authenticated SMTP from outside domain
Hi, I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad, Windows7 phone and via external browsers. With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted to use my own exchange server to send thru. This task has proved to be harder than I imagined. When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay" What am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account? Is another receive connector required? Appreciate any replies.
November 29th, 2012 8:32pm

You mean you want to send via SMTP on your iOS device? Why not ActiveSync?
Free Windows Admin Tool Kit Click here and download it now
November 29th, 2012 9:42pm

On Fri, 30 Nov 2012 01:29:40 +0000, bassjace wrote: > > >Hi, > >I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad, Windows7 phone and via external browsers. > >With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted to use my own exchange server to send thru. > >This task has proved to be harder than I imagined. > >When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay" > >What am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account? > >Is another receive connector required? > >Appreciate any replies. The "Client" receive connector is configured to accept authenticated connections using port 587. Use that instead of your "Default" connector that listens on port 25. Make sure your firewall allows inbound connections on port 587. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
November 29th, 2012 10:40pm

On Fri, 30 Nov 2012 01:29:40 +0000, bassjace wrote: > > >Hi, > >I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad, Windows7 phone and via external browsers. > >With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted to use my own exchange server to send thru. > >This task has proved to be harder than I imagined. > >When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay" > >What am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account? > >Is another receive connector required? > >Appreciate any replies. The "Client" receive connector is configured to accept authenticated connections using port 587. Use that instead of your "Default" connector that listens on port 25. Make sure your firewall allows inbound connections on port 587. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
November 30th, 2012 6:38am

On Fri, 30 Nov 2012 01:29:40 +0000, bassjace wrote: > > >Hi, > >I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad, Windows7 phone and via external browsers. > >With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted to use my own exchange server to send thru. > >This task has proved to be harder than I imagined. > >When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay" > >What am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account? > >Is another receive connector required? > >Appreciate any replies. The "Client" receive connector is configured to accept authenticated connections using port 587. Use that instead of your "Default" connector that listens on port 25. Make sure your firewall allows inbound connections on port 587. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP Rich, Thanks for the reply. I did that already. But I still get the " recipient unable to relay" error. So the email account I am using is just a POP account, its not linked to my exchange org. It is for example the POP account that is provided by my ISP. Instead of using the mobile operators outbound SMTP servers I want to use my exchange server instead. Thought this would be possible. So the problem seem to be with the " from" address when sending. It does not like the " from" POP email address. What are the settings I need on the " Client" receive connector to stop this error? thnx
December 2nd, 2012 7:30am

I wanted to also mention again I am using the details of a domain email enabled user as the authentication details in the SMTP server settings.....I thought from my reading that was enough if I set the 587 port as its setting.... I am not sure what I have "bodged"....
Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2012 7:58am

On Sun, 2 Dec 2012 12:28:21 +0000, bassjace wrote: >On Fri, 30 Nov 2012 01:29:40 +0000, bassjace wrote: > > >Hi, > >I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad, Windows7 phone and via external browsers. > >With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted to use my own exchange server to send thru. > >This task has proved to be harder than I imagined. > >When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay" > >What am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account? > >Is another receive connector required? > >Appreciate any replies. The "Client" receive connector is >configured to accept authenticated connections using port 587. Use that instead of your "Default" connector that listens on port 25. Make sure your firewall allows inbound connections on port 587. --- Rich Matheisen MCSE+I, Exchange MVP >--- Rich Matheisen MCSE+I, Exchange MVP > >Rich, > > > >Thanks for the reply. > >I did that already. > >But I still get the " recipient unable to relay" error. > >So the email account I am using is just a POP account, its not linked to my exchange org. It is for example the POP account that is provided by my ISP. Instead of using the mobile operators outbound SMTP servers I want to use my exchange server instead. > >Thought this would be possible. It is. >So the problem seem to be with the " from" address when sending. It does not like the " from" POP email address. Well, no, I don't imagine it would if it's not the e-mail address of the account whose credentials you used to authenticate with the SMTP server. >What are the settings I need on the " Client" receive connector to stop this error? If your intention is to authenticate with the credentials of a AD user, but have the "MAIL FROM:" and "From:" addresses accepted no matter whether they belong to that AD account you have to assign the necessary rights on the connector. This should do it: Get-ReceiveConnector "<ReceiveConnectorName>" | Add-ADPermission -User "NT AUTHORITY\Authenticated Users" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender" --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
December 2nd, 2012 11:04am

On Sun, 2 Dec 2012 12:55:40 +0000, bassjace wrote: >I wanted to also mention again I am using the details of a domain email enabled user as the authentication details in the SMTP server settings.....I thought from my reading that was enough if I set the 587 port as its setting.... > >I am not sure what I have "bodged".... It's what you haven't done. See previous my post. ;-) --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2012 11:05am

Hello, Are you using POP3/SMTP from your devices? That's outdated IMHO. As Li mentioned, why not use ActiveSync? Miguel Fra | Falcon IT Services, Miami, FL www.falconitservices.com | www.falconits.com | Blog
December 2nd, 2012 12:20pm

On Sun, 2 Dec 2012 17:17:26 +0000, Falcon IT Services wrote: >Are you using POP3/SMTP from your devices? That's outdated IMHO. As Li mentioned, why not use ActiveSync? No, he's using POP3 at an ISP and wants to use his Exchange server as the SMTP relay. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2012 3:07pm

On Sun, 2 Dec 2012 12:28:21 +0000, bassjace wrote: >On Fri, 30 Nov 2012 01:29:40 +0000, bassjace wrote: > > >Hi, > >I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad, Windows7 phone and via external browsers. > >With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted to use my own exchange server to send thru. > >This task has proved to be harder than I imagined. > >When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay" > >What am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account? > >Is another receive connector required? > >Appreciate any replies. The "Client" receive connector is >configured to accept authenticated connections using port 587. Use that instead of your "Default" connector that listens on port 25. Make sure your firewall allows inbound connections on port 587. --- Rich Matheisen MCSE+I, Exchange MVP >--- Rich Matheisen MCSE+I, Exchange MVP > >Rich, > > > >Thanks for the reply. > >I did that already. > >But I still get the " recipient unable to relay" error. > >So the email account I am using is just a POP account, its not linked to my exchange org. It is for example the POP account that is provided by my ISP. Instead of using the mobile operators outbound SMTP servers I want to use my exchange server instead. > >Thought this would be possible. It is. >So the problem seem to be with the " from" address when sending. It does not like the " from" POP email address. Well, no, I don't imagine it would if it's not the e-mail address of the account whose credentials you used to authenticate with the SMTP server. >What are the settings I need on the " Client" receive connector to stop this error? If your intention is to authenticate with the credentials of a AD user, but have the "MAIL FROM:" and "From:" addresses accepted no matter whether they belong to that AD account you have to assign the necessary rights on the connector. This should do it: Get-ReceiveConnector "<ReceiveConnectorName>" | Add-ADPermission -User "NT AUTHORITY\Authenticated Users" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender" --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
December 2nd, 2012 7:01pm

Rich, Thanks for the reply. I will give that PS a go and respond. Out of interest this is not something that can be checked on the receive connector in the EMC? Is this is a common scenario? I am new to Exchange but have worked at places that have had this in place.
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2012 10:29pm

Rich, Just one other question, is there a way to add the email address I am sending from as an accepted email address to send from without adding the whole domain to the org as an accepted domain? Or is that exactly what needs to happen?
December 4th, 2012 10:37pm

On Wed, 5 Dec 2012 03:27:19 +0000, bassjace wrote: >Thanks for the reply. I will give that PS a go and respond. > >Out of interest this is not something that can be checked on the receive connector in the EMC? Setting permissions? No, you can't use the EMC. >Is this is a common scenario? I am new to Exchange but have worked at places that have had this in place. It is if want to do what you seem to. If you have a need to act as a SMTP relay and don't care whether someone's sending email posing as someone they're not, well, that's a decision you'll have to make. I'd usually restrict that sort of behavior to a trusted SMTP server that's using a receive connector restricted to a set of IP addresses rather than just an authenticated user. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2012 11:13pm

On Wed, 5 Dec 2012 03:34:47 +0000, bassjace wrote: >Just one other question, is there a way to add the email address I am sending from as an accepted email address to send from without adding the whole domain to the org as an accepted domain? > >Or is that exactly what needs to happen? I've never tried that, but you can substitute that user for the "authenticated users" group and see what happens. If it doesn't work you can remove the permission. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
December 4th, 2012 11:23pm

Rich, I ran the PS script as you supplied but the result was unexpected. [PS] C:\Windows\system32>Get-ReceiveConnector "Client SERV-EXCHANGE" | Add-ADPermission -User Add-ADPermission : Missing an argument for parameter 'User'. Specify a parameter of type 'System.Object' and try again. At line:1 char:64 + Get-ReceiveConnector "Client SERV-EXCHANGE" | Add-ADPermission -User + ~~~~~ + CategoryInfo : InvalidArgument: (:) [Add-ADPermission], ParameterBindingException + FullyQualifiedErrorId : MissingArgument,Add-ADPermission [PS] C:\Windows\system32> [PS] C:\Windows\system32>"NT AUTHORITY\Authenticated Users" -ExtendedRights At line:1 char:36 + "NT AUTHORITY\Authenticated Users" -ExtendedRights + ~~~~~~~~~~~~~~~ Unexpected token '-ExtendedRights' in expression or statement. + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : UnexpectedToken [PS] C:\Windows\system32> [PS] C:\Windows\system32>"ms-Exch-SMTP-Accept-Any-Sender" So I ran this to make sure the group was correct: Get-Adpermission -Identity "MySMTPConnector" | format-table -view identity NT AUTHORITY\Authenticated Users was True so I assume the NT Authority group is correct. Its not spelt wrong or the wrong group. How do i interpret this?
Free Windows Admin Tool Kit Click here and download it now
December 11th, 2012 7:42pm

On Wed, 12 Dec 2012 00:39:08 +0000, bassjace wrote: > > >Rich, > >I ran the PS script as you supplied but the result was unexpected. > > > >[PS] C:\Windows\system32>Get-ReceiveConnector "Client SERV-EXCHANGE" | Add-ADPermission -User Add-ADPermission : Missing an argument for parameter 'User'. Specify a parameter of type 'System.Object' and try again. At line:1 char:64 + Get-ReceiveConnector "Client SERV-EXCHANGE" | Add-ADPermission -User + ~~~~~ + CategoryInfo : InvalidArgument: (:) [Add-ADPermission], ParameterBindingException + FullyQualifiedErrorId : MissingArgument,Add-ADPermission > >[PS] C:\Windows\system32> [PS] C:\Windows\system32>"NT AUTHORITY\Authenticated Users" -ExtendedRights At line:1 char:36 + "NT AUTHORITY\Authenticated Users" -ExtendedRights + ~~~~~~~~~~~~~~~ Unexpected token '-ExtendedRights' in expression or statement. + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : UnexpectedToken > >[PS] C:\Windows\system32> [PS] C:\Windows\system32>"ms-Exch-SMTP-Accept-Any-Sender" > >So I ran this to make sure the group was correct: > >Get-Adpermission -Identity "MySMTPConnector" | format-table -view identity > >NT AUTHORITY\Authenticated Users was True > >so I assume the NT Authority group is correct. Its not spelt wrong or the wrong group. > >How do i interpret this? It looks like you have the thing spread over several lines. Put it all on just one line, or put a back-tick at the end of the first two lines. Get-ReceiveConnector "Client SERV-EXCHANGE" | Add-ADPermission -User ` "NT AUTHORITY\Authenticated Users" -ExtendedRights ` "ms-Exch-SMTP-Accept-Any-Sender" --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
December 12th, 2012 5:06pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics