Re: Problem with Exchange 2007 SP1 Receive Connector and SMTP
- From: MarkC <MarkC@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 Jan 2008 10:15:50 -0800
We think we have solved this issue.
Having had a chat with our networks guys it would appear that there were
inspection policies setup for SMTP/ESMTP. These have now been removed and the
connector has started working over port 25.
The following links may also help:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455aca.html
http://support.microsoft.com/kb/295725
We have a few more tests to do but things are looking better than they were.
Regards
--
Thanks for helping
"DJ" wrote:
Mark,.
Just a quick note/question, do you have OE set to send Authentication on the
sending server? and possibly turning on SSL in the Advance settings if
you're using it?
Just looking at the logs, for the 587 port there is no auth going on there,
just the ehlo and everything is great.
Also the 0x800CCC78 error is typical of the incorrect "sending" email
address, you said these were in a different domain did you try the other
domains fqdn?
However examining the output of the ehlo on 25 versus 587, they show
different responses... below. I've had to turn on anonymous for the many and
various systems that send status emails to and fro.... so that could be the
difference for me. I'll have to do some testing.
Just some thoughts.
Don
PORT 25
220 hub01p.local Microsoft ESMTP MAIL Service ready at Tue, 29 Jan 2008
00:32:01 -0600
ehlo
250-hub01p.local Hello [10.1.1.1]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250 XRDST
quit
221 2.0.0 Service closing transmission channel
PORT 587
220 hub01p.pm.local Microsoft ESMTP MAIL Service ready at Tue, 29 Jan 2008
00:32:58 -0600
ehlo
250-hub01p.local Hello [10.1.1.1]
250-SIZE 10485760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250 CHUNKING
220 hub01p.local Microsoft ESMTP MAIL Service ready at Tue, 29 Jan 2008
00:32:01 -0600
"MarkC" <MarkC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6062E98D-2CFF-4A92-9021-7E9EFDD4A31E@xxxxxxxxxxxxxxxx
I am hoping that somebody can help me with this problem which I am facing.
Firstly a bit of information about the problem.
I am trying to get Outlook Express v6 or (any email client for that
matter)
to send email on port 25 (My Server Requires Authentication option ticked)
to
a Hub Transport server. The error which I get is:
The message could not be sent because the server rejected the sender's
e-mail address.
The sender's e-mail address was 'test@xxxxxxxxxxxxxx'.
Subject 'Subject information, Account: 'Test Hub', Server: 'x.x.x.x',
Protocol: SMTP, Server Response: '530 5.7.1 Client was not authenticated',
Port: 25, Secure(SSL): No, Server Error: 530, Error Number: 0x800CCC78
Here's a bit of info about the environment and its settings:
I'm using Exchange 2007 SP1.
The Hub Transport Server sits in a different domain, but in the same
forest
as the user accounts.
The Hub Transport Server has had the default receive connector modified so
that only a specific range of IP addresses can send to it (let's say
10.1.1.1
to 10.1.1.255).
I have then created another Receive Connector called TestClient which is
listening on port 25 for the IP address ranges which are not part of the
above range (i.e 0.0.0.0 to 10.0.0.255 and 10.1.2.1 to 255.255.255.255).
In the authentications tab I have TLS, Basic, Exchange Server
Authentication
and Integrated Windows Authentication all ticked.
Finally in the Permissions group I have Exchange Users ticked.
Things I have tried.
This works perfectly on port 587 - using the same receive connector.
However I have several thousand Outlook Express clients to reconfigure if
I
can't get this working and the users are not technically savvy!
I have also tried adding the get-receiveconnector TestClient | add
-adpermission -user AU extendedrights
ms-Exch-SMTP-Accept-Authoritative-Domain-Sender command to grant
Authoritative domain senders the rights to send. But this doesn't work -
same
error code.
I have tried an account which is in the same domain as to which the Hub
Transport server is in (in case of a domain permissions problem).
When I tick the Anonymous Users option in the Permissions tab everything
works fine! But I'm not going to allow that so that's not an option - I
would
rather manually reconfigure all of the clients!
Some Logging Info
Here is a failed attempt extract from the SMTP Log files on the Hub
Transport server (all information about the domain/server name etc has
been
replaced), no authentication attempt is being made (I also checked the DCs
and there is nothing there either) and the EHLO command is replaced with
XXXX:
2008-01-24T11:44:44.505Z,HUBSERVER\TestClient,08CA2C957CC45A3F,0,SERVERIP:25,CLIENTIP:1921,+,,
2008-01-24T11:44:44.505Z,HUBSERVER\TestClient,08CA2C957CC45A3F,1,SERVERIP:25,CLIENTIP:1921,*,None,Set
Session Permissions
2008-01-24T11:44:44.505Z,HUBSERVER\TestClient,08CA2C957CC45A3F,2,SERVERIP:25,CLIENTIP:1921,>,"220
HUBSERVER.domain.local Microsoft ESMTP MAIL Service ready at Thu, 24 Jan
2008
11:44:44 +0000",
2008-01-24T11:44:44.520Z,HUBSERVER\TestClient,08CA2C957CC45A3F,3,SERVERIP:25,CLIENTIP:1921,<,XXXX
clientname,
2008-01-24T11:44:49.536Z,HUBSERVER\TestClient,08CA2C957CC45A3F,4,SERVERIP:25,CLIENTIP:1921,>,500
5.3.3 Unrecognized command,
2008-01-24T11:44:49.552Z,HUBSERVER\TestClient,08CA2C957CC45A3F,5,SERVERIP:25,CLIENTIP:1921,<,HELO
clientname,
2008-01-24T11:44:49.552Z,HUBSERVER\TestClient,08CA2C957CC45A3F,6,SERVERIP:25,CLIENTIP:1921,>,250
HUBSERVER.domain.local Hello [CLIENTIP],
2008-01-24T11:44:49.567Z,HUBSERVER\TestClient,08CA2C957CC45A3F,7,SERVERIP:25,CLIENTIP:1921,<,MAIL
FROM: <test@xxxxxxxxxxxxxx>,
2008-01-24T11:44:54.583Z,HUBSERVER\TestClient,08CA2C957CC45A3F,8,SERVERIP:25,CLIENTIP:1921,>,530
5.7.1 Client was not authenticated,
2008-01-24T11:44:54.583Z,HUBSERVER\TestClient,08CA2C957CC45A3F,9,SERVERIP:25,CLIENTIP:1921,-,,Local
Here is a successful attempt extract from the SMTP Log files on the Hub
Transport server though using 587 as the port, you can see that EHLO is
being
made and the account being authenticated:
2008-01-24T11:58:01.260Z,HUBSERVER\TestClient,08CA2C977295CA87,0,SERVERIP:587,CLIENTIP:1938,+,,
2008-01-24T11:58:01.338Z,HUBSERVER\TestClient,08CA2C977295CA87,1,SERVERIP:587,CLIENTIP:1938,*,None,Set
Session Permissions
2008-01-24T11:58:01.338Z,HUBSERVER\TestClient,08CA2C977295CA87,2,SERVERIP:587,CLIENTIP:1938,>,"220
HUBSERVER.domain.local Microsoft ESMTP MAIL Service ready at Thu, 24 Jan
2008
11:58:00 +0000",
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,3,SERVERIP:587,CLIENTIP:1938,<,EHLO
clientname,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,4,SERVERIP:587,CLIENTIP:1938,>,250-HUBSERVER.domain.local
Hello [CLIENTIP],
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,5,SERVERIP:587,CLIENTIP:1938,>,250-SIZE
10485760,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,6,SERVERIP:587,CLIENTIP:1938,>,250-PIPELINING,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,7,SERVERIP:587,CLIENTIP:1938,>,250-DSN,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,8,SERVERIP:587,CLIENTIP:1938,>,250-ENHANCEDSTATUSCODES,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,9,SERVERIP:587,CLIENTIP:1938,>,250-STARTTLS,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,10,SERVERIP:587,CLIENTIP:1938,>,250-X-ANONYMOUSTLS,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,11,SERVERIP:587,CLIENTIP:1938,>,250-AUTH
NTLM LOGIN,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,12,SERVERIP:587,CLIENTIP:1938,>,250-X-EXPS
GSSAPI NTLM,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,13,SERVERIP:587,CLIENTIP:1938,>,250-8BITMIME,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,14,SERVERIP:587,CLIENTIP:1938,>,250-BINARYMIME,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,15,SERVERIP:587,CLIENTIP:1938,>,250-CHUNKING,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,16,SERVERIP:587,CLIENTIP:1938,>,250-XEXCH50,
2008-01-24T11:58:01.354Z,HUBSERVER\TestClient,08CA2C977295CA87,17,SERVERIP:587,CLIENTIP:1938,>,250
XRDST,
2008-01-24T11:58:01.370Z,HUBSERVER\TestClient,08CA2C977295CA87,18,SERVERIP:587,CLIENTIP:1938,<,AUTH
LOGIN,
2008-01-24T11:58:01.370Z,HUBSERVER\TestClient,08CA2C977295CA87,19,SERVERIP:587,CLIENTIP:1938,>,334
<authentication response>,
2008-01-24T11:58:01.385Z,HUBSERVER\TestClient,08CA2C977295CA87,20,SERVERIP:587,CLIENTIP:1938,>,334
<authentication response>,
2008-01-24T11:58:01.448Z,HUBSERVER\TestClient,08CA2C977295CA87,21,SERVERIP:587,CLIENTIP:1938,*,SMTPSubmit
SMTPAcceptAnyRecipient SMTPAcceptAuthoritativeDomainSender BypassAntiSpam
AcceptRoutingHeaders,Set Session Permissions
2008-01-24T11:58:01.448Z,HUBSERVER\TestClient,08CA2C977295CA87,22,SERVERIP:587,CLIENTIP:1938,*,domain\test,authenticated
2008-01-24T11:58:01.448Z,HUBSERVER\TestClient,08CA2C977295CA87,23,SERVERIP:587,CLIENTIP:1938,>,235
2.7.0 Authentication successful,
2008-01-24T11:58:01.463Z,HUBSERVER\TestClient,08CA2C977295CA87,24,SERVERIP:587,CLIENTIP:1938,<,MAIL
FROM: <test@xxxxxxxxxxxxxx>,
2008-01-24T11:58:01.479Z,HUBSERVER\TestClient,08CA2C977295CA87,25,SERVERIP:587,CLIENTIP:1938,*,08CA2C977295CA87;2008-01-24T11:58:01.260Z;1,receiving
message
2008-01-24T11:58:01.479Z,HUBSERVER\TestClient,08CA2C977295CA87,26,SERVERIP:587,CLIENTIP:1938,>,250
2.1.0 Sender OK,
2008-01-24T11:58:01.495Z,HUBSERVER\TestClient,08CA2C977295CA87,27,SERVERIP:587,CLIENTIP:1938,<,RCPT
TO: <test2@xxxxxxxxxxxx>,
2008-01-24T11:58:01.495Z,HUBSERVER\TestClient,08CA2C977295CA87,28,SERVERIP:587,CLIENTIP:1938,>,250
2.1.5 Recipient OK,
2008-01-24T11:58:01.510Z,HUBSERVER\TestClient,08CA2C977295CA87,29,SERVERIP:587,CLIENTIP:1938,<,DATA,
2008-01-24T11:58:01.666Z,HUBSERVER\TestClient,08CA2C977295CA87,30,SERVERIP:587,CLIENTIP:1938,>,354
Start mail input; end with <CRLF>.<CRLF>,
2008-01-24T11:58:02.073Z,HUBSERVER\TestClient,08CA2C977295CA87,31,SERVERIP:587,CLIENTIP:1938,>,250
2.6.0 <randomnumber@xxxxxxxxx> Queued mail for delivery,
2008-01-24T11:58:02.088Z,HUBSERVER\TestClient,08CA2C977295CA87,32,SERVERIP:587,CLIENTIP:1938,<,QUIT,
2008-01-24T11:58:02.088Z,HUBSERVER\TestClient,08CA2C977295CA87,33,SERVERIP:587,CLIENTIP:1938,>,221
2.0.0 Service closing transmission channel,
2008-01-24T11:58:02.088Z,HUBSERVER\TestClient,08CA2C977295CA87,34,SERVERIP:587,CLIENTIP:1938,-,,Local
Is what I trying to do no allowed on a Hub Transport Server for reasons of
security Iie supported only on an Edge Server) or is Port 25 not allowed
to
be used by authenticated clients "by design". Or have I got a permissions
problem somewhere along the line.
Thanks for taking the time to read this long post! Any help or
explanations
gratefully received.
Many thanks
Mark
Also posted in exchange.setup
--
Thanks for helping
- Follow-Ups:
- Re: Problem with Exchange 2007 SP1 Receive Connector and SMTP
- From: DJ
- Re: Problem with Exchange 2007 SP1 Receive Connector and SMTP
- From: Michael Dragone
- Re: Problem with Exchange 2007 SP1 Receive Connector and SMTP
- References:
- Prev by Date: Re: Exchange 2007 SCR offsite
- Next by Date: Re: Problem with Exchange 2007 SP1 Receive Connector and SMTP
- Previous by thread: Re: Problem with Exchange 2007 SP1 Receive Connector and SMTP
- Next by thread: Re: Problem with Exchange 2007 SP1 Receive Connector and SMTP
- Index(es):
Relevant Pages
|
Loading
