authenticated SMTP from outside domain
Hi,
I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad, Windows7 phone and via external browsers.
With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted to use my own exchange server to send thru.
This task has proved to be harder than I imagined.
When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay"
What am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account?
Is another receive connector required?
Appreciate any replies.
November 29th, 2012 8:32pm
You mean you want to send via SMTP on your iOS device? Why not ActiveSync?
Free Windows Admin Tool Kit Click here and download it now
November 29th, 2012 9:42pm
On Fri, 30 Nov 2012 01:29:40 +0000, bassjace wrote:
>
>
>Hi,
>
>I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad, Windows7 phone and via external browsers.
>
>With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted to use my own exchange server to send
thru.
>
>This task has proved to be harder than I imagined.
>
>When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay"
>
>What am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account?
>
>Is another receive connector required?
>
>Appreciate any replies.
The "Client" receive connector is configured to accept authenticated
connections using port 587. Use that instead of your "Default"
connector that listens on port 25.
Make sure your firewall allows inbound connections on port 587.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
November 29th, 2012 10:40pm
On Fri, 30 Nov 2012 01:29:40 +0000, bassjace wrote:
>
>
>Hi,
>
>I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad, Windows7 phone and via external browsers.
>
>With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted to use my own exchange server to send
thru.
>
>This task has proved to be harder than I imagined.
>
>When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay"
>
>What am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account?
>
>Is another receive connector required?
>
>Appreciate any replies.
The "Client" receive connector is configured to accept authenticated
connections using port 587. Use that instead of your "Default"
connector that listens on port 25.
Make sure your firewall allows inbound connections on port 587.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
November 30th, 2012 6:38am
On Fri, 30 Nov 2012 01:29:40 +0000, bassjace wrote:
>
>
>Hi,
>
>I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad, Windows7 phone and via external browsers.
>
>With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted to use my own exchange server to send
thru.
>
>This task has proved to be harder than I imagined.
>
>When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay"
>
>What am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account?
>
>Is another receive connector required?
>
>Appreciate any replies.
The "Client" receive connector is configured to accept authenticated
connections using port 587. Use that instead of your "Default"
connector that listens on port 25.
Make sure your firewall allows inbound connections on port 587.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Rich,
Thanks for the reply.
I did that already.
But I still get the " recipient unable to relay" error.
So the email account I am using is just a POP account, its not linked to my exchange org. It is for example the POP account that is provided by my ISP. Instead of using the mobile operators outbound SMTP servers I want to use my exchange server instead.
Thought this would be possible.
So the problem seem to be with the " from" address when sending. It does not like the " from" POP email address.
What are the settings I need on the " Client" receive connector to stop this error?
thnx
December 2nd, 2012 7:30am
I wanted to also mention again I am using the details of a domain email enabled user as the authentication details in the SMTP server settings.....I thought from my reading that was enough if I set the 587 port as its setting....
I am not sure what I have "bodged"....
Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2012 7:58am
On Sun, 2 Dec 2012 12:28:21 +0000, bassjace wrote:
>On Fri, 30 Nov 2012 01:29:40 +0000, bassjace wrote: > > >Hi, > >I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad,
Windows7 phone and via external browsers. > >With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted
to use my own exchange server to send thru. > >This task has proved to be harder than I imagined. > >When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay" > >What
am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account? > >Is another receive connector required? > >Appreciate any replies. The "Client" receive connector is
>configured to accept authenticated connections using port 587. Use that instead of your "Default" connector that listens on port 25. Make sure your firewall allows inbound connections on port 587. --- Rich Matheisen MCSE+I, Exchange MVP
>--- Rich Matheisen MCSE+I, Exchange MVP
>
>Rich,
>
>
>
>Thanks for the reply.
>
>I did that already.
>
>But I still get the " recipient unable to relay" error.
>
>So the email account I am using is just a POP account, its not linked to my exchange org. It is for example the POP account that is provided by my ISP. Instead of using the mobile operators outbound SMTP servers I want to use my exchange server instead.
>
>Thought this would be possible.
It is.
>So the problem seem to be with the " from" address when sending. It does not like the " from" POP email address.
Well, no, I don't imagine it would if it's not the e-mail address of
the account whose credentials you used to authenticate with the SMTP
server.
>What are the settings I need on the " Client" receive connector to stop this error?
If your intention is to authenticate with the credentials of a AD
user, but have the "MAIL FROM:" and "From:" addresses accepted no
matter whether they belong to that AD account you have to assign the
necessary rights on the connector. This should do it:
Get-ReceiveConnector "<ReceiveConnectorName>" | Add-ADPermission -User
"NT AUTHORITY\Authenticated Users" -ExtendedRights
"ms-Exch-SMTP-Accept-Any-Sender"
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
December 2nd, 2012 11:04am
On Sun, 2 Dec 2012 12:55:40 +0000, bassjace wrote:
>I wanted to also mention again I am using the details of a domain email enabled user as the authentication details in the SMTP server settings.....I thought from my reading that was enough if I set the 587 port as its setting....
>
>I am not sure what I have "bodged"....
It's what you haven't done. See previous my post. ;-)
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2012 11:05am
Hello,
Are you using POP3/SMTP from your devices? That's outdated IMHO. As Li mentioned, why not use ActiveSync?
Miguel Fra | Falcon IT Services, Miami, FL
www.falconitservices.com |
www.falconits.com |
Blog
December 2nd, 2012 12:20pm
On Sun, 2 Dec 2012 17:17:26 +0000, Falcon IT Services wrote:
>Are you using POP3/SMTP from your devices? That's outdated IMHO. As Li mentioned, why not use ActiveSync?
No, he's using POP3 at an ISP and wants to use his Exchange server as
the SMTP relay.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2012 3:07pm
On Sun, 2 Dec 2012 12:28:21 +0000, bassjace wrote:
>On Fri, 30 Nov 2012 01:29:40 +0000, bassjace wrote: > > >Hi, > >I have set up my Exchange Server 2010 SP2 server on a single server with multi-role and everything is working well. I have OWA, autodiscover and web services all functioning from my Ipad,
Windows7 phone and via external browsers. > >With the luxury of having my own business email server I wanted to then change the way my other email accounts send email from my smartphone devices. Instead of using the ISP's SMTP servers to send email I wanted
to use my own exchange server to send thru. > >This task has proved to be harder than I imagined. > >When I set up the details of my Ex2010 server into the SMTP settings of an account on my ipad/iphone I get an error saying " recipient unable to relay" > >What
am I doing wrong? What do I need to change on the server to enable me to relay with an authenticated exchange account? > >Is another receive connector required? > >Appreciate any replies. The "Client" receive connector is
>configured to accept authenticated connections using port 587. Use that instead of your "Default" connector that listens on port 25. Make sure your firewall allows inbound connections on port 587. --- Rich Matheisen MCSE+I, Exchange MVP
>--- Rich Matheisen MCSE+I, Exchange MVP
>
>Rich,
>
>
>
>Thanks for the reply.
>
>I did that already.
>
>But I still get the " recipient unable to relay" error.
>
>So the email account I am using is just a POP account, its not linked to my exchange org. It is for example the POP account that is provided by my ISP. Instead of using the mobile operators outbound SMTP servers I want to use my exchange server instead.
>
>Thought this would be possible.
It is.
>So the problem seem to be with the " from" address when sending. It does not like the " from" POP email address.
Well, no, I don't imagine it would if it's not the e-mail address of
the account whose credentials you used to authenticate with the SMTP
server.
>What are the settings I need on the " Client" receive connector to stop this error?
If your intention is to authenticate with the credentials of a AD
user, but have the "MAIL FROM:" and "From:" addresses accepted no
matter whether they belong to that AD account you have to assign the
necessary rights on the connector. This should do it:
Get-ReceiveConnector "<ReceiveConnectorName>" | Add-ADPermission -User
"NT AUTHORITY\Authenticated Users" -ExtendedRights
"ms-Exch-SMTP-Accept-Any-Sender"
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
December 2nd, 2012 7:01pm
Rich,
Thanks for the reply. I will give that PS a go and respond.
Out of interest this is not something that can be checked on the receive connector in the EMC?
Is this is a common scenario? I am new to Exchange but have worked at places that have had this in place.
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2012 10:29pm
Rich,
Just one other question, is there a way to add the email address I am sending from as an accepted email address to send from without adding the whole domain to the org as an accepted domain?
Or is that exactly what needs to happen?
December 4th, 2012 10:37pm
On Wed, 5 Dec 2012 03:27:19 +0000, bassjace wrote:
>Thanks for the reply. I will give that PS a go and respond.
>
>Out of interest this is not something that can be checked on the receive connector in the EMC?
Setting permissions? No, you can't use the EMC.
>Is this is a common scenario? I am new to Exchange but have worked at places that have had this in place.
It is if want to do what you seem to. If you have a need to act as a
SMTP relay and don't care whether someone's sending email posing as
someone they're not, well, that's a decision you'll have to make. I'd
usually restrict that sort of behavior to a trusted SMTP server that's
using a receive connector restricted to a set of IP addresses rather
than just an authenticated user.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2012 11:13pm
On Wed, 5 Dec 2012 03:34:47 +0000, bassjace wrote:
>Just one other question, is there a way to add the email address I am sending from as an accepted email address to send from without adding the whole domain to the org as an accepted domain?
>
>Or is that exactly what needs to happen?
I've never tried that, but you can substitute that user for the
"authenticated users" group and see what happens. If it doesn't work
you can remove the permission.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
December 4th, 2012 11:23pm
Rich,
I ran the PS script as you supplied but the result was unexpected.
[PS] C:\Windows\system32>Get-ReceiveConnector "Client SERV-EXCHANGE" | Add-ADPermission -User
Add-ADPermission : Missing an argument for parameter 'User'. Specify a parameter of type 'System.Object' and try again.
At line:1 char:64
+ Get-ReceiveConnector "Client SERV-EXCHANGE" | Add-ADPermission -User
+
~~~~~
+ CategoryInfo : InvalidArgument: (:) [Add-ADPermission], ParameterBindingException
+ FullyQualifiedErrorId : MissingArgument,Add-ADPermission
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>"NT AUTHORITY\Authenticated Users" -ExtendedRights
At line:1 char:36
+ "NT AUTHORITY\Authenticated Users" -ExtendedRights
+ ~~~~~~~~~~~~~~~
Unexpected token '-ExtendedRights' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnexpectedToken
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>"ms-Exch-SMTP-Accept-Any-Sender"
So I ran this to make sure the group was correct:
Get-Adpermission -Identity "MySMTPConnector" | format-table -view identity
NT AUTHORITY\Authenticated Users was True
so I assume the NT Authority group is correct. Its not spelt wrong or the wrong group.
How do i interpret this?
Free Windows Admin Tool Kit Click here and download it now
December 11th, 2012 7:42pm
On Wed, 12 Dec 2012 00:39:08 +0000, bassjace wrote:
>
>
>Rich,
>
>I ran the PS script as you supplied but the result was unexpected.
>
>
>
>[PS] C:\Windows\system32>Get-ReceiveConnector "Client SERV-EXCHANGE" | Add-ADPermission -User Add-ADPermission : Missing an argument for parameter 'User'. Specify a parameter of type 'System.Object' and try again. At line:1 char:64 + Get-ReceiveConnector
"Client SERV-EXCHANGE" | Add-ADPermission -User + ~~~~~ + CategoryInfo : InvalidArgument: (:) [Add-ADPermission], ParameterBindingException + FullyQualifiedErrorId : MissingArgument,Add-ADPermission
>
>[PS] C:\Windows\system32> [PS] C:\Windows\system32>"NT AUTHORITY\Authenticated Users" -ExtendedRights At line:1 char:36 + "NT AUTHORITY\Authenticated Users" -ExtendedRights + ~~~~~~~~~~~~~~~ Unexpected token '-ExtendedRights' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : UnexpectedToken
>
>[PS] C:\Windows\system32> [PS] C:\Windows\system32>"ms-Exch-SMTP-Accept-Any-Sender"
>
>So I ran this to make sure the group was correct:
>
>Get-Adpermission -Identity "MySMTPConnector" | format-table -view identity
>
>NT AUTHORITY\Authenticated Users was True
>
>so I assume the NT Authority group is correct. Its not spelt wrong or the wrong group.
>
>How do i interpret this?
It looks like you have the thing spread over several lines. Put it all
on just one line, or put a back-tick at the end of the first two
lines.
Get-ReceiveConnector "Client SERV-EXCHANGE" | Add-ADPermission -User `
"NT AUTHORITY\Authenticated Users" -ExtendedRights `
"ms-Exch-SMTP-Accept-Any-Sender"
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
December 12th, 2012 5:06pm