In our Exchange 2010 environment we have removed the original, default receive connectors and created custom ones. We currently have one titled "InternalRelay" that allows unauthenticated senders to send e-mail to any internal recipient from any
from address, as long as the IP address of the client or server machine is listed on the Network tab. We also have one titled "ExternalRelay" that allows unauthenticated senders to send e-mail to any internal or external recipient from any from address,
as long as the IP address of the client or server machine is listed on the Network tab.
What I am trying to do is create a new receive connector that requires secure authentication via either Basic Authentication with TLS or Integrated Windows Authentication in order to relay mail. If possible, I would like to create one for internal and one for external (call them "InternalAuthRelay" and "ExternalAuthRelay").
I can't seem to get it to work. I've created an InternalAuthRelay that has the following boxes checked on the Authentication tab for the receive connector:
Transport Layer Security (TLS)
Basic Authentication
Offer Basic authentication only after starting TLS
Integrated Windows authentication
The following boxes are checked on the Permission Groups tab:
Exchange users
I have added our database servers' IP addresses to the Network tab. Inside SQL Server 2008 R2, the DBA set up the e-mail settings to use Integrated Windows authentication (SQL Server's services are running as a domain account). When he tries to send an e-mail via SQL, he receives the following error message:
"The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 1 (2012-12-04T15:44:34). Exception Message: Cannot send mails to mail server. (Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send as this sender). )"
The from e-mail address he is using is not a valid e-mail address in our internal Exchange organization and the SQL Server service account is not mail-enabled (it does not have an Exchange mailbox attached to it).
How can I create internal-only and internal/external relay receive connectors that require authentication but can send from fake sender addresses?
The reason I am trying to create such connectors is to further control what can and cannot send e-mail to where beyond just a simple machine level.
What I am trying to do is create a new receive connector that requires secure authentication via either Basic Authentication with TLS or Integrated Windows Authentication in order to relay mail. If possible, I would like to create one for internal and one for external (call them "InternalAuthRelay" and "ExternalAuthRelay").
I can't seem to get it to work. I've created an InternalAuthRelay that has the following boxes checked on the Authentication tab for the receive connector:
Transport Layer Security (TLS)
Basic Authentication
Offer Basic authentication only after starting TLS
Integrated Windows authentication
The following boxes are checked on the Permission Groups tab:
Exchange users
I have added our database servers' IP addresses to the Network tab. Inside SQL Server 2008 R2, the DBA set up the e-mail settings to use Integrated Windows authentication (SQL Server's services are running as a domain account). When he tries to send an e-mail via SQL, he receives the following error message:
"The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 1 (2012-12-04T15:44:34). Exception Message: Cannot send mails to mail server. (Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send as this sender). )"
The from e-mail address he is using is not a valid e-mail address in our internal Exchange organization and the SQL Server service account is not mail-enabled (it does not have an Exchange mailbox attached to it).
How can I create internal-only and internal/external relay receive connectors that require authentication but can send from fake sender addresses?
The reason I am trying to create such connectors is to further control what can and cannot send e-mail to where beyond just a simple machine level.