Can't Send or receive external emails in exchange 07
i have just configured a new exchange 07 server i made the neccsary changes to the firewall to allow emails but it wont let me receive them i have pointed my mx record to this new server and i have tried setting up the accepted domains with many differant setting non have workedso iset back to my default domain
September 6th, 2006 10:55pm

What types of errors or NDRs are you getting?
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2006 6:54pm

Hi Doctorw, In a single-server Exchange 2007 setup you'll need to allow annonymous connections on your default receive connector. By defaultExchange 2007 servers not running the Edge Transport rolewill only accept inbound smtp connections from Exchange Users (clients), Exchange Servers (other Exchange 2007 servers)and Exchange Legacy Servers (legacy Exchange 2003 & below servers). To allow annonymous smtp connections for your server, run the following management shell command: Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionsGroup "AnonymousUsers" As for not being able to send external email, have you configured a Send Connector? This is done through Organizational Configuration->Hub Transport->Send Connectors, or by using the management shell command New-SendConnector. Hope this helps, Rob Costello
September 15th, 2006 3:27pm

Rob, you have a small syntax error: The command should read: Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionGroups "AnonymousUsers" ( PermissionsGroup -->PermissionGroups ) Marc
Free Windows Admin Tool Kit Click here and download it now
October 17th, 2006 10:07pm

Thank you so much for the information. This solved my problem. Now my question would be this. At this point in time I have no edge transport server which is why this information helped. In the next couple of days i will be getting a machine setup to function as the edge transport server. So if i want to remove the allow anonymous user so that the edge transport server can function properly how would i go about doing this? Thanks again for the valuable information.
October 27th, 2006 5:27pm

Marc & Rob, Thanks for your help. I had the same issue. I installed Windows 2003 R2 and installed Exchange 2007 beta. I could not receive or send any email to outside world. After giving permissions to anonymous users, I can receive emails from external world but looks like I can not still send out emails. I will appreciate your help.
Free Windows Admin Tool Kit Click here and download it now
December 25th, 2006 6:25pm

You should add a send connector to your Exchange server. In the Exchange Management Console, go to Organization Configuration -> Hub Transport. In the Action Panel choose: "New Send Connector" Go through the Wizard. In the Address Space you have to choose "*" if you want to send email to every domain. Hope this one help
January 18th, 2007 7:48pm

I was reading the above as I too am having the same problem. Although when I run the shell cmd I get double arrows and a flashing cusor. Now what???? I am sorry but I am really new to this. any help would be great. Thanks.
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2007 10:17pm

Thanks a lot, This was the solution! The external clients are unable to send email to us, they received the following errors like: The mail systemxxxx@xxxx.xxx: host 1.1.1.1[1.1.1.1] said: 530 5.7.1 Client was not authenticated (in reply to MAIL FROM command) Once we had anonymouse-fixed, everything went smootly.
April 1st, 2007 9:57pm

Since you have this set to AnonymousUsers, will people be able to use your Exchange server as a pass through (relay) for SPAM? or does this prevent relays from happening.Rick
Free Windows Admin Tool Kit Click here and download it now
April 10th, 2007 5:51pm

if you did not get it figured out try this: the double arrows indicate the command is not compete as far as I can tell and is awaiting further input [MSH] C:\>Set-ReceiveConnector -Identity "<name of receive connector>" -PermissionGroups AnonymousUsers you can get the name of the receive connector from the properties of it from the gui hope this helps, there is a good example if you use the help fil-- search for set-receiveconnector
April 17th, 2007 3:42am

fyi this is the onlysyntax that worked for me... Set-ReceiveConnector -Identity main\default* -PermissionGroups "AnonymousUsers"
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2007 6:59am

I've got some issues with this approach. I've done what is mentioned here, and I'm now relaying mail for someone. I did the anonyomous on the receive connector first, and I noticed my queues were filling up. So I did the send connector and the mail out left. I disabled the send connector and again the queue starts filling up. All the relayed mail is from user <> in the queue. At abuse.net the script didn't get through the first 5 tests, but the 6th was a maybe. Someone is defianlty using this test server to relay through. What could I be missing? We've kept the send connector disabled and just delete the emails because we know that they are not ours.
April 19th, 2007 8:00pm

Thanks solved my problem
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2007 4:51pm

I agree if you set it to anonymous, your server will become a relay agent. I tested this using telnet and my exchange 2007 server accepted the mail from: adddress from any email address i put in there. Does anyone know a soulution to this??
July 5th, 2007 11:23pm

Does anyone know the answer to this? I am very interested in the response to see if there is any way once changing this setting can you STOP the open relay. That would kind of defeat the purpose dont you think? Any helpful reply to this would be greatly appreciated. Cheers Ross
Free Windows Admin Tool Kit Click here and download it now
November 6th, 2007 11:20pm

Hello, I don't have your response but i think that you can usethis workaround : Active the Antispam agent, on this one you can configure : The Recipient filtering with the "Block messages sent to recipients not listed inthe GAL" => it's good but it's send a NDR message to sender. You can use the senders filtering too : "Block messages from the following senders" in fact, it's impossible too receive an email from internet that have your dns domain. And "Block the messages from blank senders too" And you can use the Content filtering too, and configure the rate of SCL that you want to use, i preconize you to test this level with the quarantaine mailbox to adjust like you want and limit the falsepositve mails. I hope that it help you, Cordialy,
November 22nd, 2007 6:47pm

Accepting email from any address doesn't make you a spam relay. However, letting people send to any email address via your server does. That's why you have to restrict what domains your server accepts mail for in Organization Configuration -> Hub Transport -> Accepted Domains.IceColdEuro
Free Windows Admin Tool Kit Click here and download it now
November 25th, 2007 4:21pm

My situation is different, yet same error...cannot send to outside world. Using an external SMTP server andEdge Server. I send email out to the edge server and then out to the smtp server. I want connections and access secured all the way to the SMTP server sinceit is internal. How do I setup? I followed Microsoft'sinstructions...doesn't work.
November 25th, 2007 6:51pm

Good day Naugtyboy119,Thanks for your help...Just follow your advice...and walla....I can receive and send email...to and from the internet...Thanks again...
Free Windows Admin Tool Kit Click here and download it now
March 10th, 2008 11:22am

Great posts and advice.. This fixed my issue! Rock on
April 4th, 2008 6:00pm

Just to clarify a few things. MSFT is trying VERY hard to be secure by default. To that end when you stand up a new Exchange 2007 Hub Transport server role, it doesn't allow un-authenticated/anonymous communication. This means that by default it will not be allowed to accept email from the outside world, until you go tell it to accept anonymous authentication. You can do this through the GUI now as well. Once you turn on anonymous authentication on the receive connector, all you are doing is allowing people to hand your Exchange server email w/o having to authenticate to it first. Exchange still checks to see what it should do with the mail. By default Exchange will only accept email for domains listed in the "Accepted Domains" tab. For the person seeing messages being generated from the <> person - this is most likely your server's System Attendant service acutally NDR'ing the message back to the originator. Meaning the email address they were sending the email to didn't exist, but the @domain.com was valid, so the System Attendant is trying to return the mail to them. The problem is that most of the FROM addresses it's trying to reply to are faked, so they sit in your queue until they expire. The only way to get rid of a lot of the <> messages from building up in your queue is to either use the Edge server role to block messages coming into your Org that don't have email addresses in the directory, or to install the actual anti-spam agent on your Exchange 2007 Hub Transport role (http://support.microsoft.com/kb/555924) and tell it to "Block messages sent to recipients not listed in the Global Address List". This will cause the server to actually reject the message as the remote email server tries to hand it in (some security people don't like this feature though as they believe this will aide spammers in directory harvesting, but I personally don't see the need to accept email just to have it sit in a queue somewhere). Now by default Exchange 2007 will NOT relay messages unless you tell it to. Telling it to allow incoming anonymous connections on the default recieve connector does not mean those outside server can relay through it OTHER domains. They can only connect to your server and send email in to the domains in the "Accepted Domains" tab. So unless you added more domains to your Accepted Domains and configured them as relays (I saw someone once configure * as an external relay which was a bad mistake IMHO), then you have nothign to worry about. BTW here is how the MS Exchange team says to configure relays in 2007 (yes it's a bit cryptic unlike 2003 sadly): http://msexchangeteam.com/archive/2006/12/28/432013.aspx And don't take my word for it. Try using an SMTP mail client (I like the command line tool Postie) to send an email test through your server with a foriegn domain name. You should get: Status: 550 5.7.1 Unable to relay Good luck
Free Windows Admin Tool Kit Click here and download it now
April 9th, 2008 4:47pm

Just to clarify a few things. MSFT is trying VERY hard to be secure by default. To that end when you stand up a new Exchange 2007 Hub Transport server role, it doesn't allow un-authenticated/anonymous communication. This means that by default it will not be allowed to accept email from the outside world, until you go tell it to accept anonymous authentication. You can do this through the GUI now as well. Once you turn on anonymous authentication on the receive connector, all you are doing is allowing people to hand your Exchange server email w/o having to authenticate to it first. Exchange still checks to see what it should do with the mail. By default Exchange will only accept email for domains listed in the "Accepted Domains" tab. For the person seeing messages being generated from the <> person - this is most likely your server's System Attendant service acutally NDR'ing the message back to the originator. Meaning the email address they were sending the email to didn't exist, but the @domain.com was valid, so the System Attendant is trying to return the mail to them. The problem is that most of the FROM addresses it's trying to reply to are faked, so they sit in your queue until they expire. The only way to get rid of a lot of the <> messages from building up in your queue is to either use the Edge server role to block messages coming into your Org that don't have email addresses in the directory, or to install the actual anti-spam agent on your Exchange 2007 Hub Transport role (http://support.microsoft.com/kb/555924) and tell it to "Block messages sent to recipients not listed in the Global Address List". This will cause the server to actually reject the message as the remote email server tries to hand it in (some security people don't like this feature though as they believe this will aide spammers in directory harvesting, but I personally don't see the need to accept email just to have it sit in a queue somewhere). Now by default Exchange 2007 will NOT relay messages unless you tell it to. Telling it to allow incoming anonymous connections on the default recieve connector does not mean those outside server can relay through it OTHER domains. They can only connect to your server and send email in to the domains in the "Accepted Domains" tab. So unless you added more domains to your Accepted Domains and configured them as relays (I saw someone once configure * as an external relay which was a bad mistake IMHO), then you have nothign to worry about. BTW here is how the MS Exchange team says to configure relays in 2007 (yes it's a bit cryptic unlike 2003 sadly): http://msexchangeteam.com/archive/2006/12/28/432013.aspx And don't take my word for it. Try using an SMTP mail client (I like the command line tool Postie) to send an email test through your server with a foriegn domain name. You should get: Status: 550 5.7.1 Unable to relay Good luck
April 9th, 2008 4:47pm

you can restrict the receive connector by IP address. default is all IP's. Incidentally, I've added anonymous, but still get 5.7.1 client was not authenticated
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2008 4:25pm

Hi everyone. Thanks for all this great information, it has been very helpful. Whenever I try to implement the command "Set-ReceiveConnector -Identity "Default <ServerName> -PermissionGroups "AnonymousUsers"" I get the default object does not exist. I tried to use the command "New-ReceiveConnector -Name Default" to create a new receive connector with default bindings (0.0.0.0:25) and ip address range (0.0.0.0-255.255.255.255). I am not sure why this is occuring, as I believe I am following all the directions above correctly. If anyone has any suggestiongs, they are appreciated.
July 28th, 2008 11:23pm

In your recieve connectors, check the port for the connectors. By Default, mst has port 587. You can change that to Port 110 which is the typcial default ports for email recieving.--Chad
Free Windows Admin Tool Kit Click here and download it now
August 21st, 2008 9:55pm

Uh....no. You receive (and send) email on port 25 if one is running a mail server (as opposed to a mail client, which *might* receive mail on port 110) Instead of messing with the default receive connector, just createa new one, and allow anonymous,use port 25. (This doesn't mean that Exchange will be an open relay, as it will acept mail only for "accepted domains", set elsewhere)
October 15th, 2008 3:36am

Hi Doctorw, In a single-server Exchange 2007 setup you'll need to allow annonymous connections on your default receive connector. By default Exchange 2007 servers not running the Edge Transport role will only accept inbound smtp connections from Exchange Users (clients), Exchange Servers (other Exchange 2007 servers) and Exchange Legacy Servers (legacy Exchange 2003 & below servers). To allow annonymous smtp connections for your server, run the following management shell command: Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionsGroup "AnonymousUsers" As for not being able to send external email, have you configured a Send Connector? This is done through Organizational Configuration->Hub Transport->Send Connectors, or by using the management shell command New-SendConnector. Hope this helps, Rob Costello
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2010 7:15pm

Rob, you have a small syntax error: The command should read: Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionGroups "AnonymousUsers" ( PermissionsGroup --> PermissionGroups ) Marc
May 15th, 2010 7:15pm

Hi All, Thanks for the above info, tried the above but my exchange server 2007 in server 2003 sp2 isnt allowing me to send or receive emails to the external world, i can only send an receive emails locally. Recently our company has changed the domain hosting company from yahoo to another, this problem arrived then. Can you please help me out with this? azmath
Free Windows Admin Tool Kit Click here and download it now
January 11th, 2012 4:42pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics