• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 140
  • Last Modified:

Receive Connector Issues with Exchange 2013

Exchange 2013 in regards to Receive Connectors is really confusing me.  It appears by default that it is basically an open relay. I'm showing it allowing any IP address to relay through it and had tested that internally through telnet.  I than have issues with our spam filter getting connection refused when connecting to it, so I'm not sure whats going on.  I created a separate send connector just for the Barraucda and set it to anonymous and ran the exchange shell command to really allow the anonymous logon and still get connection refused.
0
Chris Rice
Asked:
Chris Rice
  • 5
  • 2
  • 2
  • +1
1 Solution
 
Benjamin MOREAUProject ManagerCommented:
The default receive connector is not open relay. It accept only SMTP mails for local mailboxes. If your try to send mail with your receive connector to an outside mail; it will not work.

If you want to do open relay, you have to add rights on your recevice connector with powershell.
0
 
Chris RiceAuthor Commented:
I'm confused as why I can telnet to the exchange server from devices on the network through port 25. However I can't from our Barracuda for some reason. Hoping to put this into production tonight but have seen odd send/receive issues with 2013 so far
0
 
Benjamin MOREAUProject ManagerCommented:
You Can connect to port 25 but you Can only send mail to local user.

Exchange have to accept communication on port 25 from all client. It is normal for a mail server.

If only barracuda send mail to exchange, you Can add a receive connector only for tour barracuda ip with anonymous accès allowed.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Chris RiceAuthor Commented:
Yeah I tried that and still got connection refused
0
 
Satya PathakLead Technical ConsultantCommented:
0
 
Satya PathakLead Technical ConsultantCommented:
0
 
Chris RiceAuthor Commented:
I've seen both of those articles.  The Barracuda picks up external e-mail and sends it to the Exchange servers, so I think the default connector should work.  Earlier when I tested on a internal server I was able to telnet to port 25 fine, but now I get connection refused like I do from the Barracuda, so I'm not sure whats going on...
0
 
Chris RiceAuthor Commented:
I think I found the issue.  This customer I'm working with had some odd lan to lan firewall rule with port 25.  I disabled it and was able to connect from Barracuda to 2013 server
0
 
VB ITSSpecialist ConsultantCommented:
You may want to look at limiting the use of the open relay connector to only Barracuda's IP addresses (which you can get from them) and your Exchange server. Add any network devices that also need to relay through your server but that's it. This will prevent your server from getting added to any blacklists in case a machine in your network gets infected and tries to send out spam through your server.
0
 
Chris RiceAuthor Commented:
I would do that with the default frontend receive connector and remove the 0.0.0.0-255.255.255.255 ? I normally created separate ones with 2007 and 2010 having hub transport server usually separate and left the default there, but I was attempting that with this setup having both roles on one server and it seemed to mess things up with mail flow.
0
 
VB ITSSpecialist ConsultantCommented:
Ah, OK. I think I understand what may have happened now. In Exchange 2013 the Transport architecture has changed from what we have been used to with the previous versions of Exchange (i.e. 2007 and 2010). Have a read of these articles to help you get a better idea:
https://exchangemaster.wordpress.com/2014/01/24/incorrectly-adding-new-receive-connector-breaks-exchange-2013-transport/
http://exchangeserverpro.com/exchange-2013-configure-smtp-relay-connector/
http://himmetyildiz.blogspot.com.au/2013/07/how-to-create-anonymous-relay-send.html

What this means is you can still create additional custom receive connectors for anonymous relay, you just need to associate them to the correct Transport Role. I believe the first article explains it best so have a read and let me know if you have any questions.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now