Solved

Exchange 2010 open relay because of new connector.

Posted on 2013-05-28
7
347 Views
Last Modified: 2013-06-05
Hi,

I have a new Exchange 2010 install that is acting as an open relay.

I have 3 receive connectors, Client Servername, Default Servername and Internal Client Relay.

I added the last one to allow the servers within our network to relay via Exchange so our automated applications could send mail both externally and internally. These servers use Perl & Omnimark to do the sending.

I've attached a Word doc with screenshots of our connectors. If I remove the 0.0.0.0-255.255.255.255 from the Internal Client connector which is what I assume I need to do as I only want machines on the internal network to use this, external users can't email internal users as I get:

SMTP error from remote mail server after MAIL FROM:<info@myexternaldomain.net> SIZE=5605:
    host mail.letterpart.com [178.251.239.152]: 530 5.7.1 Client was not authenticated

I know I've mucked up one of the others but I can't remember where or why and as I only ever set up an exchange server every 7 years or so and I can't remember what I had for breakfast last week, I'm pretty clueless here.

Thanks.
0
Comment
Question by:Letterpart
  • 5
  • 2
7 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39201309
Did you want the servers to relay email without authenticating?
If so that means your connector that has been configured to allow relaying isn't restricted properly and Exchange thinks you are trying to use one of the others.

Turning the server in to an open relay is usually done via enabling "Externally Secured".
For sending email to internal users, relaying isn't required, you just need anonymous enabled on the default connector.

For setting up the connector, I always point people at this article: http://semb.ee/apprelay

Simon.
0
 
LVL 1

Author Comment

by:Letterpart
ID: 39201465
Hi Simon,

yes I want the servers on our LAN to be able to send email without authenticating, to both internal and external addresses.

I've got TLS & Externally secured selected in the Authentication tab and Exchange Servers selected in The permission Groups on this connector.

But as soon as I remove 0.0.0.0-255.255.255.255 from the Network I can't send from an external to internal address.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39201783
Externally secured turned on will cause the server to be an open relay, you don't have to enable that. Follow the instructions on the link I have provided, modifying the new connector not the Default or Client Receive Connector.

Simon.
0
Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

 
LVL 1

Author Comment

by:Letterpart
ID: 39201857
Simon,

I'm not trying to be totally obtuse here but as far as I am aware I have followed the instructions under:

Option 1: Make your new scoped connector an Externally Secured connector

1) ...it is required that you enable the Exchange Servers permission group.

2) Next, continue to the authentication mechanisms page and add the "Externally secured" mechanism. What this means is that you have complete trust that the previously designated IP addresses will be trusted by your organization.

This is how my new Connector is set up. The only difference is that I have 0.0.0.0-255.255.255.255 in the allowed networks as well as my two internal server IP's.

If I remove the  0.0.0.0-255.255.255.255 or  the Externally secured I get:

530 5.7.1 Client was not authenticated when trying to send an email.
0
 
LVL 1

Author Comment

by:Letterpart
ID: 39204128
If I disable my custom connector I get the same error stating that my client was not authenticated.

I'm now assuming that the default connectors have been changed and am trying to find the default settings for 2010 so I can compare them.
0
 
LVL 1

Accepted Solution

by:
Letterpart earned 0 total points
ID: 39204217
Ok.

On the Default Servername connector I have enabled Anonymouse users.

And on the Internal Client Relay I have removed 0.0.0.0-255.255.255.255

Now I am no longer an open relay and my internal scripts can send mails internally and externally.
0
 
LVL 1

Author Closing Comment

by:Letterpart
ID: 39221485
None of the replies provided the answer I required and any further questions asking to clarify points went unanswered.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now