Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Exchange 2010 open relay because of new connector.

Posted on 2013-05-28
Medium Priority
Last Modified: 2013-06-05

I have a new Exchange 2010 install that is acting as an open relay.

I have 3 receive connectors, Client Servername, Default Servername and Internal Client Relay.

I added the last one to allow the servers within our network to relay via Exchange so our automated applications could send mail both externally and internally. These servers use Perl & Omnimark to do the sending.

I've attached a Word doc with screenshots of our connectors. If I remove the from the Internal Client connector which is what I assume I need to do as I only want machines on the internal network to use this, external users can't email internal users as I get:

SMTP error from remote mail server after MAIL FROM:<> SIZE=5605:
    host []: 530 5.7.1 Client was not authenticated

I know I've mucked up one of the others but I can't remember where or why and as I only ever set up an exchange server every 7 years or so and I can't remember what I had for breakfast last week, I'm pretty clueless here.

Question by:Letterpart
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39201309
Did you want the servers to relay email without authenticating?
If so that means your connector that has been configured to allow relaying isn't restricted properly and Exchange thinks you are trying to use one of the others.

Turning the server in to an open relay is usually done via enabling "Externally Secured".
For sending email to internal users, relaying isn't required, you just need anonymous enabled on the default connector.

For setting up the connector, I always point people at this article:


Author Comment

ID: 39201465
Hi Simon,

yes I want the servers on our LAN to be able to send email without authenticating, to both internal and external addresses.

I've got TLS & Externally secured selected in the Authentication tab and Exchange Servers selected in The permission Groups on this connector.

But as soon as I remove from the Network I can't send from an external to internal address.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39201783
Externally secured turned on will cause the server to be an open relay, you don't have to enable that. Follow the instructions on the link I have provided, modifying the new connector not the Default or Client Receive Connector.

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!


Author Comment

ID: 39201857

I'm not trying to be totally obtuse here but as far as I am aware I have followed the instructions under:

Option 1: Make your new scoped connector an Externally Secured connector

1) is required that you enable the Exchange Servers permission group.

2) Next, continue to the authentication mechanisms page and add the "Externally secured" mechanism. What this means is that you have complete trust that the previously designated IP addresses will be trusted by your organization.

This is how my new Connector is set up. The only difference is that I have in the allowed networks as well as my two internal server IP's.

If I remove the or  the Externally secured I get:

530 5.7.1 Client was not authenticated when trying to send an email.

Author Comment

ID: 39204128
If I disable my custom connector I get the same error stating that my client was not authenticated.

I'm now assuming that the default connectors have been changed and am trying to find the default settings for 2010 so I can compare them.

Accepted Solution

Letterpart earned 0 total points
ID: 39204217

On the Default Servername connector I have enabled Anonymouse users.

And on the Internal Client Relay I have removed

Now I am no longer an open relay and my internal scripts can send mails internally and externally.

Author Closing Comment

ID: 39221485
None of the replies provided the answer I required and any further questions asking to clarify points went unanswered.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question