Exchange 2007 Receive Connector - Anonymous Relay Setup

I setup a new receive connector in Exchange 2007 following...... "Option 2: Grant the relay permission to Anonymous on your new scoped connector" from this link.....
http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx

After setting this up and restarting the Exchange Transport Service I tried sending an external email through Exchange from the Application server but I still get the relay bounce back message "#< #5.7.1 smtp;550 5.7.1 Unable to relay> #SMTP#"

When I send an email from the Application Server to an Internal email account the email is processed correctly and when I look in the Exchange message tracking, the Connector ID is the Default Receive connector and not the new Relay Receive connector that I created for this Application Server thus it seems that the Default connector is receiving this mail instead of the New Connector I created.

I really didn't want to mess with the Default Connector and cause a larger issue.  What are my options?
LVL 1
preshomesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

preshomesAuthor Commented:
The Application server is sitting in the DMZ and previously I opened up communication to the email server via Port 25 from DMZ to LAN.

I just noticed that for successful Internal emails from this server the ClientIP is actually coming from the Public IP Address of the DMZ Application Server and not the local 10.10.x.x internal IP address assigned to the Application Server.  

So....I changed the "Remote IP" Address on the connector to the Public IP address of this Application Server instead of the Internal Private address assigned and the mail is now relaying without issue.  I setup the hosts file on this machine to point to the Internal IP address of the Exchange Server.   Any idea why the Client IP is coming in from the Public instead of the Internal Private IP?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ChrisCommented:
what DNS servers is it pointing to, its possible that its going out and back in through the external connection.
What route it is using to get to that network
Also what is the firewall doing with NAT'ing as that could be doing something unexpected. especially if the default route is not going the right way
0
preshomesAuthor Commented:
I too thought it might be going out and back in but....
I have a firewall access rule from the DMZ to the Exchange server over port 25 (allowed) and when I disable this rule the email does not flow. I would assume that if it was going out and back in that the email would still process since I have allowed this public IP???

DNS Servers - Since this is sitting out in the DMZ I am currently pointing the DNS Servers to those of the ISP and not my Internal DNS Servers

As far as NAT...i will look into this further and see how this is getting translated....may be on to something.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Jian An LimSolutions ArchitectCommented:
IP address.
when it goes to default connector, it means the connection do not match the scope connector.  if you provide a specific IP address, it will goes to the scope connector rather than the default connector.

you also can do telnet from the application that send emails
helo and see what the servers see yours
250 <servername> [ipaddress the server thinks you are]
0
Jian An LimSolutions ArchitectCommented:
I personally will create a new scope with IP ACL for external secure and exchange servers rights.
this immediately allows every traffic to flow through (another type of open relay that must secure via IP ACL)
0
ChrisCommented:
i would try pointing it at your internal DNS or at least having host records to resolve the internal mail servers properly.

can you try and tracert to the address from the DMZ server and see what route it takes
or use something like wire shark on both ends to see what the traffic is doing
0
preshomesAuthor Commented:
limjianan - Thank you for your suggestions but I figured out why my DefaultConnector was picking up the mail instead of my new RelayConnector.  Now I am looking into why the public IP is connecting the to the Exchange server rather than the Internal Private IP

irweazelwallis - I have already added/setup my host record to point to and resolve the internal address. It this wasn't configured then the email would not process at all.   tracert returns only 1 Hop directly to Exchange Server proving that it is not going out and back in again.  

The only thing left to resolve is... why Exchange is seeing the Public IP for the DMZ and not the Internal IP of the Application Server.

Another Note: The Exchange Server is using our Internal DNS Servers and resolves the Application server as 10.10.x.x and not the Public IP.
0
ChrisCommented:
ok that sounds good. Have you looked at running a network trace to see whats happening to the traffic
you can use Telnet to send an email and see what it does as it connects

Is there anything in the application that will present details to the exchange server?
0
preshomesAuthor Commented:
Looking within Exchange I found that the Public IP address was being passed instead of the internal IP thus I solved my own issue. I will follow the advice provided by irweazelwallis to try and track down why the Public IP is being passed to the Exchange Server and will setup a new question if needed to solve this new issue.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.