Exchange send connector
might be i am going to ask funny question , i am creating new send connector ,use domain name system(DNS)''MX records to route mail automatically .....it seems hidden i am not able to select
Hi LUV.P,
As Robert suggests, would you please let us know more details for this issue?
Based on your description, I just understand that the
Use domain name system (DNS) "MX" records to route mail automatically
option can be selected. I’m a little confused with “Hidden” that you descript.
By the way, if you use Set-SendConnector cmdlet, can configure successfully?
If any update, please feel free to let us know.
Best regards,
Justin Gu
Similar Messages
-
How to change SMTP port in exchange send connector
Exchange 2013 SP1
I use Comcast as a smart host. It needs to work on port 587. How do I change the default port to 587?
John LenzHi John,
You need to use the cmdlet
Set-SendConnector with the -port switch
Cheers,
Exchange Blog:
www.ntweekly.com
MCSA, MCSE, MCITP:SA, MCITP:EA, MCITP:Enterprise Messaging Administrator 2010,MCTS:Virtualization -
I’m trying to send email using exchange send connector STARTTLS setting to the SMTP server. I have read multiple documents on configuring TLS for send connector, but they talks about outbound connections to internet facing servers. My Exchange 2013 and SMTP
server is in the same domain (let’s say A.com) and I’m creating dummy domains on my SMTP server (e.g.
[email protected],
[email protected] ) and their respective send connectors on the exchange server end. In the smart host section added the IP address of the SMTP server and in the scoping section added the SMTP domain address (e.g. dummy1.local ). In the FQDN field, added
the FQDN of the exchange server 2013 which certificate is enabled with SMTP service.
Could you tell me a step by step procedure, where I’m going wrong or any extra settings needs to added?
Presently, it is giving me an error that 530 5.5.1 TLS encrypted connection is required.
Note: I’ve created the Microsoft CA certificates for the SMTP and exchange servers and imported them in the personal certificate container. In which, the exchange certificate is created with FQDN name of the server and enabled for the SMTP service.
I’m using OPENSSL certificate for making the SMTP server TLS enabled. (let me know, if I need to import the OPENSSL certificate anywhere on the exchange end)?
Thanks!-IgnoreSTARTTLS is set to false on the send connector properties.
I'm trying to established a HTTP over TLS connection. I'm not using mutual TLS between these two server.
The send connector protocol logging is attached as below,
2014-09-22T20:09:45.468Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,2,10.219.3.74:24939,10.219.3.73:25,<,220 SMTP.A.local Welcome (MTA version),
2014-09-22T20:09:45.546Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,3,10.219.3.74:24939,10.219.3.73:25,>,EHLO Exchange.A.local,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,4,10.219.3.74:24939,10.219.3.73:25,<,250-SMTP.A.local Exchange.A.local OK,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,5,10.219.3.74:24939,10.219.3.73:25,<,250-SIZE,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,6,10.219.3.74:24939,10.219.3.73:25,<,250-8BITMIME,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,7,10.219.3.74:24939,10.219.3.73:25,<,250-BINARYMIME,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,8,10.219.3.74:24939,10.219.3.73:25,<,250-PIPELINING,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,9,10.219.3.74:24939,10.219.3.73:25,<,250-HELP,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,10,10.219.3.74:24939,10.219.3.73:25,<,250-DSN,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,11,10.219.3.74:24939,10.219.3.73:25,<,250-CHUNKING,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,12,10.219.3.74:24939,10.219.3.73:25,<,250-AUTH SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,13,10.219.3.74:24939,10.219.3.73:25,<,250-AUTH=SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,14,10.219.3.74:24939,10.219.3.73:25,<,250-STARTTLS,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,15,10.219.3.74:24939,10.219.3.73:25,<,250-DELIVERBY,
2014-09-22T20:09:45.624Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,16,10.219.3.74:24939,10.219.3.73:25,<,250-MT-PRIORITY,
2014-09-22T20:09:45.640Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,17,10.219.3.74:24939,10.219.3.73:25,<,250 ENHANCEDSTATUSCODES,
2014-09-22T20:09:45.655Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,18,10.219.3.74:24939,10.219.3.73:25,>,STARTTLS,
2014-09-22T20:09:45.671Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,19,10.219.3.74:24939,10.219.3.73:25,<,220 2.7.0 Ready to start TLS,
2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,20,10.219.3.74:24939,10.219.3.73:25,*,,Sending certificate
2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,21,10.219.3.74:24939,10.219.3.73:25,*,CN=Exchange.A.local,Certificate subject
2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,22,10.219.3.74:24939,10.219.3.73:25,*,"CN=DC-CA, DC=A, DC=local",Certificate issuer name
2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,23,10.219.3.74:24939,10.219.3.73:25,*,63E7E70100000000000B,Certificate serial number
2014-09-22T20:09:45.687Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,24,10.219.3.74:24939,10.219.3.73:25,*,CAEB1200CDF49715E5F2E4B8315EFDDC01F8F945,Certificate thumbprint
2014-09-22T20:09:45.780Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,25,10.219.3.74:24939,10.219.3.73:25,*,Exchange.A.local,Certificate alternate names
2014-09-22T20:09:46.654Z,Exchange-SMTP send connector,08D1A4A14C7EDED5,26,10.219.3.74:24939,10.219.3.73:25,-,,Local
2014-09-22T20:09:46.669Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,0,,10.219.3.73:25,*,,attempting to connect
2014-09-22T20:09:46.685Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,1,10.219.3.74:24940,10.219.3.73:25,+,,
2014-09-22T20:09:46.701Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,2,10.219.3.74:24940,10.219.3.73:25,<,220 SMTP.A.local Welcome (MTA version),
2014-09-22T20:09:46.701Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,3,10.219.3.74:24940,10.219.3.73:25,>,EHLO Exchange.A.local,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,4,10.219.3.74:24940,10.219.3.73:25,<,250-SMTP.A.local Exchange.A.local OK,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,5,10.219.3.74:24940,10.219.3.73:25,<,250-SIZE,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,6,10.219.3.74:24940,10.219.3.73:25,<,250-8BITMIME,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,7,10.219.3.74:24940,10.219.3.73:25,<,250-BINARYMIME,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,8,10.219.3.74:24940,10.219.3.73:25,<,250-PIPELINING,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,9,10.219.3.74:24940,10.219.3.73:25,<,250-HELP,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,10,10.219.3.74:24940,10.219.3.73:25,<,250-DSN,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,11,10.219.3.74:24940,10.219.3.73:25,<,250-CHUNKING,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,12,10.219.3.74:24940,10.219.3.73:25,<,250-AUTH SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,13,10.219.3.74:24940,10.219.3.73:25,<,250-AUTH=SCRAM-SHA-1 GSS-SPNEGO DIGEST-MD5 CRAM-MD5 NTLM,
2014-09-22T20:09:46.716Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,14,10.219.3.74:24940,10.219.3.73:25,<,250-STARTTLS,
2014-09-22T20:09:46.732Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,15,10.219.3.74:24940,10.219.3.73:25,<,250-DELIVERBY,
2014-09-22T20:09:46.732Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,16,10.219.3.74:24940,10.219.3.73:25,<,250-MT-PRIORITY,
2014-09-22T20:09:46.732Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,17,10.219.3.74:24940,10.219.3.73:25,<,250 ENHANCEDSTATUSCODES,
2014-09-22T20:09:46.810Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,18,10.219.3.74:24940,10.219.3.73:25,*,,sending message with RecordId 52652004081667 and InternetMessageId <[email protected]>
2014-09-22T20:09:46.810Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,19,10.219.3.74:24940,10.219.3.73:25,>,MAIL FROM:<> SIZE=7653 BODY=BINARYMIME,
2014-09-22T20:09:46.810Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,20,10.219.3.74:24940,10.219.3.73:25,>,RCPT TO:<[email protected]>,
2014-09-22T20:09:46.825Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,21,10.219.3.74:24940,10.219.3.73:25,<,530 5.5.1 A TLS-encrypted connection is required,
2014-09-22T20:09:46.950Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,22,10.219.3.74:24940,10.219.3.73:25,<,503 5.5.1 unexpected RCPT command,
2014-09-22T20:09:46.981Z,Exchange-SMTP send connector,08D1A4A14C7EDED6,23,10.219.3.74:24940,10.219.3.73:25,>,RSET, -
Remove legacy Send connectors from Exchange 2010 after migration
Hello.
I have just removed the last legacy exchange 2003 server form our organisation.
I followed the official MS documentation for this and the remove went to plan with no errors.
The only issue I now have is that I have 2 legacy exchange send connectors in the Hub Transport view.
I have tried to disable and remove them but I get an undocumented error. The warning I get in the exchange server event logs is as follows
Process w3wp.exe () (PID=8148). Object [CN="Connector name",CN=Connections,CN="Organisation Name",CN=Routing Groups,CN="Group Name",CN=Administrative Groups,CN="Org Name",CN=Microsoft Exchange,CN=Services,CN=Configuration,DC="Domain
Name",DC="local"]. Property [HomeMtaServerId] is set to value ["Domain Name"/Configuration/Deleted Objects/Microsoft MTA
DEL:1bfa936f-c57e-4b7d-ad03-258acb560ad3], it is pointing to the Deleted Objects container in Active Directory. This property should be fixed as soon as possible.
Is ADSI edit the best way to remove these entries or is there another way to disable and remove?
Regards
Lee GregoryHi,
If the legacy send connector is no longer needed, it is ok to remove it from ADSIEdit.
For reference: select configuration as Connection point > domain > Services > MS Exchange > organizaiton name > Administrative Groups > Exchange Administrative Group > Routing Groups > First Routing Group > Connections
Regards,
Rebecca Tu
TechNet Community Support -
Send connector from exchange 2007
Currently since I have both environments up, I see that Exchange 2013 is using the send connector that was created in my exchange 2007 environment. Will this send connector go away once I bring down my exchange 2007 environment? Shoould I create
a new one for Exchange 2013?Hi
From what i have seen running ex2010 and upgrading to 2013 it stayed (exchange 2013 is clever :-)). you can just modify your send connector and make sure that the settings are for your exchange 2013 server. -
What are the correct Send Connectors settings in Exchange 2013
Hi
I'm new to exchange, successfully setup a lab with 2 cashub roles and 2 mailbox roles. I am trying to set the send connectors settings, because I've not been able to send nor receive external email via owa. Since I'm separating the exchange roles, my mailbox
servers only use internal IP settings and cannot resolve external DNS. I'm thinking I need to tick, proxy through CAS for it to work? any suggestions?Hi
Can you please let us know what version of Exchange that you are using
"I'm new to exchange, successfully setup a lab with 2 cashub roles and 2 mailbox roles"
- Because Exchange 2013 does not hold hub role.
" I am trying to set the send connectors settings, because I've not been able to send
nor receive external email via owa."
It would be great if you could answer few questions so that people can help you out here
Are you able to send emails internally without any issues with Outlook ? If not can you paste the errors.
What error you are getting while trying to send emails through owa . Can you paste the errors.
If you are looking for steps to create new send connector please follow below technet article
http://technet.microsoft.com/en-us/library/aa998936(v=exchg.150).aspxFeel free to post your comments/errors you received to proceed
further
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
(MVP) -
Configure send connector for exchange online protection
Hello Forum members,
I am trying to configure send and receive connectors for Exchange 2010 to route
on-premises mailboxes to Exchange OnLine Protection. The "help" info MS provides
is for Ex 2013 - and the EAC GUI and config does not lend a close fit to using the 2010
Exch Management Console. How can I configure connectors to properly connect to the Exchange Online Protection?
I have seen where the ip addresses are posted, etc. I am unclear how to configure the properties on the SBS 2011/EX 2010 server.
Any tips will help,
Thanks,
Eric H.
Network and Server InstallsHello Wesleyhe,
You cannot use AD anything with EOP - if you mean exchange on-line protection.
you have to set a smart host on the SBS server to connect to EOP, you may need to add the EOP server ips to your network config
on the SBS server. the smart host line (for the send connector on SBS server) is something like: yourdomainname-com.mail.protection.outlook.com.
Then you need to configure the outside ip for your SBS server access in the EOP admin area.
Hope this helps.
eholz
Network and Server Installs -
Exchange 2007 Smarthost send connector backing up
I have seen some similar posts to this but none have had any good answers.
We route all outbound mail through an Barracuda spam/virus appliance. We are a busy college campus with roughly 2k staff banging away at our mail gateways with mass mailings to our students, homework assignments, class schedules, blah blah blah..
At no time is our outbound mail queue empty. The trouble is, is that at any given time the most "Active" delivery status messages I see in queue viewer is 6 messages. Whether there are 30 or 5000 messages stuck in there it never try's to send
more than 6 at a time.
Sometimes the queue viewer shows no "Active" connections just all "Ready's". I never see the status change to "Retry" or anything else other than "Ready" or "Active".
We often have delivery delays of 3 or 4 hours when mass mailing messages that do not exceed more than 10 to 20k.
Here is what we've tried so far:
In Powershell use: get-transportserver | fl (to view these)
and use: set-transportserver -ConfiguratorName (to change the values)
updated MaxConcurrentMailboxDeliveries to 50
updated MaxConcurrentMailboxSubmissions to 50
updated PickupDirectoryMaxMessagesPerMinute to 200
MaxConnectionRatePerMinute 1200
MaxOutboundConnections 1000
MaxPerDomainOutboundConnections 1000
"...MaxMessageAttachSize" 100MB (For testing only)
use: get-sendconnector | fl to verify the value of "MaxMessageSize". Ours is set to unlimited.
use: get-transportconfig to check all the "Max" settings in there particularly the MaxDumpsterSizePerStorageGroup setting. Ours is 125MB.
Protocol logging is set to Verbose on the send connector. There are no error messages in the send or connectivity logs. The "Microsoft MailFlow Troubleshooter" is a joke.
We have no throttling turned on at the Barracuda level, so says their tech support. I of course have no way of verifying this as I do not have access to it.
I guess my question is. Does anyone know how or where we can increase the number of "Active" messages in the queue to more than 6 messages?On Thu, 16 May 2013 20:19:55 +0000, Elvis P. Johnson wrote:
>We route all outbound mail through an Barracuda spam/virus appliance. We are a busy college campus with roughly 2k staff banging away at our mail gateways with mass mailings to our students, homework assignments, class schedules, blah blah blah..
>
>
>
>At no time is our outbound mail queue empty. The trouble is, is that at any given time the most "Active" delivery status messages I see in queue viewer is 6 messages. Whether there are 30 or 5000 messages stuck in there it never try's to send more than
6 at a time.
You're sending all mail to a single smart host? I'd be looking at that
machine's configuration.
>Sometimes the queue viewer shows no "Active" connections just all "Ready's". I never see the status change to "Retry" or anything else other than "Ready" or "Active".
You have only one queue, for the smart host, right? Is there a "Last
error" value for it?
Are there any "back-pressure" events in the server's application event
log?
>We often have delivery delays of 3 or 4 hours when mass mailing messages that do not exceed more than 10 to 20k.
[ snip ]
>Protocol logging is set to Verbose on the send connector. There are no error messages in the send or connectivity logs. The "Microsoft MailFlow Troubleshooter" is a joke.
>
>We have no throttling turned on at the Barracuda level, so says their tech support. I of course have no way of verifying this as I do not have access to it.
The barracuda has DOS protection. I *think* the default is to limit
the number of "parrallel connections" to 5, but that may be different
on different models. There are probably other "rate limiting"
settings, too.
>I guess my question is. Does anyone know how or where we can increase the number of "Active" messages in the queue to more than 6 messages?
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP -
Hello,
I'm relatively new to administering Exchange and I had some questions on Send Connectors. We send mail to a few different domains that usually 75% of the time will generate a message saying:
Delivery is delayed to these recipients or distribution lists:
This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.
Delivery of this message will be attempted until 1/9/2014 9:31:13 AM (GMT-05:00) Eastern Time (US & Canada). Microsoft Exchange will notify you if the message can't be delivered
by that time.
Sometimes messages will make it to the intended recipients and other times not. Most of the time they are just regular emails without any attachments on them. I'm not exactly sure how connectors work, but I'm thinking that I can set one up to tell exchange
that it should route these certain emails to that domain. Is this the correct thought process on how a send connector would work and are there any ramifications I need to worry about if I set up a second or third send connector?
I apologize if this is naïve or doesn't make sense. Please let me know if you need more information. We run Exchange 2007 on Windows SBS 2008.
Thank you.Hi,
It seems that it could be a reverse DNS lookup issue. I recommend you check if the reverse DNS record is configured correctly.
If it is ok, I suggest you enable logging at your send connector. Then check the log to see if you could find some clues.
Best regards,
Belinda
Belinda Ma
TechNet Community Support -
Hi to all
We have 9 email server, 5 Mailboxes, 2 CAS and 2 HT, We began to have problems to send and receive from internet; so I checked the queues and I discovered that some users are sending messages with a size greater than 16 MB, althought internally can send
until 40MB, if they send externally, only until 16MB.
I revised all the configuration:
Organization Configuration/Hub Transport/Global Settings/ Maximum send size (KB):40960
Server Configuration/Hub Transport/HT01/Receive Connectors/Default HT01/Maximum message size(KB): 40960 (only this server can send outside, the other server is in spare)
Organization Configuration/Hub Transport/Send Connector/SendMailOuside/Maximum message size(KB) 16386
We send by an Smart host that is used only by the HT01 to a Symantec server.
With this, we have this situations:
In the queue, I see some users are sending emails with a size more than 16MB outside the organization, I revised their configuration and the "maximun send size" is clear the checkbox (just like my account), the weir is if I try to send an email
with a size more than 16MB, I got the message: "#550 5.3.4 ROUTING.SizeLimit; message size exceeds fixed maximum size for route ##", this is not sense because their account configuration is the same like mine, so the Exchange must not let
them to put the email in the queue...
If between internal users try to send an email with size more than 16MB, this is allowed and it's send without any problem
So I don't know where is the misconfiguration, is permited to send mails with size less than 40MB internally, but externally only until to 16MB, but I din't know why the Exchange system let some users to send (or at least put in the queue) this kind of messages,
my account is in the same DB like the other users...
I hope to be clear in the description of the situation, maybe a patch or some thing, the HT server has the January patch and in april will be applied the last patchs.
Doc MXHi DocMX,
Thank you for your question.
We could run the following command:
Get-TransportConfig | FL max*size
Then, we could check the send connector by the following command:
Get-SendConnector | FL Identity,MaxMessageSize
We could run the following command to check an individual user maximum size.
Get-Mailbox <username> | FL Name,Max*size
In my solution, we could rebuild the user profile that those users could send emails more than 16MB to check if the issue persist.
We could also restart the service of “Microsoft Exchange Transport”.
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support -
Dear all,
I am having problems with exchange 2010 sending emails through a postfix smarthost server which disconnects the sessions. I also use a sendmail as a smarthost
server which is working just fine but I have to switch to postfix and cannot do this as long as the encryption does not work.
Here is the log file of the postfix server:
Jan 4 14:18:59 server7 postfix/smtpd[1659]: initializing the server-side TLS engine
Jan 4 14:18:59 server7 postfix/smtpd[1659]: connect from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: setting up TLS connection from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: server1.mydomain.com[192.168.20.10]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:before/accept initialization
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => 11 (0xB))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0000 16 03 01 00 5a 01 00 00|56 03 01 ....Z... V..
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1BE] (84 bytes => 84 (0x54))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0000 54 a9 3d b9 0d 5e 8b 64|7c 6b b5 21 f2 93 e7 84 T.=..^.d |k.!....
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0010 17 ea 33 d7 e5 13 f2 75|3a 87 38 32 01 85 82 5b ..3....u :.82...[
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0020 00 00 18 00 2f 00 35 00|05 00 0a c0 13 c0 14 c0 ..../.5. ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0030 09 c0 0a 00 32 00 38 00|13 00 04 01 00 00 15 ff ....2.8. ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0040 01 00 01 00 00 0a 00 06|00 04 00 17 00 18 00 0b ........ ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0050 00 02 01 ...
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0053 - <SPACES/NULLS>
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 read client hello A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server hello A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write certificate A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write key exchange A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server done A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: write to 7F4823FA5210 [7F4823FB8B70] (1911 bytes => 1911 (0x777))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0774 - <SPACES/NULLS>
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 flush data
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAC803] (5 bytes => 0 (0x0))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:failed in SSLv3 read client certificate A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept error from server1.mydomain.com[192.168.20.10]: lost connection
Jan 4 14:18:59 server7 postfix/smtpd[1659]: lost connection after STARTTLS from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: disconnect from server1.mydomain.com[192.168.20.10]
I
have read in the post at https://social.technet.microsoft.com/Forums/exchange/en-US/6db38364-cb08-45c0-b159-3ddf30ef0b3e/exchange-2010-send-connector-uses-ssltls-and-cannot-connect-to-smarthost-how-to-deactivate-ssl?forum=exchange2010
how to deactivate the SSL encryption, but this is of course a security flaw, if I am not mistaken. I would like to encrypt the connection between the servers for obvious security
reasons but I have come to a standstill...
My Exchange server certificate is configured
as follows:
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
essRule}
CertificateDomains : {server1, server1.solid-con.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=server1
NotAfter : 22/01/2017 13:18:02
NotBefore : 22/01/2012 13:18:02
PublicKeySize : 2048
RootCAType : None
SerialNumber : 6925D91285B649BD4D5E4297F1A48471
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=server1
Thumbprint : 939A37173BF84E352CEDC74F7D9A3D71F498A005
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-SERVER1}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-SERVER1
NotAfter : 19/01/2022 12:56:44
NotBefore : 22/01/2012 12:56:44
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 1DB8711F7ADC5CB54196468EF2FF5D21
Services : None
Status : Valid
Subject : CN=WMSvc-SERVER1
Thumbprint : 191D86BDE274510453D58DDB91D253DABBCF05F1
And My Default Send Connector is configured as follows:
AddressSpaces : {SMTP:*;1}
AuthenticationCredential : System.Management.Automation.PSCredential
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
DNSRoutingEnabled : False
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn :
HomeMTA : Microsoft MTA
HomeMtaServerId : SERVER1
Identity : Internet
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
LinkedReceiveConnector :
MaxMessageSize : unlimited
Name : Internet
Port : 25
ProtocolLoggingLevel : None
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {server7.mydomain.com, server6.mydomain.com}
SmartHostsString : server7.mydomain.com,server6.mydomain.com
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {SERVER1}
TlsAuthLevel :
TlsDomain :
UseExternalDNSServersEnabled : False
Any help would be greatly appreciated as I am
stuck...
LucaHi Allen,
Thank you very much for your reply.
The Postfix TLS Manager is enabled in master.cf
tlsmgr unix - - n 1000? 1 tlsmgr
and running
server7:/etc/postfix # ps -efa|grep tls
postfix 11967 11863 0 11:21 ? 00:00:00
tlsmgr -l -t unix -u
Every other (Linux/UNIX) server has no problem e.g.:
Jan 5 11:28:36 server7 postfix/smtpd[12215]: connect from server2.mydomain.com[192.168.20.20]
Jan 5 11:28:36 server7 postfix/smtpd[12215]: Anonymous TLS connection established from server2.mydomain.com[192.168.20.20]: TLSv1 with cipher DHE-DSS-AES256-SHA (256/256 bits)
Jan 5 11:28:36 server7 postfix/smtpd[12215]: B5502946AB0: client=server2.mydomain.com[192.168.20.20]
Jan 5 11:28:36 server7 postfix/cleanup[12221]: B5502946AB0: message-id=<[email protected]>
Jan 5 11:28:36 server7 postfix/qmgr[12200]: B5502946AB0: from=<[email protected]>, size=1026, nrcpt=1 (queue active)
Jan 5 11:28:36 server7 postfix/smtpd[12215]: disconnect from server2.mydomain.com[192.168.20.20]
Jan 5 11:28:37 server7 postfix/smtpd[12225]: connect from localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/smtpd[12225]: 4076A946AB1: client=localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/cleanup[12221]: 4076A946AB1: message-id=<[email protected]>
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: from=<[email protected]>, size=1778, nrcpt=1 (queue active)
Jan 5 11:28:37 server7 postfix/smtpd[12225]: disconnect from localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/smtp[12222]: B5502946AB0: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.54, delays=0.05/0.01/0.01/0.47, dsn=2.0.0, status=sent
(250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4076A946AB1)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: B5502946AB0: removed
Jan 5 11:28:37 server7 postfix/cleanup[12221]: 4401F946AB0: message-id=<[email protected]>
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: from=<[email protected]>, size=1920, nrcpt=1 (queue active)
Jan 5 11:28:37 server7 postfix/local[12226]: 4076A946AB1: to=<[email protected]>, relay=local, delay=0.02, delays=0/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 4401F946AB0)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: removed
Jan 5 11:28:37 server7 postfix/smtp[12227]: Untrusted TLS connection established to 192.168.20.10[192.168.20.10]:25: TLSv1 with cipher AES128-SHA (128/128 bits)
Jan 5 11:28:37 server7 postfix/smtp[12227]: 4401F946AB0: to=<[email protected]>, orig_to=<[email protected]>, relay=192.168.20.10[192.168.20.10]:25,
delay=0.29, delays=0/0.01/0.02/0.25, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=619] Queued
mail for delivery)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: removed
and if you take a look at the lines in bold you will see that mails can be delivered over TLS to that very Exchange server (the mailboxes are on that server)...
To summarise:
exchange --> postfix with TLS = session disconnected (and everything seems to be initiated by the exchange server -if I read the logs correctly)
postfix --> exchange with TLS = works
any further hints?
Thank you very much in advance,
Luca -
Exchange 2010 - Send Connector High Availability
Hi All,
I performed a successful migration a few years back from a single node Exchange 2003 server to a two node Exchange 2010 organisation with a DAG and Kemp load balanced CAS array. The solution works well and when we simulate a site failure
I am able to get the second node to handle all mail functions.
The one problem I have though is that I have to manually disable the send connector on the primary server in order for the one on the secondary server to be in use. I should explain that I have two send connectors as I do not want the secondary server
to be used unless the primary server is down or the route is unavailable. I realise that Exchange 2010 does not know whether the SMTP route is down or not so will just continue trying to use the send connector from the primary server (until I tell it
not to by disabling it).
My question is how do I get this to happen automatically? Does anyone else have an example of how this could be done or use a PowerShell script to achieve this? I guess a script could check the route and disable the send connector on the primary
server if necessary, but how would one do this?
Any help greatly appreciated.
RobHi,
According to your description, your secondary send connector cannot be automatically used when the first one is down. If I misunderstand your meaning, please feel free to let me know.
If yes, I’d like to confirm if the settings of the secondary one is same with the first one and we can check the connectivity logs including diagnostic information for Healthy Server Selector.
For more information, you can refer to the following article:
http://technet.microsoft.com/en-us/library/ff634392(v=exchg.141).aspx
Thanks,
Angela Shi
TechNet Community Support -
Exchange 2003 - When I create a send connector do I need to restart the SMTP service?
When I create or update a send connector on Exchange 2003 do I need to restart the SMTP service and/or MS Exchange Routing Engine?
Hi Chad,
Collect some information for your reference:
You must restart the Microsoft Exchange Routing Engine service and the SMTP service for these changes to take effect.
More details in the following KB:
How to configure the SMTP connector in Exchange 200x
http://support.microsoft.com/kb/265293
Thanks
Mavis
Mavis Huang
TechNet Community Support -
Send connector for forwarded emails not being used by Exchange 2013
Hi we have 3 Exchange 2013 CU5 servers in a DAG setup and need to forward emails for some of the users to another domain. The problem is our outgoing spam filter seems to quarantine a lot of these emails which are not spam. The problem is that I
created a send connector for the domain we are forwarding to (say contonso.com for illustrative purposes). Gave the send connector the name contonso.com, selected use MX record (didn't select Use the external DNS lookup settings on servers with transport
roles) and added contonso.com in the address space gave it cost of 1. Added all the exchnage servers under source server. And clicked save. I then changed the cost to 2 on the main send connector with the domain as * which goes trhough our oput bound spam
filter yet email I send to one of the recipients with a forward inplace still go through that connector. Can anyone tell what i'm doing wrong or explain why this wouldn't work as expected ?Easy question, did you enable the connector? :)
Do you have more than one site in your org?
DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com -
Import csv file in Address Spaces in an Exchange 2007 Send Connector
hello , i must put more than 300 domains in the addres space of a Send connector.
is possible have a csv file with the 300 domains and a powershell script to import this file in the address space of one send connector?
example csv file :
cepsa.es
repsol.com
parsi.es
Regards
Thansk in advance
mcse 200x + mesaging 2000 2003 2007 2010Hi
At First, you CSV should be set as the format like
Name
cepsa.es
repsol.com
parsi.es
If you would like to set a new Send Connector. you can simply do
New-SendConnector -Name ConnectName -AddressSpace ((Import-CSV <PathOfCSV>) | ForEach {$_.Name})
If you would like to add to a Send Connector that already existed, Please run
$al = (Get-SendConnector -Identity <ConnectName>).AddressSpaces
$al += (Import-CSV <PathOfCSV>) | ForEach {$_.Name})
Set-SendConnector -Name ConnectName -AddressSpace $al
Cheers
Zi Feng
Zi Feng
TechNet Community Support
The first script is still working as it should under Exchange 2013 when a send connector is created for the first time.
The second part of adding (or removing) address spaces from an existing send connector was a little bit trickier.
the following script did it:
Get-SendConnector "ConnectorName" | Set-SendConnector -AddressSpace ((Import-CSV <PathOfCSV>) | ForEach {$_.Name})
Watch out! this command also removes domains which are not present in the csv file!
Maybe you are looking for
-
BP telephone and mobile change history report
Hi, Requirement: We have a new requirement to create a new report that will display the change history of a customer who has done changes in their mobile or telephone number during a specific period. My approach was: Read the cdhdr data based on the
-
How can I add to the options automatically appearing in Get Info window?
Can anyone please tell me if there is a way to change the options in the Get Info window to show more of them? For example, as well as Album Name, Artist, Composer, Genre, date I'd like to have Grouping and Comment come up each time. At the moment, f
-
Solution for the Finance AR aging report by BW
Dear gurus, In our bw system , we want to realize the AR aging report . but there are some problems . for the partial pay logic in the R/3 , we want to combine the partial incoming payment line item with the customer invoice in t
-
Can i transfer my apps from my Iphone to my mac book pro--if so how??
can I transfer my apps from my Iphone to my macbook pro??? If so How??
-
Feeln movie cant open .... I try open but hard
I am first time about feeln movie I did put username and password but wont open and don't accept... I try 4 time.. I am fail......