Problem with Exchange 2007 SP1 Receive Connector and SMTP
- From: MarkC <MarkC@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 25 Jan 2008 05:31:04 -0800
I am hoping that somebody can help me with this problem which I am facing.
Firstly a bit of information about the problem.
I am trying to get Outlook Express v6 or (any email client for that matter)
to send email on port 25 (My Server Requires Authentication option ticked) to
a Hub Transport server. The error which I get is:
The message could not be sent because the server rejected the sender's
e-mail address.
The sender's e-mail address was 'test@xxxxxxxxxxxxxx'.
Subject ‘Subject information, Account: 'Test Hub', Server: 'x.x.x.x',
Protocol: SMTP, Server Response: '530 5.7.1 Client was not authenticated',
Port: 25, Secure(SSL): No, Server Error: 530, Error Number: 0x800CCC78
Here’s a bit of info about the environment and its settings:
I’m using Exchange 2007 SP1.
The Hub Transport Server sits in a different domain, but in the same forest
as the user accounts.
The Hub Transport Server has had the default receive connector modified so
that only a specific range of IP addresses can send to it (let’s say 10.1.1.1
to 10.1.1.255).
I have then created another Receive Connector called TestClient which is
listening on port 25 for the IP address ranges which are not part of the
above range (i.e 0.0.0.0 to 10.0.0.255 and 10.1.2.1 to 255.255.255.255).
In the authentications tab I have TLS, Basic, Exchange Server Authentication
and Integrated Windows Authentication all ticked.
Finally in the Permissions group I have Exchange Users ticked.
Things I have tried.
This works perfectly on port 587 – using the same receive connector.
However I have several thousand Outlook Express clients to reconfigure if I
can’t get this working and the users are not technically savvy!
I have also tried adding the get-receiveconnector TestClient | add
-adpermission -user AU extendedrights
ms-Exch-SMTP-Accept-Authoritative-Domain-Sender command to grant
Authoritative domain senders the rights to send. But this doesn’t work – same
error code.
I have tried an account which is in the same domain as to which the Hub
Transport server is in (in case of a domain permissions problem).
When I tick the Anonymous Users option in the Permissions tab everything
works fine! But I’m not going to allow that so that’s not an option – I would
rather manually reconfigure all of the clients!
Some Logging Info
Here is a failed attempt extract from the SMTP Log files on the Hub
Transport server (all information about the domain/server name etc has been
replaced), no authentication attempt is being made (I also checked the DCs
and there is nothing there either) and the EHLO command is replaced with XXXX:
2008-01-24T11:44:44.505Z,HUBSERVER\TestClient,08CA2C957CC45A3F,0,SERVERIP:25,CLIENTIP:1921,+,,
2008-01-24T11:44:44.505Z,HUBSERVER\TestClient,08CA2C957CC45A3F,1,SERVERIP:25,CLIENTIP:1921,*,None,Set Session Permissions
2008-01-24T11:44:44.505Z,HUBSERVER\TestClient,08CA2C957CC45A3F,2,SERVERIP:25,CLIENTIP:1921,>,"220
HUBSERVER.domain.local Microsoft ESMTP MAIL Service ready at Thu, 24 Jan 2008
11:44:44 +0000",
2008-01-24T11:44:44.520Z,HUBSERVER\TestClient,08CA2C957CC45A3F,3,SERVERIP:25,CLIENTIP:1921,<,XXXX clientname,
2008-01-24T11:44:49.536Z,HUBSERVER\TestClient,08CA2C957CC45A3F,4,SERVERIP:25,CLIENTIP:1921,>,500 5.3.3 Unrecognized command,
2008-01-24T11:44:49.552Z,HUBSERVER\TestClient,08CA2C957CC45A3F,5,SERVERIP:25,CLIENTIP:1921,<,HELO clientname,
2008-01-24T11:44:49.552Z,HUBSERVER\TestClient,08CA2C957CC45A3F,6,SERVERIP:25,CLIENTIP:1921,>,250 HUBSERVER.domain.local Hello [CLIENTIP],
2008-01-24T11:44:49.567Z,HUBSERVER\TestClient,08CA2C957CC45A3F,7,SERVERIP:25,CLIENTIP:1921,<,MAIL FROM: <test@xxxxxxxxxxxxxx>,
2008-01-24T11:44:54.583Z,HUBSERVER\TestClient,08CA2C957CC45A3F,8,SERVERIP:25,CLIENTIP:1921,>,530 5.7.1 Client was not authenticated,
2008-01-24T11:44:54.583Z,HUBSERVER\TestClient,08CA2C957CC45A3F,9,SERVERIP:25,CLIENTIP:1921,-,,Local
Here is a successful attempt extract from the SMTP Log files on the Hub
Transport server though using 587 as the port, you can see that EHLO is being
made and the account being authenticated:
2008-01-24T11:58:01.260Z,HUBSERVER\TestClient,08CA2C977295CA87,0,SERVERIP:587,CLIENTIP:1938,+,,
2008-01-24T11:58:01.338Z,HUBSERVER\TestClient,08CA2C977295CA87,1,SERVERIP:587,CLIENTIP:1938,*,None,Set Session Permissions
2008-01-24T11:58:01.338Z,HUBSERVER\TestClient,08CA2C977295CA87,2,SERVERIP:587,CLIENTIP:1938,>,"220
HUBSERVER.domain.local Microsoft ESMTP MAIL Service ready at Thu, 24 Jan 2008
11:58:00 +0000",
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,3,SERVERIP:587,CLIENTIP:1938,<,EHLO clientname,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,4,SERVERIP:587,CLIENTIP:1938,>,250-HUBSERVER.domain.local Hello [CLIENTIP],
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,5,SERVERIP:587,CLIENTIP:1938,>,250-SIZE 10485760,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,6,SERVERIP:587,CLIENTIP:1938,>,250-PIPELINING,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,7,SERVERIP:587,CLIENTIP:1938,>,250-DSN,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,8,SERVERIP:587,CLIENTIP:1938,>,250-ENHANCEDSTATUSCODES,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,9,SERVERIP:587,CLIENTIP:1938,>,250-STARTTLS,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,10,SERVERIP:587,CLIENTIP:1938,>,250-X-ANONYMOUSTLS,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,11,SERVERIP:587,CLIENTIP:1938,>,250-AUTH NTLM LOGIN,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,12,SERVERIP:587,CLIENTIP:1938,>,250-X-EXPS GSSAPI NTLM,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,13,SERVERIP:587,CLIENTIP:1938,>,250-8BITMIME,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,14,SERVERIP:587,CLIENTIP:1938,>,250-BINARYMIME,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,15,SERVERIP:587,CLIENTIP:1938,>,250-CHUNKING,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,16,SERVERIP:587,CLIENTIP:1938,>,250-XEXCH50,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,17,SERVERIP:587,CLIENTIP:1938,>,250 XRDST,
2008-01-24T11:58:01.370Z,HUBSERVER\TestClient,08CA2C977295CA87,18,SERVERIP:587,CLIENTIP:1938,<,AUTH LOGIN,
2008-01-24T11:58:01.370Z,HUBSERVER\TestClient,08CA2C977295CA87,19,SERVERIP:587,CLIENTIP:1938,>,334 <authentication response>,
2008-01-24T11:58:01.385Z,HUBSERVER\TestClient,08CA2C977295CA87,20,SERVERIP:587,CLIENTIP:1938,>,334 <authentication response>,
2008-01-24T11:58:01.448Z,HUBSERVER\TestClient,08CA2C977295CA87,21,SERVERIP:587,CLIENTIP:1938,*,SMTPSubmit
SMTPAcceptAnyRecipient SMTPAcceptAuthoritativeDomainSender BypassAntiSpam
AcceptRoutingHeaders,Set Session Permissions
2008-01-24T11:58:01.448Z,HUBSERVER\TestClient,08CA2C977295CA87,22,SERVERIP:587,CLIENTIP:1938,*,domain\test,authenticated
2008-01-24T11:58:01.448Z,HUBSERVER\TestClient,08CA2C977295CA87,23,SERVERIP:587,CLIENTIP:1938,>,235 2.7.0 Authentication successful,
2008-01-24T11:58:01.463Z,HUBSERVER\TestClient,08CA2C977295CA87,24,SERVERIP:587,CLIENTIP:1938,<,MAIL FROM: <test@xxxxxxxxxxxxxx>,
2008-01-24T11:58:01.479Z,HUBSERVER\TestClient,08CA2C977295CA87,25,SERVERIP:587,CLIENTIP:1938,*,08CA2C977295CA87;2008-01-24T11:58:01.260Z;1,receiving
message
2008-01-24T11:58:01.479Z,HUBSERVER\TestClient,08CA2C977295CA87,26,SERVERIP:587,CLIENTIP:1938,>,250 2.1.0 Sender OK,
2008-01-24T11:58:01.495Z,HUBSERVER\TestClient,08CA2C977295CA87,27,SERVERIP:587,CLIENTIP:1938,<,RCPT TO: <test2@xxxxxxxxxxxx>,
2008-01-24T11:58:01.495Z,HUBSERVER\TestClient,08CA2C977295CA87,28,SERVERIP:587,CLIENTIP:1938,>,250 2.1.5 Recipient OK,
2008-01-24T11:58:01.510Z,HUBSERVER\TestClient,08CA2C977295CA87,29,SERVERIP:587,CLIENTIP:1938,<,DATA,
2008-01-24T11:58:01.666Z,HUBSERVER\TestClient,08CA2C977295CA87,30,SERVERIP:587,CLIENTIP:1938,>,354 Start mail input; end with <CRLF>.<CRLF>,
2008-01-24T11:58:02.073Z,HUBSERVER\TestClient,08CA2C977295CA87,31,SERVERIP:587,CLIENTIP:1938,>,250 2.6.0 <randomnumber@xxxxxxxxx> Queued mail for delivery,
2008-01-24T11:58:02.088Z,HUBSERVER\TestClient,08CA2C977295CA87,32,SERVERIP:587,CLIENTIP:1938,<,QUIT,
2008-01-24T11:58:02.088Z,HUBSERVER\TestClient,08CA2C977295CA87,33,SERVERIP:587,CLIENTIP:1938,>,221 2.0.0 Service closing transmission channel,
2008-01-24T11:58:02.088Z,HUBSERVER\TestClient,08CA2C977295CA87,34,SERVERIP:587,CLIENTIP:1938,-,,Local
Is what I trying to do no allowed on a Hub Transport Server for reasons of
security Iie supported only on an Edge Server) or is Port 25 not allowed to
be used by authenticated clients “by design”. Or have I got a permissions
problem somewhere along the line.
Thanks for taking the time to read this long post! Any help or explanations
gratefully received.
Many thanks
Mark
Also posted in exchange.setup
--
Thanks for helping
.
- Follow-Ups:
- Prev by Date: Re: Exchange 2007 Send connector and Local site sending restriction
- Next by Date: Re: Exchange 2003 to 2007 messages undelivered
- Previous by thread: Re: Exchange 2007 Send connector and Local site sending restriction
- Next by thread: Re: Problem with Exchange 2007 SP1 Receive Connector and SMTP
- Index(es):
Relevant Pages
|
