Allowing application servers to relay on Exchange 2007 Hub Transport servers

by Shijaz Abdulla on 03.08.2008 at 14:00

I finally decided to switch off my Exchange 2003 Servers which handled relay requests from application servers. The Exchange Server 2007 hub transport servers would be entrusted with this task. I modified the DNS record so that all SMTP relaying will be directed to my Hub transport server.

However, once I did this, I found that most of my application servers could not relay messages that were destined for recipients outside the organization. A closer examination revealed that the hub transport servers were closing connections by returning a "550 5.7.1 Unable to Relay" error message.

Here’s what I did to workaround the problem.

I created a new SMTP Connector with the following properties:

image

The important bit is where you specify the remote servers that should be allowed to send mail via this connector. Although it’s tempting to add all IP addresses, make sure you add only your application server IP addresses here. Otherwise you’re gonna have a major email security problem!

image

In the authentication options, enable only TLS and Externally Secured. This is a method of re-assuring Exchange that email sent is externally secured and its okay to take it easy and accept email and that you totally trust these IP addresses.

image

Under Permission Groups, make sure you select Exchange Servers and Anonymous.

image

And you’re all set. The IP addresses that you specified on this connector will use this receive connector to relay messages internally and outside your organization.

Trackback Permanent Link

Leave a Reply