Solved

Exchange 2010 open relay because of new connector.

Posted on 2013-05-28
7
372 Views
Last Modified: 2013-06-05
Hi,

I have a new Exchange 2010 install that is acting as an open relay.

I have 3 receive connectors, Client Servername, Default Servername and Internal Client Relay.

I added the last one to allow the servers within our network to relay via Exchange so our automated applications could send mail both externally and internally. These servers use Perl & Omnimark to do the sending.

I've attached a Word doc with screenshots of our connectors. If I remove the 0.0.0.0-255.255.255.255 from the Internal Client connector which is what I assume I need to do as I only want machines on the internal network to use this, external users can't email internal users as I get:

SMTP error from remote mail server after MAIL FROM:<info@myexternaldomain.net> SIZE=5605:
    host mail.letterpart.com [178.251.239.152]: 530 5.7.1 Client was not authenticated

I know I've mucked up one of the others but I can't remember where or why and as I only ever set up an exchange server every 7 years or so and I can't remember what I had for breakfast last week, I'm pretty clueless here.

Thanks.
0
Comment
Question by:Letterpart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39201309
Did you want the servers to relay email without authenticating?
If so that means your connector that has been configured to allow relaying isn't restricted properly and Exchange thinks you are trying to use one of the others.

Turning the server in to an open relay is usually done via enabling "Externally Secured".
For sending email to internal users, relaying isn't required, you just need anonymous enabled on the default connector.

For setting up the connector, I always point people at this article: http://semb.ee/apprelay

Simon.
0
 
LVL 1

Author Comment

by:Letterpart
ID: 39201465
Hi Simon,

yes I want the servers on our LAN to be able to send email without authenticating, to both internal and external addresses.

I've got TLS & Externally secured selected in the Authentication tab and Exchange Servers selected in The permission Groups on this connector.

But as soon as I remove 0.0.0.0-255.255.255.255 from the Network I can't send from an external to internal address.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39201783
Externally secured turned on will cause the server to be an open relay, you don't have to enable that. Follow the instructions on the link I have provided, modifying the new connector not the Default or Client Receive Connector.

Simon.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Letterpart
ID: 39201857
Simon,

I'm not trying to be totally obtuse here but as far as I am aware I have followed the instructions under:

Option 1: Make your new scoped connector an Externally Secured connector

1) ...it is required that you enable the Exchange Servers permission group.

2) Next, continue to the authentication mechanisms page and add the "Externally secured" mechanism. What this means is that you have complete trust that the previously designated IP addresses will be trusted by your organization.

This is how my new Connector is set up. The only difference is that I have 0.0.0.0-255.255.255.255 in the allowed networks as well as my two internal server IP's.

If I remove the  0.0.0.0-255.255.255.255 or  the Externally secured I get:

530 5.7.1 Client was not authenticated when trying to send an email.
0
 
LVL 1

Author Comment

by:Letterpart
ID: 39204128
If I disable my custom connector I get the same error stating that my client was not authenticated.

I'm now assuming that the default connectors have been changed and am trying to find the default settings for 2010 so I can compare them.
0
 
LVL 1

Accepted Solution

by:
Letterpart earned 0 total points
ID: 39204217
Ok.

On the Default Servername connector I have enabled Anonymouse users.

And on the Internal Client Relay I have removed 0.0.0.0-255.255.255.255

Now I am no longer an open relay and my internal scripts can send mails internally and externally.
0
 
LVL 1

Author Closing Comment

by:Letterpart
ID: 39221485
None of the replies provided the answer I required and any further questions asking to clarify points went unanswered.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses
Course of the Month11 days, 17 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question