• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Problem sending mail internally

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Message Routing >> Problem sending mail internally Page: [1]
Login
Message << Older Topic   Newer Topic >>
Problem sending mail internally - 18.Jun.2008 2:35:23 AM   
maxwebster

 

Posts: 25
Joined: 13.Feb.2007
Status: offline
Hi,
Recently transitioned to 07, 03 is now turned off and removed from the domain. I have noticed a problem though with some applications not being able to email 07 (using it as smtp). For example, I cannot send notifications from the IBM serveRaid manager from any server although all servers are on the same subnet, all their IP's added to the IP allow list in Exchange, and I have anonymous access enabled on the default receive connector. I can do a telnet test from any of the servers (with IBM serveRAID manager installed) and can send mail through Exchange no problem, even if I use a bogus send from address.
Does anyone know why I'm runnning into this problem, or better yet, a real time Exchange log (or tool) where I can view these attempts and susequent failures?
Current config:
2 mailstore servers in a SCC
2 mailhubs, but one configured with CAS.
Thanks.....
Post #: 1
RE: Problem sending mail internally - 18.Jun.2008 5:28:18 AM   
betimp

 

Posts: 4
Joined: 6.Dec.2007
Status: offline
Hi,

You should create a New Receive Connector on Hub Transport only for IBM serveRAID, and configure it that only IP of IBM serveRAID can connect. Also you should go in this Receive Connector properties, in authentication and tick Externally Secured, and also on Permission Group Tab allow anonymyous users to connect through this connector.

Hopefully this will help you to solve a problem.

Regards,

(in reply to maxwebster)
Post #: 2
RE: Problem sending mail internally - 18.Jun.2008 8:42:50 AM   
maxwebster

 

Posts: 25
Joined: 13.Feb.2007
Status: offline
Maybe I'm not understanding this correctly, but the default receive connector (accepting on port 25) is already configured for anonymous access, so wouldn't internal devices be able to send mail through it? I can telnet from these servers but cannot send from the application itself (IBM ServeRaid) installed on these servers...
Do I really need to create an additional receive connector for this? I have different apps besides the ServeRaid that cannot send mail, like CiscoWorks, and for this one it seems to be passing credentials that are not being accepted.
It sure would be handy of anyone knew of a log that I can enbale or check that actaully logs this rejections...

Thanks again.

(in reply to betimp)
Post #: 3
RE: Problem sending mail internally - 18.Jun.2008 9:44:04 AM   
betimp

 

Posts: 4
Joined: 6.Dec.2007
Status: offline
The default receive connector should allow connection to send emails only emails inside organisation otherwise people can use it for spam, as i know.

That's why i created new receive connector for notification servers, so they can send emails inside and outside organisation.

From my point of view, i would create new receive connector, and configure it so can accept connection only from the ip of  IBM servRaid and tick externally secured field and also tick in permission groups "Anonymous Users".

good day,
Betim

(in reply to maxwebster)
Post #: 4
RE: Problem sending mail internally - 18.Jun.2008 11:15:06 AM   
John Weber

 

Posts: 1236
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
You need a new connector configured to accept specific ip address/range.

Read this here for further explanation.  It has to do with the perms that are associated with the connector's anonymous user.

http://tsoorad.blogspot.com/2008/01/allowing-application-servers-to-relay.html

_____________________________

John Weber [Lync MVP] http://tsoorad.blogspot.com

(in reply to maxwebster)
Post #: 5
RE: Problem sending mail internally - 18.Jun.2008 12:18:30 PM   
maxwebster

 

Posts: 25
Joined: 13.Feb.2007
Status: offline
I really don't think I need another connector, and I'll explain why.....
I have qmail configured as mx for my domain and it routes external mail internally to Exchange, so there is no fear of anyone connecting to it from the outside and relaying through it. My default connector is already configured to accept mail from all IP's, and note -- this is important -- that I can telnet from these servers through Exchange and it works fine. The only problem I have is with the IBM serveraid application, and I think I found the issue. I did a test by configuring the RAID app to send mail to our qmail server, and I also get an error there. Here is the log from qmail:Jun 18 11:58:47 ontera18 smtpd: 1213804727.349847 qmail-smtpd 27826: 10.0.1.241: remote helo: DC1
Jun 18 11:58:47 ontera18 smtpd: 1213804727.390391 qmail-smtpd 27826: 10.0.1.241: remote sent 'mail from': FROM: <DC1>
Jun 18 11:58:47 ontera18 smtpd: 1213804727.390438 qmail-smtpd 27826: 10.0.1.241: mail from: DC1
Jun 18 11:58:47 ontera18 smtpd: 1213804727.390623 qmail-smtpd 27826: 10.0.1.241: bad mailfrom: DC1
Jun 18 11:58:47 ontera18 smtpd: 1213804727.390664 qmail-smtpd 27826: 10.0.1.241: force closing connection

It obviously does not like the format of the from field, which is just coming across as the server name, not ServerName@something.com, and it's failing. If the application included a complete address, which is standard I believe, then it would work jsut fine. I can reproduce this problem with telnet, where if I use the full address is workks fine, but if I use just <DC1> then it fails.
What about using the following command to just add the server name(s) permission?
add-adpermission '<receivername>' -User 'NT AUTHORITY\ANONYMOUS LOGON' -ExtendedRights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

Or does anyone know how to configure IBM ServeRAID to change it's mail from: input?

What I REALLY want to find is the damn exchange log that shows these failure in real time, something similar to qmail. Does anyone know which log I need to look at to see them, or if I can change something in the event log that will show them, or maybe a 3rd party tool I can use?


Thanks for all your help.


(in reply to John Weber)
Post #: 6
RE: Problem sending mail internally -SOLUTION- - 19.Jun.2008 10:53:32 AM   
maxwebster

 

Posts: 25
Joined: 13.Feb.2007
Status: offline
Hi,

First , thanks for the suggestions, I really appreciate them. I think the confusion about adding another connector for relaying arose because you thought I was sending the mail oustide of exchange, when in fact, all delveries are local. I deiscovered that a newer version of the IBM ServeRAID manager handles the mail from: field differently and the new version (9.0) sends mail to exchange 07 without issue.
Cse closed, thanks again.

(in reply to maxwebster)
Post #: 7
RE: Problem sending mail internally -SOLUTION- - 19.Jun.2008 10:57:36 AM   
betimp

 

Posts: 4
Joined: 6.Dec.2007
Status: offline
You are welcome. It is great hearing that you have found a solution.

Regards

(in reply to maxwebster)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Message Routing >> Problem sending mail internally Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter