Exchange 2003 relay question

Soldato
Joined
18 Oct 2002
Posts
5,148
Location
Riding my bike
We have an exchange 2003 server.

It will quite happily relay smtp for it own subnet. We also have a machine on a DMZ that we need to allow to relay via our exchange server.

I have added its subnet 10.0.2.0/255.255.255.0 to the relay 'allow the list below' in the virtual smtp server settings but still it won't relay out. It will accept local addresses [email protected] but not outside addresses '[email protected]' for example.

I have restarted exchange.

'Spoofing' smtp using telnet to port 25 produces the 'cannot relay' type errors.

Any ideas please !
 
Associate
Joined
20 Oct 2002
Posts
1,968
Location
Nottingham
Where exactly did you add the subnet?

Within ESM -> Administrative Groups -> "Domain" -> "Server" -> SMTP -> Default SMTP Virtual Server

Access tab

Then relay restrictions or connection control?

From your wording, I am guessing you have gone into connection control and added the subnet in there when you should be adding it to relay restrictions using "only the list below" with a status of granted of course.

I would also suggest using a single IP rather than a subnet especially if the source is your DMZ.
 
Permabanned
Joined
7 Dec 2005
Posts
2,689
Hodders said:
Sending anonymously....

I can (from a dos prompt) on the dmz spoof email via telnet to port 25 to any internal address - it's just the external ones that fail.... grrrr
ill do it tonight ill do a tut, plus you need u unblacklist.
 
Soldato
OP
Joined
18 Oct 2002
Posts
5,148
Location
Riding my bike
^^Gord^^ said:
Where exactly did you add the subnet?

Within ESM -> Administrative Groups -> "Domain" -> "Server" -> SMTP -> Default SMTP Virtual Server

Access tab

Then relay restrictions or connection control?

From your wording, I am guessing you have gone into connection control and added the subnet in there when you should be adding it to relay restrictions using "only the list below" with a status of granted of course.

I would also suggest using a single IP rather than a subnet especially if the source is your DMZ.

I did it via the 'relay' settings. Daft thing is I've mad the same changes to another exchange server and it works fine !

Thanks for your help though !
 
Associate
Joined
20 Oct 2002
Posts
1,968
Location
Nottingham
That is odd. Do you have any anti-spam or anti-virus checking on SMTP that may be causing you problems?

If you telnet on port 25 the header should tell you what program is responding.
 
Back
Top Bottom