Legacy app can't send emails through Exchange 2010 - Send / Recevie connectors

Hi,

We have a legacy application that is installed on a bunch of workstations. The application uses a .dat file that is placed on a shared drive and read the SMTP configuration (email account, server IP, port, etc.)

We are ready to switch the email flow from Exchange 2003 to Exchange 2010 but I need the application to send through the new server first.

When sending through the CASArray IP the email only goes through when is being sent to an internal email address, however any attempt to send to an external domain it fails.

My connectors are configured as follows:

1.) Send Connector:

a.)Internet Email (Exchange 2010) -  

Adress Space SMTP * Cost 1
Network - User DNS MX records
Source Servers -  CASHT01 and CASHT02 (my 2 HT servers)

b.) SMTP - This is the one that was created by Exchange 2010 when the 2003 servers where found.

2.) Receive Connectors:

2 CAS servers:

CASHT01

Default CASHT01
Network - 0.0.0.0 - 255.255.255.255
Authentication - TLS , Basic Authentication, Exchange Server Authentication, Integrated Windows Authentication.
Permission Groups: Anonymous, Exchange users, Exchange Servers, Legacy Exchange Servers.

CASHT02

Default CASHT02
Network - 0.0.0.0 - 255.255.255.255
Authentication - TLS , Basic Authentication, Exchange Server Authentication, Integrated Windows Authentication.
Permission Groups: Anonymous, Exchange users, Exchange Servers, Legacy Exchange Servers.

Note: The .DAT file provides email address, port, SMTP IP address but it does not provide the account password.

Any idea what is preventing the email to go through? Anything wrong with the current configuration?

Thank you.
llaravaAsked:
Who is Participating?
 
Exchange_GeekConnect With a Mentor Commented:
-Bindings ’192.168.1.17:25' -fqdn server.domain.com -RemoteIPRanges 192.168.1.100

Binding refers to your Exchange Server
:25 refers to Port 25
RemoteIPRanges refers to the (Application) IP that is going to connect to the server to relay.

Most importantly "-AuthMechanism ‘TLS, ExternalAuthoritative’" - this provides the ability to relay with extended rights.

Regards,
Exchange_Geek
0
 
Exchange_GeekCommented:
What you are asking for is access to relay the email through Exchange, for this you'll need to create relay connector and bind the connector to your work station IP Addresses, so that no other work station or device can access it.

Use the following link to create a relay SMTP Send connector.

Regards,
Exchange_Geek
0
 
llaravaAuthor Commented:
I have created a new Receive Connector with the following configuration:

Network:
IP's to receive - All IPv4

Receive mail from remote servers that have these IPs

For testing the IP of one of the workstations that runs the legacy app

Authentication

I have only selected TLS and Externally secure.

Permission Groups:

Selected Exchange Servers

I have tried but it doesn't work.

Here is what I can see on the verbose SMTP log:

2012-08-20T19:51:28.422Z,CASHT01\Default CASHT01,08CF30C972E88B81,37,172.20.200.40:25,172.20.200.11:47617,>,221 2.0.0 Service closing transmission channel,
2012-08-20T19:51:28.422Z,CASHT01\Default CASHT01,08CF30C972E88B81,38,172.20.200.40:25,172.20.200.11:47617,-,,Local
2012-08-20T19:51:40.829Z,CASHT01\Default CASHT01,08CF30C972E88B85,0,172.20.200.40:25,172.20.200.43:20645,+,,
2012-08-20T19:51:40.829Z,CASHT01\Default CASHT01,08CF30C972E88B85,1,172.20.200.40:25,172.20.200.43:20645,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2012-08-20T19:51:40.829Z,CASHT01\Default CASHT01,08CF30C972E88B85,2,172.20.200.40:25,172.20.200.43:20645,>,"220 CASHT01.domain.local Microsoft ESMTP MAIL Service ready at Mon, 20 Aug 2012 15:51:40 -0400",
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,3,172.20.200.40:25,172.20.200.43:20645,<,ehlo Administrators-Mac-mini.local,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,4,172.20.200.40:25,172.20.200.43:20645,>,250-CASHT01.domain.local Hello [172.20.200.43],
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,5,172.20.200.40:25,172.20.200.43:20645,>,250-SIZE,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,6,172.20.200.40:25,172.20.200.43:20645,>,250-PIPELINING,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,7,172.20.200.40:25,172.20.200.43:20645,>,250-DSN,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,8,172.20.200.40:25,172.20.200.43:20645,>,250-ENHANCEDSTATUSCODES,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,9,172.20.200.40:25,172.20.200.43:20645,>,250-STARTTLS,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,10,172.20.200.40:25,172.20.200.43:20645,>,250-X-ANONYMOUSTLS,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,11,172.20.200.40:25,172.20.200.43:20645,>,250-AUTH NTLM,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,12,172.20.200.40:25,172.20.200.43:20645,>,250-X-EXPS GSSAPI NTLM,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,13,172.20.200.40:25,172.20.200.43:20645,>,250-8BITMIME,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,14,172.20.200.40:25,172.20.200.43:20645,>,250-BINARYMIME,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,15,172.20.200.40:25,172.20.200.43:20645,>,250-CHUNKING,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,16,172.20.200.40:25,172.20.200.43:20645,>,250-XEXCH50,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,17,172.20.200.40:25,172.20.200.43:20645,>,250-XRDST,
2012-08-20T19:51:40.970Z,CASHT01\Default CASHT01,08CF30C972E88B85,18,172.20.200.40:25,172.20.200.43:20645,>,250 XSHADOW,
2012-08-20T19:51:41.063Z,CASHT01\Default CASHT01,08CF30C972E88B85,19,172.20.200.40:25,172.20.200.43:20645,<,mail FROM:<traffic@domain.com> size=1770866,
2012-08-20T19:51:41.063Z,CASHT01\Default CASHT01,08CF30C972E88B85,20,172.20.200.40:25,172.20.200.43:20645,*,08CF30C972E88B85;2012-08-20T19:51:40.829Z;1,receiving message
2012-08-20T19:51:41.063Z,CASHT01\Default CASHT01,08CF30C972E88B85,21,172.20.200.40:25,172.20.200.43:20645,>,250 2.1.0 Sender OK,
2012-08-20T19:51:41.063Z,CASHT01\Default CASHT01,08CF30C972E88B85,22,172.20.200.40:25,172.20.200.43:20645,<,rcpt TO:<lara@gmail.com>,
2012-08-20T19:51:41.063Z,CASHT01\Default CASHT01,08CF30C972E88B85,23,172.20.200.40:25,172.20.200.43:20645,*,Tarpit for '0.00:00:05',
2012-08-20T19:51:41.079Z,CASHT01\Default CASHT01,08CF30C972E88B86,0,172.20.200.40:25,172.20.200.43:52191,+,,
2012-08-20T19:51:41.079Z,CASHT01\Default CASHT01,08CF30C972E88B86,1,172.20.200.40:25,172.20.200.43:52191,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2012-08-20T19:51:43.235Z,CASHT01\Default CASHT01,08CF30C972E88B87,0,172.20.200.40:25,172.20.200.11:47625,+,,
2012-08-20T19:51:43.235Z,CASHT01\Default CASHT01,08CF30C972E88B87,1,172.20.200.40:25,172.20.200.11:47625,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2012-08-20T19:51:43.235Z,CASHT01\Default CASHT01,08CF30C972E88B87,2,172.20.200.40:25,172.20.200.11:47625,>,"220 CASHT01.domain.local Microsoft ESMTP MAIL Service ready at Mon, 20 Aug 2012 15:51:43 -0400",
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Exchange_GeekCommented:
Provide me the FL output of the newly created receive connector please.

Regards,
Exchange_Geek
0
 
llaravaAuthor Commented:
Hi,

Sorry what do you mean with FL output?
0
 
Exchange_GeekCommented:
Type the following

Get-ReceiveConnector "name of the newly created connector" | FL >>RC.txt

Edit RC.txt so you remove sensitive information and attach it here.

Regards,
Exchange_Geek
0
 
llaravaAuthor Commented:
Here is the output. I have changed the domain name and use "domain" everything else is the same.

BinaryMimeEnabled                       : True
Bindings                                : {0.0.0.0:25}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : CASHT01.domain.Local
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 12
MaxLogonFailures                        : 3
MaxMessageSize                          : 10 MB (10,485,760 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : ExchangeServers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : None
RemoteIPRanges                          : {172.24.142.2}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : CASHT01
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : MACTIVE-ReceiveConnector
DistinguishedName                       : CN=MACTIVE-ReceiveConnector,CN=SMTP Receive Connectors,CN=Protocols,CN=CASHT0
                                          1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administra
                                          tive Groups,CN=domain Post,CN=Microsoft Exchange,CN=Services,CN=Configurati
                                          on,DC=domain,DC=Local
Identity                                : CASHT01\MACTIVE-ReceiveConnector
Guid                                    : 906694e9-1e91-4fa5-80db-1027942660c5
ObjectCategory                          : domain.Local/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 8/20/2012 4:38:34 PM
WhenCreated                             : 8/20/2012 4:37:10 PM
WhenChangedUTC                          : 8/20/2012 8:38:34 PM
WhenCreatedUTC                          : 8/20/2012 8:37:10 PM
OrganizationId                          :
OriginatingServer                       : dc1.domain.Local
IsValid                                 : True
0
 
llaravaAuthor Commented:
One more thing I have seen from the SMTP logs is that any email that is sent by the app from the desktops looks like this

,172.20.200.40:25,172.20.200.43:

.40:25 is the CASHT01 I am still trying to figure out what is the .43 IP
0
 
Exchange_GeekCommented:
I'm hoping you ran this

New-ReceiveConnector -Name RelayConnector -usage Custom -Bindings ’192.168.1.17:25' -fqdn server.domain.com -RemoteIPRanges 192.168.1.100 -server MYEXCHANGESERVER -permissiongroups ExchangeServers -AuthMechanism ‘TLS, ExternalAuthoritative’

Regards,
Exchange_Geek
0
 
llaravaAuthor Commented:
I created the connector through the EMC but that shouldn't make a difference. I have not created a new IP, I am not sure should I create a new IP for this connector.
0
 
Exchange_GeekCommented:
oh yes it does a big way - that is why i gave you the article. sob sob sob

Regards,
Exchange_Geek
0
 
llaravaAuthor Commented:
I assume it does make a difference, but I guess I just don't understand the need of a new IP. Also where do you need to configure the new IP? just in the connector? what is the reason for the new IP?
0
 
llaravaAuthor Commented:
Ok.

Bindings ’192.168.1.17:25' -fqdn server.domain.com -RemoteIPRanges 192.168.1.100

192.168.1.17 is what? a new IP or my CASarray IP?

Also server.domain.com refers to my casarray.domain.com?

Everything else I got it.
0
 
llaravaAuthor Commented:
0
 
Exchange_GeekCommented:
Bindings ’192.168.1.17:25' -fqdn server.domain.com -RemoteIPRanges 192.168.1.100

192.168.1.17 is what? This belongs to your hub server NOT CAS, Hub manages your mail flow not CAS.

Also server.domain.com refers to my the banner that'll you would receive - simply refer this to your hub server FQDN

Regards,
Exchange_Geek
0
 
Exchange_GeekCommented:
I'd agree, however using EMC sometimes causes issues - so shell is preferred.

Regards,
Exchange_Geek
0
 
llaravaAuthor Commented:
Bindings ’192.168.1.17:25' -fqdn server.domain.com -RemoteIPRanges 192.168.1.100

192.168.1.17 is what? This belongs to your hub server NOT CAS, Hub manages your mail flow not CAS.

So this is the HT IP.

I have 2 HT servers, how do I need to proceed in that case?
0
 
Exchange_GeekCommented:
You'll need to create individual relay connector on each one, receive connectors aren't shared across servers.

Regards,
Exchange_Geek
0
 
llaravaAuthor Commented:
I have recreated the connector with EMS and the same result. The thing is that I don't see anything on logs that says that it failed. This is being sent by an APP that runs on MACs.

In the article below the guy shows an app to test SMTP without authentication.

http://www.bunkerhollow.com/blogs/matt/archive/2010/03/14/allow-applications-to-send-email-through-exchange-2010.aspx

All the SMTP clients that I have test require you to specify user/password. Do you know of a good SMTP client to test this from a PC?

I am trying the helo commands but they don't work.
0
 
Exchange_GeekCommented:
Work with a simple test

Telnet IPAddressof HubServer 25, so this means if my hub had an IP 172.1.1.100 the command would have been

telnet 172.1.1.100 25 and hit enter, this should come up with the banner that you mentioned in the FQDN while creating the new receive connector

This needs to be done from the application server/machine that you've allowed to relay.

BTW when you work with the application to relay, did you specify the IP address of hub to connect to? It should be the same IP that you mentioned while creating the receive connector.

Regards,
Exchange_Geek
0
 
llaravaAuthor Commented:
Well, I have a physical appliance to do load balancing and latelty I have been working on getting all that stuff working. I think that by mistake I have specified the CASarray IP into the application as the SMTP server.

On the Exchange servers the connectors are configured with the HT servers and their IPs but the workstation with the app is trying to send email to the CASArray VIP. The thing that doesn't make sense is that when the emails are sent to a internal address via the CAS Vip they are relayed correctly, however when an external domain is used they fail.

From the app I can only specify a single SMTP server and I have to HT servers is there a way to provide redundancy there as well in case one of the HT is not available?
0
 
Exchange_GeekCommented:
If you can create a VIP for load balancing that would in-turn point to local HUB Servers that'll help you. Here is how it would.

have you application send relay emails to VIP of LB -> which in turn would relay to hub servers.

So, on the hub servers you'll only have to add the IP of LB to give it to access. You're application servers would then connect to LB IP for relay purpose, for this you'll possibly need a dummy A Record such as Hub-Relay which would say point to 192.168.1.101 in DNS.

so, your app server would connect to Hub-Relay and Hub-Relay can divide the traffic to both hub servers.

Is this what you want?

Regards,
Exchange_Geek
0
 
llaravaAuthor Commented:
Yes, tha's the way I have my CAS servers. I understand the LB side, what do I need to do on the Exchange side for the connectors?

Let's say that the

VIP is 1.1.1.1
My HT severs IPs are 1.1.1.2 HT01
1.1.1.2 HT02.  

How do I need to configure the Send Connectors at that point? For example

-Bindings ’1.1.1.1:25' -fqdn server.domain.com -RemoteIPRanges IPfromworkstationwithAPP

Also do I have to change the IP for the other SMTP send connector and use the VIP for redundancy or this is going to be managed by AD Sites?
0
 
Exchange_GeekCommented:
Retyping the example

VIP facing Exchange 1.1.1.1
VIP facing Application 1.1.1.2
HT1 1.1.1.3
HT2 1.1.1.4

Now, I am assuming LB would talk to Applications on separate IP than Exchange, so the command would be

ON HT1
-Bindings ’1.1.1.3:25' -fqdn server.domain.com -RemoteIPRanges 1.1.1.1

ON HT2
-Bindings ’1.1.1.4:25' -fqdn server.domain.com -RemoteIPRanges 1.1.1.1

Regards,
Exchange_Geek
0
 
llaravaAuthor Commented:
Hi,

I am using a KEMP HW Load Balancer applicance with Exchange 2010. I am LB the SMTP as follows:

VIP: 172.20.200.38:25 tcp SMTP - Internal  - This is the internal SMTP  

172.20.200.40  CASHT01
172.20.200.41  CASHT02

When the app is pointed to .38 the application can only send internal emails and it fails when an email is sent to an external domain.

However when the app is pointed to one of the HT servers directly for example CASHT01 then internal/external email can be sent with no issues.
0
 
llaravaAuthor Commented:
Here is what I am getting through the the VIP. If I use the HT01 or HT02 everything works with no problem but If I use the VIP for the SMTP then I get an "Unable to relay" when I send something to an external domain.

250 CASHT01.Syracuse.Local Hello [172.22.142.19]
MAIL From:llara@domain.com
501 5.5.4 Unrecognized parameter
MAIL From:llara@domain.com
501 5.5.4 Unrecognized parameter
MAIL FROM:llara@domain.com
250 2.1.0 Sender OK
RCPT TO:lluis.lara@externaldomain.com
550 5.7.1 Unable to relay

This is what I have so far:

- On both hub transport servers I have created a seperate receive connector "Relaying Apps" for the relaying applications
- On both hub transport servers I added the app servers IP addresses to this Receive connector
- On both hub transport servers I run the command Get-ReceiveConnector "Relaying Apps" | Add-ADPermission -User "NT Authority\Anonymous Logon" -ExtendetRights "ms-Exch-SMTP-Accept-Any-Recipient"

- The application is able to relay to internal addresses using the load balancer ip address
- The application is unable to relay to external addresses using the load balancer ip address  -->  550 5.7.1 Unable to relay
- The application is able to relay to internal addresses using the hub servers addresses
- The application is able to relay to external addresses using the hub servers ip addresses

So everything works, except relaying to external addresses using the load balancer ip address

By using the load balancer, the request comes from the load balancer ip, instead of the client ip. Because the lb ip is not registered in the receive connector, external relaying doesn't work.

The load balancer should be able to give the original client ip as the source ip to the hub transport server.
0
 
llaravaAuthor Commented:
As a workaround, the relaying applications are not using the vip, but a DNS round robin instead.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.