servers IP addresses to this Receive connector
- On both hub transport servers I run the command Get-ReceiveConnector "Relaying Apps" | Add-ADPermission -User "NT Authority\Anonymous Logon" -ExtendetRights "ms-Exch-SMTP-Accept-Any-Recipient"

- The application is able to relay to internal addresses using the load balancer ip address
- The application is unable to relay to external addresses using the load balancer ip address  -->  550 5.7.1 Unable to relay
- The application is able to relay to internal addresses using the hub servers addresses
- The application is able to relay to external addresses using the hub servers ip addresses

So everything works, except relaying to external addresses using the load balancer ip address

By using the load balancer, the request comes from the load balancer ip, instead of the client ip. Because the lb ip is not registered in the receive connector, external relaying doesn't work.

The load balancer should be able to give the original client ip as the source ip to the hub transport server.
0
 

Author Comment

by:llarava
ID: 38316536
As a workaround, the relaying applications are not using the vip, but a DNS round robin instead.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month20 days, 10 hours left to enroll

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question