Solved

Authentication problem using Smarthost in Exchange 2010

Posted on 2014-11-08
29
37 Views
Last Modified: 2016-06-15
I use smtp.nyc.rrr.com as my smarthouse in Exhange 2010.  This works fine with no authentication as long as I am connected to the Time Warner Roadrunner network (my ISP).  However, from time to time TWC goes down and I have a dual WAN router with Verizon DSL set up as a failover ISP.

When this happens, TWC RR smtp servers will not relay my outgoing mail.  I input my TWC RR email and password to authenticate but my outgoing mail is still rejected.  I get the following error message:

The following organization rejected your message: dnvrco-oedge03.
junk@rackson.com
dnvrco-oedge03 #554 From address must match authentication [R0107004] ##

I also have a yahoo bixzmail account (smtp.bizmail.yahoo.com) but I can;'t seem to get that to work on either the TWC ISP connection or the Verizon DSL connection.

Can anyone help me?

thanks.

UPDATE:  I think the problem may be that the "from" address on my mail leaving exchange is NOT the email address assigned to me by TWC RR..
0
Comment
Question by:Randy_R
  • 15
  • 7
  • 6
29 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
Comment Utility
Correct.
Your ISP will only allow their own domains to relay through their servers from outside their network.
Inside their network it doesn't matter.

Otherwise spammers would just get a username and password and start spamming through their servers like crazy, which would be impossible to stop.

If you must use a smart host then you will need to use a carrier neutral smart host. This could be one of the SMTP relay/mail hop services or a spam filtering provider.

Simon.
0
 

Author Comment

by:Randy_R
Comment Utility
Do you have any suggestions for me on who I could use?

The "from" address I am sending from is actually a Yahoo bizmail address, so that server should work but requires port 465, which for some reason TWC seems to be blocking?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
I haven't used any dedicated service to be able to recommend one. I have my own server for doing that job. Most clients will be using the outbound server of their filtering provider.

Simon.
0
 

Author Comment

by:Randy_R
Comment Utility
Can a backup smarthost be setup so that should roadrunner fail over to verizon, that smarthost will be used?  I would set verizons smtp serverto be the backup if that can be done.
0
 

Author Comment

by:Randy_R
Comment Utility
Also do you know if twc blocks 465 have another reason why it would seem dead?
0
 

Author Comment

by:Randy_R
Comment Utility
Ok, so I tried yahoo as my smart server (smtp.bizmail.yahoo.com) using the same port, credentials and sender that I use successfully on my phone with this smtp server, and the mail just sits in my exchange queue for that smarthost.

Any idea what is going on?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Just curious? What is the business need for the smart host? Any reason you can't just send directly to the internet?

If you need a smart host you may also want to look at something that does double duty as an outbound message hygiene service like Exchange Online Protection. Can be used for inbound too.

Does all your spam and virus protection for $1 per user/month.

No more worries about smart hosts after that. It will always work.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
I cannot comment on US based ISP behaviour as I am not in the USA, have only been there once and that was over ten years ago. Therefore I have no idea whether they block the port or not. You would have to call their support and ask.

There is also no concept of failover or backup smart host configuration in Exchange, hence the need to use a carrier neutral service. If you configure both smart hosts in Exchange then Exchange will attempt to use both.

Simon.
0
 

Author Comment

by:Randy_R
Comment Utility
Got it Simon.  Thanks. I think I figured it out though. I had a bad dns server entry on the network card of the machine running exchange. I changed that and the yahoo server now works with both isps.I just don't understand how it worked before at all now!
0
 

Author Comment

by:Randy_R
Comment Utility
Oooops!  I spoke too soon.   It does work for the specific user in the domain whose credentials match the authentication credentials entered for the smarthost.  But it does not work for other users in the domain (yahoo bounced those users outgoing email, even though they also have yahoo accounts).  Is there any way around this?

If not, I guess I will just have to update the smarthost manually when TWC goes down to be the Verizon smarthost?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
ISPs smart hosts are not really designed to be used with servers, they are designed for use when end users have a POP3 account and are sending email as themselves. There are usually no work arounds because the ISP wants you on a business class connection.

Do you not have a static IP address?

Simon.
0
 

Author Comment

by:Randy_R
Comment Utility
No.  TWC RR residential.  The ip is fixed for all intents and purposes as it only changes when the router mac interface changes (otherwise always give the same ip) but I don't have access to the ptr record to set up reverse dns.

I guess I'm stuck with manually updating the smarthost during downtime, which is not the biggest deal, but I was hoping to work around it?

Randy
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Any thoughts on my comment as an option?
0
 

Author Comment

by:Randy_R
Comment Utility
You mean Exchange Online Protection?  I don't know anything about it?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 30

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 250 total points
Comment Utility
Its Microsoft's cloud based anti-spam product.
http://products.office.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam

You get the beauty of a message hygiene product for inbound and outbound mail. So you can direct your MX records to EOP. It scans them for spam and viruses and them forwards to your server. If your server or internet connection is down, it will store messages for up to 5 days.

On the flipside you can also use it for outbound virus scanning. That means you can use it for a smarthost. All email comes in through EOP and all mail goes out through EOP. The other beauty of this, is it is highly available. They have datacenters all over the world for EOP.
0
 

Author Comment

by:Randy_R
Comment Utility
Definitely sounds interesting.  I'm not really worried about viruses as I filter all my mail through yahoo who hosts the domain, but a multi-isp smarthost server would be great.  I assume you can use it only for outbound Simon?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
A carrier neutral smart host would be for outbound email only.
Something like Microsoft Online protection would be for inbound and outbound.

Simon.
0
 

Author Comment

by:Randy_R
Comment Utility
I would have to use it for both Simon?  I couldn't just set up the outbound and not the inbound?

In terms of carrier neutral hosts, do you know of any?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
You could use it for just outbound email, depends whether you are paying for just email delivery or something extra. If you went with the suggestions of a filtering service, then it doesn't make sense to pay for that and not use it.

As for service suggestions, I have none that I can recommend as I have my own server to do the job. There are quite a few of them around though - as I suggested above, google for mail hop or SMTP relay services.

Simon.
0
 

Author Comment

by:Randy_R
Comment Utility
I looked into EOP, but there is a problem.  I was able to authenticate that I own my domain, but the inbound connector which accepts outbound mail from my server wants a fixed ip (or series of fixed ips).  The whole reason I need a smarthost to begin with is that my ip is dynamic, so it looks like this solution won't work for me.

I do have a mail certificate, but I think it is faulty.  There is an option to use that instead of an ip.  Do you think it would work?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Ah ok. This all makes sense. You did mention residential ISP.

I believe EOP wants a fixed IP for outbound as well.

Is this for a home based business or is it for a lab? Just curious as to the business need.

If a home based business, you may be better served just moving to Exchange Online Plan 1. Which is $4 per user/month. Gives you 50GB mailboxes in the Cloud and all the benefits of Exchange Server. Actually Exchange Online gets new features before on premise does. The only disadvantage is you do give up some control. But then the positive is your mail environment is fully redundant across multiple datacenters.
0
 

Author Comment

by:Randy_R
Comment Utility
It's a home business Gateth.  We run an exchange server as most of our mail is in house and I like having the control here and easy access to each others calendars.  I've found a mail relay service called EasySMTP, which claims to provide a free relay for the volume of outbound mail we send.  Do you know anything about it?

Again, this is only to provide automatic failover when TWC RR goes down, which is not all that frequent.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
This is one thing I wouldn't want to use a free service for.
Free services get abused, which gets them blacklisted. I have never heard of that service myself.

Another option to consider is putting the server in a data centre. Then all you are doing is connecting to it over the internet - it doesn't matter how.

Simon.
0
 

Author Comment

by:Randy_R
Comment Utility
Easy-DNS is run by ReachMail, which seems to have a good reputation, no?
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Haven't heard of those guys either.
0
 

Author Comment

by:Randy_R
Comment Utility
I think my best route is just to switch my smarthost to my backup isp smtp server manually in the event of a failure.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Seems like might be the only solution. I would definitely look at Office 365 though.
0
 

Author Comment

by:Randy_R
Comment Utility
Thanks Gareth.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
how to add IIS SMTP to handle application/Scanner relays into office 365.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now