Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2010 open relay because of new connector.

Posted on 2013-05-28
7
359 Views
Last Modified: 2013-06-05
Hi,

I have a new Exchange 2010 install that is acting as an open relay.

I have 3 receive connectors, Client Servername, Default Servername and Internal Client Relay.

I added the last one to allow the servers within our network to relay via Exchange so our automated applications could send mail both externally and internally. These servers use Perl & Omnimark to do the sending.

I've attached a Word doc with screenshots of our connectors. If I remove the 0.0.0.0-255.255.255.255 from the Internal Client connector which is what I assume I need to do as I only want machines on the internal network to use this, external users can't email internal users as I get:

SMTP error from remote mail server after MAIL FROM:<info@myexternaldomain.net> SIZE=5605:
    host mail.letterpart.com [178.251.239.152]: 530 5.7.1 Client was not authenticated

I know I've mucked up one of the others but I can't remember where or why and as I only ever set up an exchange server every 7 years or so and I can't remember what I had for breakfast last week, I'm pretty clueless here.

Thanks.
0
Comment
Question by:Letterpart
  • 5
  • 2
7 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39201309
Did you want the servers to relay email without authenticating?
If so that means your connector that has been configured to allow relaying isn't restricted properly and Exchange thinks you are trying to use one of the others.

Turning the server in to an open relay is usually done via enabling "Externally Secured".
For sending email to internal users, relaying isn't required, you just need anonymous enabled on the default connector.

For setting up the connector, I always point people at this article: http://semb.ee/apprelay

Simon.
0
 
LVL 1

Author Comment

by:Letterpart
ID: 39201465
Hi Simon,

yes I want the servers on our LAN to be able to send email without authenticating, to both internal and external addresses.

I've got TLS & Externally secured selected in the Authentication tab and Exchange Servers selected in The permission Groups on this connector.

But as soon as I remove 0.0.0.0-255.255.255.255 from the Network I can't send from an external to internal address.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39201783
Externally secured turned on will cause the server to be an open relay, you don't have to enable that. Follow the instructions on the link I have provided, modifying the new connector not the Default or Client Receive Connector.

Simon.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:Letterpart
ID: 39201857
Simon,

I'm not trying to be totally obtuse here but as far as I am aware I have followed the instructions under:

Option 1: Make your new scoped connector an Externally Secured connector

1) ...it is required that you enable the Exchange Servers permission group.

2) Next, continue to the authentication mechanisms page and add the "Externally secured" mechanism. What this means is that you have complete trust that the previously designated IP addresses will be trusted by your organization.

This is how my new Connector is set up. The only difference is that I have 0.0.0.0-255.255.255.255 in the allowed networks as well as my two internal server IP's.

If I remove the  0.0.0.0-255.255.255.255 or  the Externally secured I get:

530 5.7.1 Client was not authenticated when trying to send an email.
0
 
LVL 1

Author Comment

by:Letterpart
ID: 39204128
If I disable my custom connector I get the same error stating that my client was not authenticated.

I'm now assuming that the default connectors have been changed and am trying to find the default settings for 2010 so I can compare them.
0
 
LVL 1

Accepted Solution

by:
Letterpart earned 0 total points
ID: 39204217
Ok.

On the Default Servername connector I have enabled Anonymouse users.

And on the Internal Client Relay I have removed 0.0.0.0-255.255.255.255

Now I am no longer an open relay and my internal scripts can send mails internally and externally.
0
 
LVL 1

Author Closing Comment

by:Letterpart
ID: 39221485
None of the replies provided the answer I required and any further questions asking to clarify points went unanswered.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question