Exchange 2010 Allow Relay

Posted on 2012-08-25
Medium Priority
Last Modified: 2012-08-26
We have an exchange 2010 server.  Users use GreatPlains software and have the ability to email from the applications directly.  It appears that GP's does not use the mapi profile on the workstation (outlook 2010 and 2007) but sends the email directly.  You control the email server via a config file on the PC.

Therefore, I need to allow the entire subnet, my internal subnet, to relay off the server to send emails to outside email addresses.  If they send to an Exchange user, it works no problem.  The issues is sending to other domains.

Receive connector:

[PS] C:\>get-receiveconnector -identity "greatplains" |FL

RunspaceId                              : b45592cf-4c66-406d-a2a6-bea9eeda9e6f
AuthMechanism                           : Tls, ExternalAuthoritative
Banner                                  :
BinaryMimeEnabled                       : True
Bindings                                : {}
ChunkingEnabled                         : True
DefaultDomain                           :
DeliveryStatusNotificationEnabled       : True
EightBitMimeEnabled                     : True
BareLinefeedRejectionEnabled            : False
DomainSecureEnabled                     : False
EnhancedStatusCodesEnabled              : True
LongAddressesEnabled                    : False
OrarEnabled                             : False
SuppressXAnonymousTls                   : False
AdvertiseClientSettings                 : False
Fqdn                                    : server.domain.local
Comment                                 :
Enabled                                 : True
ConnectionTimeout                       : 00:10:00
ConnectionInactivityTimeout             : 00:05:00
MessageRateLimit                        : unlimited
MessageRateSource                       : IPAddress
MaxInboundConnection                    : 5000
MaxInboundConnectionPerSource           : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize                           : 64 KB (65,536 bytes)
MaxHopCount                             : 60
MaxLocalHopCount                        : 12
MaxLogonFailures                        : 3
MaxMessageSize                          : 10 MB (10,485,760 bytes)
MaxProtocolErrors                       : 5
MaxRecipientsPerMessage                 : 200
PermissionGroups                        : AnonymousUsers, ExchangeServers
PipeliningEnabled                       : True
ProtocolLoggingLevel                    : None
RemoteIPRanges                          : {}
RequireEHLODomain                       : False
RequireTLS                              : False
EnableAuthGSSAPI                        : False
ExtendedProtectionPolicy                : None
LiveCredentialEnabled                   : False
TlsDomainCapabilities                   : {}
Server                                  : DIFS02
SizeEnabled                             : Enabled
TarpitInterval                          : 00:00:05
MaxAcknowledgementDelay                 : 00:00:30
AdminDisplayName                        :
ExchangeVersion                         : 0.1 (8.0.535.0)
Name                                    : GreatPlains
DistinguishedName                       : CN=GreatPlains,CN=SMTP Receive Connectors,CN=Protocols,CN=DIFS
                                          N=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administr
                                          =First Organization,CN=Microsoft Exchange,CN=Services,CN=Confi
Identity                                : DIFS02\GreatPlains
Guid                                    : 75bd38ce-6ce8-4465-ad35-3520b7afb005
ObjectCategory                          : domain.local/Configuration/Schema/ms-Exch-Smtp-Receive-Conn
ObjectClass                             : {top, msExchSmtpReceiveConnector}
WhenChanged                             : 8/23/2012 11:35:22 PM
WhenCreated                             : 8/23/2012 11:35:08 PM
WhenChangedUTC                          : 8/24/2012 3:35:22 AM
WhenCreatedUTC                          : 8/24/2012 3:35:08 AM
OrganizationId                          :
OriginatingServer                       : server.domain.local
IsValid                                 : True

Set permission with shell for connector:

Get-ReceiveConnector "greatplains" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Error from PC and Application:

"Order email failure....  5.7.1 Unable to relay"

We did this in 2003 on the virtual smtp connector and it worked.

Please advise my mistakes?

Question by:RFloyd30
LVL 17

Accepted Solution

Brad Bouchard earned 1200 total points
ID: 38333556
Try this... I did this less than a week ago for several IPs and it worked great.  In your case, just define your whole LAN as the IPs allowed for relay.


Assisted Solution

by:Praveen Balan
Praveen Balan earned 800 total points
ID: 38333564

The settings are looks to be fine, but again do the below.

1. Open the properties of the receive connector which you have created for the relaying of internal sub net,
2. navigate to the Authentication Tab
3. Ensure that the Externally Secured (for example, with IPsec) is checked.
4. Try relaying the emails, and if fails again take a restart of transport service or the server itself.

also remove the TLS settings on authentication tab, though it does not affect.

If it still fails, we need to ensure that the connections are landing to the correct receive connector. For that you can change the FQDN to custom and try telneting from one of the application server you are trying to relay and ensure that the custom FQDN is received as response.

share the results.

LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38333574
Allow Anonymous Relay on a Receive Connector

This will briefly allow you to Relay ... you need to provide relay on the Receive connector for the IP's :)

- Rancy

Author Closing Comment

ID: 38335161
Thanks for the replies.

I think it was working the entire time.   It appears that the application has a method of sending a single item like an invoice or sending in "bulk" and i would assume many invoices.  When yous end a single item, the email works.
So back to the application...

Solution: Follow the link given above - This is exactly the way i setup the receive connector in the beginning and also had the anonymous checked.  Not sure if it will work without that checked and may get a chance to test that - if so I will update post.

Thanks for the time.

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month16 days, 1 hour left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question