Everything you need to know about backup and disaster recovery with AWS, for FREE!
Course Of The Month
3 days, 9 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Exchange 2010 - Allow authenticated user to relay as any email address?
Posted on 2016-09-02
I have a vendor that sends notification emails from job applicants through our Exchange 2010 server. Vendor service connects and authenticates as donotreply@ on a separate receive connector on port 587. The vendor service then says the email is from the applicants email address, Exchange says the client doesn't have permission to send and dumps the message. How can I allow an authenticated user to send as anyone?
*,DOMAIN\donotreply,authenticated
>,235 2.7.0 Authentication successful,
<,MAIL FROM: <applicants_email_address@their_domain.com>,
*,08D3D15AAC2344AA;2016-09-02T15:31:08.310Z;1,receiving message
>,250 2.1.0 Sender OK,
,RCPT TO: <LEGIT EXCHANGE USER>,
>,250 2.1.5 Recipient OK,
<,DATA,
>,354 Start mail input; end with <CRLF>.<CRLF>,
>,550 5.7.1 Client does not have permissions to send as this sender,
<,QUIT,
>,221 2.0.0 Service closing transmission channel,
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
2
2
7 Comments
Active today
Hi,
If you want a secure way allow relay only on that particular IP. Detailed step below.
https://www.experts-exchange.com/articles/2666/Allow-relaying-on-Exchange-2007-Exchange-2010-in-4-easy-steps.html
Thanks
MAS
If you want a secure way allow relay only on that particular IP. Detailed step below.
https://www.experts-exchange.com/articles/2666/Allow-relaying-on-Exchange-2007-Exchange-2010-in-4-easy-steps.html
Thanks
MAS
Active today
I read through that and it doesn't quite seem to fit what I am doing.
The vendor is not trying to send emails to an external user, they are trying to send an email to an internal user spoofing an external user.
The vendor is not trying to send emails to an external user, they are trying to send an email to an internal user spoofing an external user.
Active today
This is the commands you have to use
Then run this command to allow relay on that connector
Replace 192.168.1.100 with your Exchange2010 IP
This will work for internal and external.
New-ReceiveConnector -Name AllowRelay -usage Custom -Bindings '192.168.1.100:25' -fqdn server.domain.com -RemoteIPRanges <vendorIP> -server <YOUREXCHANGESERVERNAME> -permissiongroups AnonymousUsers
Then run this command to allow relay on that connector
Get-ReceiveConnector AllowRelay | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
Replace 192.168.1.100 with your Exchange2010 IP
This will work for internal and external.
Active today
Will that make it so authentication won't work any longer? They have their side set up to use authentication to send and I'm trying to work with what they already have set up.
When the connection is authenticated, by default it can only send as that user, there is no mechanism in Exchange to allow an authenticated connection to send as "anything"
This is why MAS suggested setting up a relay connector bound to their exit IP address and to use an anonymous (not authenticated) connection.
You may however have issues if the original senders address is covered with an SPF record.
This is why MAS suggested setting up a relay connector bound to their exit IP address and to use an anonymous (not authenticated) connection.
You may however have issues if the original senders address is covered with an SPF record.
Featured Post
The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.
One of a set of tools we're offering as a way of saying thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.:
Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Servers >> Certificates…
Suggested Courses
Course of the Month3 days, 9 hours left to enroll
Earn Certification
MTA Server Fundamentals Exam 98-365
$59.00$53.10
691 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.