Exchange 2007 Anonymous relay does not work
Hello all, I was hoping someone might be able to give me some useful insight on an issue I've been having. What I want to do is enable my Exchange 2007 server (hub, mailbox, CAS) to be able to forward anonymous SMTP from specific IP addresses. I've created a new send connector titled anonymous relay. I added the specific subnets in the remote subnets tabs and also ran the required shell commmand: Get-ReceiveConnector "Receive Connector Name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient" This seemed like a pretty straight forward task but it doesn't seem to be working and I've followed microsoft documentation. Has anyone else ran into this issue? Any help would be greatly appreciate, thanks in advance!
March 30th, 2012 1:40pm

Did you restart the Transport Service after making the changes? Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
Free Windows Admin Tool Kit Click here and download it now
March 30th, 2012 3:10pm

Yes I did, but still no luck...I can't imagine what's wrong it seems pretty simple.
March 30th, 2012 3:39pm

I presume you are following these instructions? http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx I would delete the connector completely and set it up again. I have seen third party tools, such as AV (McAfee for example) block this kind of traffic as well. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
Free Windows Admin Tool Kit Click here and download it now
March 30th, 2012 4:04pm

Have you enabled and checked the SMTP logs for these two receive connectors? Set the logging to be verbose and then check the logs on disk. http://technet.microsoft.com/en-us/library/bb124531.aspx How are you testing? Test via telnet and see where it is failing http://support.microsoft.com/kb/153119 I have a suspicion that it is hitting the default receive connector rather than your new one. Also curious as initially you say you created a send connector, and then in the code sample it says receive connector, can you confirm it was a new receive connector that you made??Cheers, Rhoderick
March 30th, 2012 6:30pm

Thanks for the suggestions guys and yes that was a mistake Rhoderick I meant receive connector. I enabled verbose logging on my receive connectors and then retried the relay. I found the text below in the logs which would indicate it is hitting the correct connector but this error: 501 5.1.7 Invalid address might be the culprit. I did try to delete and recreate the connector and even tried rebooting, but that did not resolve the problem. 2012-04-03T14:22:09.480Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FE9,1,192.168.80.17:25,192.168.96.18:4590,*,SMTPSubmit SMTPAcceptAnyRecipient SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions 2012-04-03T14:22:09.480Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FE9,2,192.168.80.17:25,192.168.96.18:4590,*,SMTPSubmit SMTPAcceptAnyRecipient SMTPAcceptAuthenticationFlag SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender BypassAntiSpam BypassMessageSizeLimit SMTPAcceptEXCH50 AcceptRoutingHeaders,Set Session Permissions 2012-04-03T14:22:09.480Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FE9,3,192.168.80.17:25,192.168.96.18:4590,>,"220 SRV-VMEX01.forest.local Microsoft ESMTP MAIL Service ready at Tue, 3 Apr 2012 10:22:08 -0400", 2012-04-03T14:22:12.199Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FE9,4,192.168.80.17:25,192.168.96.18:4590,<,HELO 192.168.96.18, 2012-04-03T14:22:12.199Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FE9,5,192.168.80.17:25,192.168.96.18:4590,>,250 SRV-VMEX01.forest.local Hello [192.168.96.18], 2012-04-03T14:22:13.278Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FE9,6,192.168.80.17:25,192.168.96.18:4590,<,MAIL FROM:<pesg-enviromon02>, 2012-04-03T14:22:13.278Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FE9,7,192.168.80.17:25,192.168.96.18:4590,>,501 5.1.7 Invalid address, 2012-04-03T14:22:13.325Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FE9,8,192.168.80.17:25,192.168.96.18:4590,-,,Remote 2012-04-03T14:22:13.356Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEA,0,192.168.80.17:25,192.168.96.18:4591,+,, 2012-04-03T14:22:13.356Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEA,1,192.168.80.17:25,192.168.96.18:4591,*,SMTPSubmit SMTPAcceptAnyRecipient SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions 2012-04-03T14:22:13.356Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEA,2,192.168.80.17:25,192.168.96.18:4591,*,SMTPSubmit SMTPAcceptAnyRecipient SMTPAcceptAuthenticationFlag SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender BypassAntiSpam BypassMessageSizeLimit SMTPAcceptEXCH50 AcceptRoutingHeaders,Set Session Permissions 2012-04-03T14:22:13.356Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEA,3,192.168.80.17:25,192.168.96.18:4591,>,"220 SRV-VMEX01.forest.local Microsoft ESMTP MAIL Service ready at Tue, 3 Apr 2012 10:22:13 -0400", 2012-04-03T14:22:16.122Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEA,4,192.168.80.17:25,192.168.96.18:4591,<,HELO 192.168.96.18, 2012-04-03T14:22:16.122Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEA,5,192.168.80.17:25,192.168.96.18:4591,>,250 SRV-VMEX01.forest.local Hello [192.168.96.18], 2012-04-03T14:22:17.170Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEA,6,192.168.80.17:25,192.168.96.18:4591,<,MAIL FROM:<pesg-enviromon02>, 2012-04-03T14:22:17.170Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEA,7,192.168.80.17:25,192.168.96.18:4591,>,501 5.1.7 Invalid address, 2012-04-03T14:22:17.248Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEA,8,192.168.80.17:25,192.168.96.18:4591,-,,Remote 2012-04-03T14:22:17.326Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEB,0,192.168.80.17:25,192.168.96.18:4592,+,, 2012-04-03T14:22:17.326Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEB,1,192.168.80.17:25,192.168.96.18:4592,*,SMTPSubmit SMTPAcceptAnyRecipient SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions 2012-04-03T14:22:17.326Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEB,2,192.168.80.17:25,192.168.96.18:4592,*,SMTPSubmit SMTPAcceptAnyRecipient SMTPAcceptAuthenticationFlag SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender BypassAntiSpam BypassMessageSizeLimit SMTPAcceptEXCH50 AcceptRoutingHeaders,Set Session Permissions 2012-04-03T14:22:17.326Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEB,3,192.168.80.17:25,192.168.96.18:4592,>,"220 SRV-VMEX01.forest.local Microsoft ESMTP MAIL Service ready at Tue, 3 Apr 2012 10:22:16 -0400", 2012-04-03T14:22:20.124Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEB,4,192.168.80.17:25,192.168.96.18:4592,<,HELO 192.168.96.18, 2012-04-03T14:22:20.124Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEB,5,192.168.80.17:25,192.168.96.18:4592,>,250 SRV-VMEX01.forest.local Hello [192.168.96.18], 2012-04-03T14:22:21.202Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEB,6,192.168.80.17:25,192.168.96.18:4592,<,MAIL FROM:<pesg-enviromon02>, 2012-04-03T14:22:21.202Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEB,7,192.168.80.17:25,192.168.96.18:4592,>,501 5.1.7 Invalid address, 2012-04-03T14:22:21.249Z,SRV-VMEX01\Allow Anonymous Relay,08CEDF745D989FEB,8,192.168.80.17:25,192.168.96.18:4592,-,,Remote Thanks as always for the response I appreciate it.
Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2012 12:18pm

This resolved my problem: http://support.microsoft.com/kb/944302 It seems that you need to make sure that your default domain is set on the connector with Exchange 2007 otherwise it will not relay the mail. Thanks for pointing me in the right direction the verbose logging definitely helped.
April 3rd, 2012 12:53pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics