petval
Posts: 4
Joined: 15.Oct.2003
From: czech republic
Status: offline
|
Hi,
I can't find out a way how to configure SMTP receive connector to use authentication
PROBLEM:
Most of our distribution groups require that user sending to them must be authenticated. We need to send mails to these groups also from MOSS 2007 (Sharepoint) but the MOSS settings don't count with authentication and there's no way to enter them and I don't want to tamper the source code files yet.
MY ATTEMPT OF SOLUTION:
I figured out that if I configure SMTP host which will authenticate to the Exchange receive connector and point MOSS outgoing mail to the SMTP host then the messages will be coming from authenticated user and will be delivered to the distribution groups.
Isn't this wrong assumption?
SETUP
I configured SMTP host in IIS on one W2003 server and made a remote domain there that points to the Exchange server. I created a new receive connector with verbose logging in Hub transport on this Exchange server and configured to receive from the IP of the SMTP host. I verified with anonymous authentication that this setup delivers emails.
I granted right to submit via this connector to the administrator account and also set this account's credentials in the authentication properties of the remote domain.
Get-ReceiveConnector "connector" | Add-ADPermission -User "domain-lab\administrator" -ExtendedRights "ms-Exch-SMTP-Submit"
(here is a bug that just after using powershell changes the SMTP receive logging behaviour: what was logged in the realtime is not now, sometimes it helps to restart the transport service, sometimes to reboot whole server, sometimes it gets written after couple of minutes. MS guys, this is not helping at all!)
Currently the connector is configured to allow Basic, NTLM and Exchange server authentication methods and permission groups are allowed for Exchange users, Exchange servers, Legacy Exchange Servers and Partners (I will narrow it when I get it working with at least something).
When I enable authentication (basic or NTLM, no TLS yet) on the IIS SMTP host then I receive this in the Exchange's SMTPreceive log:
<connector>,08CA98F5FC5D04E7,0,exchange,iis smtp,+,,
<connector>,08CA98F5FC5D04E7,1,exchange,iis smtp,*,None,Set Session Permissions
<connector>,08CA98F5FC5D04E7,2,exchange,iis smtp,>,"220 exchlab.domain.lab Microsoft ESMTP MAIL Service ready at Tue, 10 Jun 2008 13:00:33 +0200",
<connector>,08CA98F5FC5D04E7,3,exchange,iis smtp,<,EHLO sharepoint.domain.com,
<connector>,08CA98F5FC5D04E7,4,exchange,iis smtp,>,250-exchlab.domain.lab Hello [172.16.19.239],
<connector>,08CA98F5FC5D04E7,5,exchange,iis smtp,>,250-SIZE 10485760,
<connector>,08CA98F5FC5D04E7,6,exchange,iis smtp,>,250-PIPELINING,
<connector>,08CA98F5FC5D04E7,7,exchange,iis smtp,>,250-DSN,
<connector>,08CA98F5FC5D04E7,8,exchange,iis smtp,>,250-ENHANCEDSTATUSCODES,
<connector>,08CA98F5FC5D04E7,9,exchange,iis smtp,>,250-X-ANONYMOUSTLS,
<connector>,08CA98F5FC5D04E7,10,exchange,iis smtp,>,250-AUTH NTLM LOGIN,
<connector>,08CA98F5FC5D04E7,11,exchange,iis smtp,>,250-X-EXPS GSSAPI NTLM,
<connector>,08CA98F5FC5D04E7,12,exchange,iis smtp,>,250-8BITMIME,
<connector>,08CA98F5FC5D04E7,13,exchange,iis smtp,>,250-BINARYMIME,
<connector>,08CA98F5FC5D04E7,14,exchange,iis smtp,>,250-CHUNKING,
<connector>,08CA98F5FC5D04E7,15,exchange,iis smtp,>,250-XEXCH50,
<connector>,08CA98F5FC5D04E7,16,exchange,iis smtp,>,250 XRDST,
<connector>,08CA98F5FC5D04E7,17,exchange,iis smtp,<,AUTH LOGIN,
<connector>,08CA98F5FC5D04E7,18,exchange,iis smtp,>,334 <authentication response>,
<connector>,08CA98F5FC5D04E7,19,exchange,iis smtp,*,,Inbound authentication failed as we reject well-known account authentication for domain-LAB\Administrator
<connector>,08CA98F5FC5D04E7,20,exchange,iis smtp,>,535 5.7.3 Authentication unsuccessful,
<connector>,08CA98F5FC5D04E7,21,exchange,iis smtp,-,,Remote
here i figured that administrator account is not allowed by design and switched to another user granting him the right to use the connector too:
Get-ReceiveConnector "connector" | Add-ADPermission -User "domain-lab\smtp-user" -ExtendedRights "ms-Exch-SMTP-Submit"
with BASIC auth:
<connector>,08CA98F5FC5D04E9,1,exchange,iis smtp,*,None,Set Session Permissions
<connector>,08CA98F5FC5D04E9,2,exchange,iis smtp,>,"220 exchlab.domain.lab Microsoft ESMTP MAIL Service ready at Tue, 10 Jun 2008 13:16:44 +0200",
<connector>,08CA98F5FC5D04E9,3,exchange,iis smtp,<,EHLO sharepoint.domain.com,
<connector>,08CA98F5FC5D04E9,4,exchange,iis smtp,>,250-exchlab.domain.lab Hello [172.16.19.239],
<connector>,08CA98F5FC5D04E9,5,exchange,iis smtp,>,250-SIZE 10485760,
<connector>,08CA98F5FC5D04E9,6,exchange,iis smtp,>,250-PIPELINING,
<connector>,08CA98F5FC5D04E9,7,exchange,iis smtp,>,250-DSN,
<connector>,08CA98F5FC5D04E9,8,exchange,iis smtp,>,250-ENHANCEDSTATUSCODES,
<connector>,08CA98F5FC5D04E9,9,exchange,iis smtp,>,250-X-ANONYMOUSTLS,
<connector>,08CA98F5FC5D04E9,10,exchange,iis smtp,>,250-AUTH NTLM LOGIN,
<connector>,08CA98F5FC5D04E9,11,exchange,iis smtp,>,250-X-EXPS GSSAPI NTLM,
<connector>,08CA98F5FC5D04E9,12,exchange,iis smtp,>,250-8BITMIME,
<connector>,08CA98F5FC5D04E9,13,exchange,iis smtp,>,250-BINARYMIME,
<connector>,08CA98F5FC5D04E9,14,exchange,iis smtp,>,250-CHUNKING,
<connector>,08CA98F5FC5D04E9,15,exchange,iis smtp,>,250-XEXCH50,
<connector>,08CA98F5FC5D04E9,16,exchange,iis smtp,>,250 XRDST,
<connector>,08CA98F5FC5D04E9,17,exchange,iis smtp,<,AUTH LOGIN,
<connector>,08CA98F5FC5D04E9,18,exchange,iis smtp,>,334 <authentication response>,
<connector>,08CA98F5FC5D04E9,19,exchange,iis smtp,*,,Inbound AUTH LOGIN failed because of LogonDenied
<connector>,08CA98F5FC5D04E9,20,exchange,iis smtp,>,535 5.7.3 Authentication unsuccessful,
with NTLM AUTH:
...same as above...
<connector>,08CA98ECC0E653C2,17,exchange,sharepoint,<,AUTH NTLM,
<connector>,08CA98ECC0E653C2,18,exchange,sharepoint,>,334 <authentication response>,
<connector>,08CA98ECC0E653C2,19,exchange,sharepoint,*,,Inbound Negotiate failed because of LogonDenied
<connector>,08CA98ECC0E653C2,20,exchange,sharepoint,>,535 5.7.3 Authentication unsuccessful,
I granted the smtp-user right to logon locally just to be exclude this is not the case but I'm still getting the Inbound AUTH LOGIN failed because of LogonDenied error.
I don't know what more can I do to get this working. Please share your knowledge or ideas if you know more.
Thanks!
|
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
how exactly should i set smtp receive connector to auth... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
