?
Solved

Exchange 2007 Receive Connector - Anonymous Relay Setup

Posted on 2014-08-27
9
Medium Priority
?
314 Views
Last Modified: 2014-09-07
I setup a new receive connector in Exchange 2007 following...... "Option 2: Grant the relay permission to Anonymous on your new scoped connector" from this link.....
http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx

After setting this up and restarting the Exchange Transport Service I tried sending an external email through Exchange from the Application server but I still get the relay bounce back message "#< #5.7.1 smtp;550 5.7.1 Unable to relay> #SMTP#"

When I send an email from the Application Server to an Internal email account the email is processed correctly and when I look in the Exchange message tracking, the Connector ID is the Default Receive connector and not the new Relay Receive connector that I created for this Application Server thus it seems that the Default connector is receiving this mail instead of the New Connector I created.

I really didn't want to mess with the Default Connector and cause a larger issue.  What are my options?
0
Comment
Question by:preshomes
  • 4
  • 3
  • 2
9 Comments
 
LVL 1

Accepted Solution

by:
preshomes earned 0 total points
ID: 40289510
The Application server is sitting in the DMZ and previously I opened up communication to the email server via Port 25 from DMZ to LAN.

I just noticed that for successful Internal emails from this server the ClientIP is actually coming from the Public IP Address of the DMZ Application Server and not the local 10.10.x.x internal IP address assigned to the Application Server.  

So....I changed the "Remote IP" Address on the connector to the Public IP address of this Application Server instead of the Internal Private address assigned and the mail is now relaying without issue.  I setup the hosts file on this machine to point to the Internal IP address of the Exchange Server.   Any idea why the Client IP is coming in from the Public instead of the Internal Private IP?
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 40290410
what DNS servers is it pointing to, its possible that its going out and back in through the external connection.
What route it is using to get to that network
Also what is the firewall doing with NAT'ing as that could be doing something unexpected. especially if the default route is not going the right way
0
 
LVL 1

Author Comment

by:preshomes
ID: 40290445
I too thought it might be going out and back in but....
I have a firewall access rule from the DMZ to the Exchange server over port 25 (allowed) and when I disable this rule the email does not flow. I would assume that if it was going out and back in that the email would still process since I have allowed this public IP???

DNS Servers - Since this is sitting out in the DMZ I am currently pointing the DNS Servers to those of the ISP and not my Internal DNS Servers

As far as NAT...i will look into this further and see how this is getting translated....may be on to something.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 37

Expert Comment

by:Jian An Lim
ID: 40291841
IP address.
when it goes to default connector, it means the connection do not match the scope connector.  if you provide a specific IP address, it will goes to the scope connector rather than the default connector.

you also can do telnet from the application that send emails
helo and see what the servers see yours
250 <servername> [ipaddress the server thinks you are]
0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 40291844
I personally will create a new scope with IP ACL for external secure and exchange servers rights.
this immediately allows every traffic to flow through (another type of open relay that must secure via IP ACL)
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 40292083
i would try pointing it at your internal DNS or at least having host records to resolve the internal mail servers properly.

can you try and tracert to the address from the DMZ server and see what route it takes
or use something like wire shark on both ends to see what the traffic is doing
0
 
LVL 1

Author Comment

by:preshomes
ID: 40292463
limjianan - Thank you for your suggestions but I figured out why my DefaultConnector was picking up the mail instead of my new RelayConnector.  Now I am looking into why the public IP is connecting the to the Exchange server rather than the Internal Private IP

irweazelwallis - I have already added/setup my host record to point to and resolve the internal address. It this wasn't configured then the email would not process at all.   tracert returns only 1 Hop directly to Exchange Server proving that it is not going out and back in again.  

The only thing left to resolve is... why Exchange is seeing the Public IP for the DMZ and not the Internal IP of the Application Server.

Another Note: The Exchange Server is using our Internal DNS Servers and resolves the Application server as 10.10.x.x and not the Public IP.
0
 
LVL 18

Assisted Solution

by:irweazelwallis
irweazelwallis earned 1500 total points
ID: 40292581
ok that sounds good. Have you looked at running a network trace to see whats happening to the traffic
you can use Telnet to send an email and see what it does as it connects

Is there anything in the application that will present details to the exchange server?
0
 
LVL 1

Author Closing Comment

by:preshomes
ID: 40308381
Looking within Exchange I found that the Public IP address was being passed instead of the internal IP thus I solved my own issue. I will follow the advice provided by irweazelwallis to try and track down why the Public IP is being passed to the Exchange Server and will setup a new question if needed to solve this new issue.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question