Solved

Authentication problem using Smarthost in Exchange 2010

Posted on 2014-11-08
29
47 Views
Last Modified: 2016-06-15
I use smtp.nyc.rrr.com as my smarthouse in Exhange 2010.  This works fine with no authentication as long as I am connected to the Time Warner Roadrunner network (my ISP).  However, from time to time TWC goes down and I have a dual WAN router with Verizon DSL set up as a failover ISP.

When this happens, TWC RR smtp servers will not relay my outgoing mail.  I input my TWC RR email and password to authenticate but my outgoing mail is still rejected.  I get the following error message:

The following organization rejected your message: dnvrco-oedge03.
junk@rackson.com
dnvrco-oedge03 #554 From address must match authentication [R0107004] ##

I also have a yahoo bixzmail account (smtp.bizmail.yahoo.com) but I can;'t seem to get that to work on either the TWC ISP connection or the Verizon DSL connection.

Can anyone help me?

thanks.

UPDATE:  I think the problem may be that the "from" address on my mail leaving exchange is NOT the email address assigned to me by TWC RR..
0
Comment
Question by:Randy_R
  • 15
  • 7
  • 6
29 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 250 total points
ID: 40430391
Correct.
Your ISP will only allow their own domains to relay through their servers from outside their network.
Inside their network it doesn't matter.

Otherwise spammers would just get a username and password and start spamming through their servers like crazy, which would be impossible to stop.

If you must use a smart host then you will need to use a carrier neutral smart host. This could be one of the SMTP relay/mail hop services or a spam filtering provider.

Simon.
0
 

Author Comment

by:Randy_R
ID: 40430398
Do you have any suggestions for me on who I could use?

The "from" address I am sending from is actually a Yahoo bizmail address, so that server should work but requires port 465, which for some reason TWC seems to be blocking?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40430577
I haven't used any dedicated service to be able to recommend one. I have my own server for doing that job. Most clients will be using the outbound server of their filtering provider.

Simon.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Randy_R
ID: 40430579
Can a backup smarthost be setup so that should roadrunner fail over to verizon, that smarthost will be used?  I would set verizons smtp serverto be the backup if that can be done.
0
 

Author Comment

by:Randy_R
ID: 40430580
Also do you know if twc blocks 465 have another reason why it would seem dead?
0
 

Author Comment

by:Randy_R
ID: 40430695
Ok, so I tried yahoo as my smart server (smtp.bizmail.yahoo.com) using the same port, credentials and sender that I use successfully on my phone with this smtp server, and the mail just sits in my exchange queue for that smarthost.

Any idea what is going on?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40430784
Just curious? What is the business need for the smart host? Any reason you can't just send directly to the internet?

If you need a smart host you may also want to look at something that does double duty as an outbound message hygiene service like Exchange Online Protection. Can be used for inbound too.

Does all your spam and virus protection for $1 per user/month.

No more worries about smart hosts after that. It will always work.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40431004
I cannot comment on US based ISP behaviour as I am not in the USA, have only been there once and that was over ten years ago. Therefore I have no idea whether they block the port or not. You would have to call their support and ask.

There is also no concept of failover or backup smart host configuration in Exchange, hence the need to use a carrier neutral service. If you configure both smart hosts in Exchange then Exchange will attempt to use both.

Simon.
0
 

Author Comment

by:Randy_R
ID: 40431105
Got it Simon.  Thanks. I think I figured it out though. I had a bad dns server entry on the network card of the machine running exchange. I changed that and the yahoo server now works with both isps.I just don't understand how it worked before at all now!
0
 

Author Comment

by:Randy_R
ID: 40431223
Oooops!  I spoke too soon.   It does work for the specific user in the domain whose credentials match the authentication credentials entered for the smarthost.  But it does not work for other users in the domain (yahoo bounced those users outgoing email, even though they also have yahoo accounts).  Is there any way around this?

If not, I guess I will just have to update the smarthost manually when TWC goes down to be the Verizon smarthost?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40431332
ISPs smart hosts are not really designed to be used with servers, they are designed for use when end users have a POP3 account and are sending email as themselves. There are usually no work arounds because the ISP wants you on a business class connection.

Do you not have a static IP address?

Simon.
0
 

Author Comment

by:Randy_R
ID: 40431341
No.  TWC RR residential.  The ip is fixed for all intents and purposes as it only changes when the router mac interface changes (otherwise always give the same ip) but I don't have access to the ptr record to set up reverse dns.

I guess I'm stuck with manually updating the smarthost during downtime, which is not the biggest deal, but I was hoping to work around it?

Randy
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40431391
Any thoughts on my comment as an option?
0
 

Author Comment

by:Randy_R
ID: 40431397
You mean Exchange Online Protection?  I don't know anything about it?
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 250 total points
ID: 40431404
Its Microsoft's cloud based anti-spam product.
http://products.office.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam

You get the beauty of a message hygiene product for inbound and outbound mail. So you can direct your MX records to EOP. It scans them for spam and viruses and them forwards to your server. If your server or internet connection is down, it will store messages for up to 5 days.

On the flipside you can also use it for outbound virus scanning. That means you can use it for a smarthost. All email comes in through EOP and all mail goes out through EOP. The other beauty of this, is it is highly available. They have datacenters all over the world for EOP.
0
 

Author Comment

by:Randy_R
ID: 40431408
Definitely sounds interesting.  I'm not really worried about viruses as I filter all my mail through yahoo who hosts the domain, but a multi-isp smarthost server would be great.  I assume you can use it only for outbound Simon?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40431557
A carrier neutral smart host would be for outbound email only.
Something like Microsoft Online protection would be for inbound and outbound.

Simon.
0
 

Author Comment

by:Randy_R
ID: 40431561
I would have to use it for both Simon?  I couldn't just set up the outbound and not the inbound?

In terms of carrier neutral hosts, do you know of any?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40432395
You could use it for just outbound email, depends whether you are paying for just email delivery or something extra. If you went with the suggestions of a filtering service, then it doesn't make sense to pay for that and not use it.

As for service suggestions, I have none that I can recommend as I have my own server to do the job. There are quite a few of them around though - as I suggested above, google for mail hop or SMTP relay services.

Simon.
0
 

Author Comment

by:Randy_R
ID: 40435248
I looked into EOP, but there is a problem.  I was able to authenticate that I own my domain, but the inbound connector which accepts outbound mail from my server wants a fixed ip (or series of fixed ips).  The whole reason I need a smarthost to begin with is that my ip is dynamic, so it looks like this solution won't work for me.

I do have a mail certificate, but I think it is faulty.  There is an option to use that instead of an ip.  Do you think it would work?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40435313
Ah ok. This all makes sense. You did mention residential ISP.

I believe EOP wants a fixed IP for outbound as well.

Is this for a home based business or is it for a lab? Just curious as to the business need.

If a home based business, you may be better served just moving to Exchange Online Plan 1. Which is $4 per user/month. Gives you 50GB mailboxes in the Cloud and all the benefits of Exchange Server. Actually Exchange Online gets new features before on premise does. The only disadvantage is you do give up some control. But then the positive is your mail environment is fully redundant across multiple datacenters.
0
 

Author Comment

by:Randy_R
ID: 40435334
It's a home business Gateth.  We run an exchange server as most of our mail is in house and I like having the control here and easy access to each others calendars.  I've found a mail relay service called EasySMTP, which claims to provide a free relay for the volume of outbound mail we send.  Do you know anything about it?

Again, this is only to provide automatic failover when TWC RR goes down, which is not all that frequent.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40435634
This is one thing I wouldn't want to use a free service for.
Free services get abused, which gets them blacklisted. I have never heard of that service myself.

Another option to consider is putting the server in a data centre. Then all you are doing is connecting to it over the internet - it doesn't matter how.

Simon.
0
 

Author Comment

by:Randy_R
ID: 40435658
Easy-DNS is run by ReachMail, which seems to have a good reputation, no?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40436358
Haven't heard of those guys either.
0
 

Author Comment

by:Randy_R
ID: 40436366
I think my best route is just to switch my smarthost to my backup isp smtp server manually in the event of a failure.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40436534
Seems like might be the only solution. I would definitely look at Office 365 though.
0
 

Author Comment

by:Randy_R
ID: 40436555
Thanks Gareth.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Read this checklist to learn more about the 15 things you should never include in an email signature.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question