• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 384
  • Last Modified:

Exchange 2010 open relay because of new connector.

Hi,

I have a new Exchange 2010 install that is acting as an open relay.

I have 3 receive connectors, Client Servername, Default Servername and Internal Client Relay.

I added the last one to allow the servers within our network to relay via Exchange so our automated applications could send mail both externally and internally. These servers use Perl & Omnimark to do the sending.

I've attached a Word doc with screenshots of our connectors. If I remove the 0.0.0.0-255.255.255.255 from the Internal Client connector which is what I assume I need to do as I only want machines on the internal network to use this, external users can't email internal users as I get:

SMTP error from remote mail server after MAIL FROM:<info@myexternaldomain.net> SIZE=5605:
    host mail.letterpart.com [178.251.239.152]: 530 5.7.1 Client was not authenticated

I know I've mucked up one of the others but I can't remember where or why and as I only ever set up an exchange server every 7 years or so and I can't remember what I had for breakfast last week, I'm pretty clueless here.

Thanks.
0
Letterpart
Asked:
Letterpart
  • 5
  • 2
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Did you want the servers to relay email without authenticating?
If so that means your connector that has been configured to allow relaying isn't restricted properly and Exchange thinks you are trying to use one of the others.

Turning the server in to an open relay is usually done via enabling "Externally Secured".
For sending email to internal users, relaying isn't required, you just need anonymous enabled on the default connector.

For setting up the connector, I always point people at this article: http://semb.ee/apprelay

Simon.
0
 
LetterpartAuthor Commented:
Hi Simon,

yes I want the servers on our LAN to be able to send email without authenticating, to both internal and external addresses.

I've got TLS & Externally secured selected in the Authentication tab and Exchange Servers selected in The permission Groups on this connector.

But as soon as I remove 0.0.0.0-255.255.255.255 from the Network I can't send from an external to internal address.
0
 
Simon Butler (Sembee)ConsultantCommented:
Externally secured turned on will cause the server to be an open relay, you don't have to enable that. Follow the instructions on the link I have provided, modifying the new connector not the Default or Client Receive Connector.

Simon.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LetterpartAuthor Commented:
Simon,

I'm not trying to be totally obtuse here but as far as I am aware I have followed the instructions under:

Option 1: Make your new scoped connector an Externally Secured connector

1) ...it is required that you enable the Exchange Servers permission group.

2) Next, continue to the authentication mechanisms page and add the "Externally secured" mechanism. What this means is that you have complete trust that the previously designated IP addresses will be trusted by your organization.

This is how my new Connector is set up. The only difference is that I have 0.0.0.0-255.255.255.255 in the allowed networks as well as my two internal server IP's.

If I remove the  0.0.0.0-255.255.255.255 or  the Externally secured I get:

530 5.7.1 Client was not authenticated when trying to send an email.
0
 
LetterpartAuthor Commented:
If I disable my custom connector I get the same error stating that my client was not authenticated.

I'm now assuming that the default connectors have been changed and am trying to find the default settings for 2010 so I can compare them.
0
 
LetterpartAuthor Commented:
Ok.

On the Default Servername connector I have enabled Anonymouse users.

And on the Internal Client Relay I have removed 0.0.0.0-255.255.255.255

Now I am no longer an open relay and my internal scripts can send mails internally and externally.
0
 
LetterpartAuthor Commented:
None of the replies provided the answer I required and any further questions asking to clarify points went unanswered.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now