Receive connector anonymous or authenticate

Hi,
Does anyone know a way to set a receive connector to only request authentication in certain circumstances?
Let me explain the scenario: If you have a receive connector that is set to accept general inbound emails from anyone then it will be set to accept emails from any sender address.
However, if someone is trying to spoof the sender address and they use an email address which is valid within your organisation then it would be really useful if it could request authentication at that point, since emails from internal users should only
come from authenticated devices.
Is there any way to do this?
Thanks in advance.
Neil

Hi,
According to your description, there are spoofing emails in your environment. And as far as I know, the authentication of receive connector cannot only work in certain circumstance.
Ｈowever, I recommend the following methods to prevent emails spoofing.
1. Remove ms-Exch-SMTP-Accept-Any-Sender for anonymous users on the receive connector
2. Remove ms-Exch-SMTP-Accept-Authoritative-Domain-Sender for anonymous users on the receive connector
3. Enable Sender-ID validation on the receive connector, with a corresponding TXT (SPF) record in DNS.
http://technet.microsoft.com/en-us/library/ff714972.aspx
4. Enable the Anti-Spam functionality on the mailbox server:
http://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx
If you have any question, please feel free to let me know.
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support

Similar Messages

Exchange Server 2010 - Receive Connector for Client Computers

I have one customer with a SBS 2011 with Exchange Server 2010 - a pretty standard setup except for some customisation with Receive Connectors in order to cater for an application which is installed on a number of computers that requires to use an SMTP Server
to send notifications. In order to accomplish this (allow to be sent using Exchange Server) we added the IP Address of client computer (which we also set as a DHCP reservation) to a pre-configured Receive Connector (Anonymous setup for Printer/Scanner).
This worked fine, but we now find that there are other applications that require the same function to use SMTP to send.
How should/could this be better configured so an application can send if they authenticate?

Hi
For this you need to create a seperate receive connector to be used for Relay in your organizations.
Follow the below steps
1) Create a dedicated Relay Receive Connector
2) Add only the Ip addresses of the applications which needs to relay on Exchange servers
3) You can use either anonymous or authenticated relay according to your relay config
You can follow the below link as well
http://exchangequery.com/2013/12/02/steps-to-configure-anonymous-and-authenticated-relay-in-exchange-2013/
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
(MVP)

Getting the error "Anonymous Receive Connector" while calling stored proc

I am getting the error "220 012-BR1MMR1-005 Anonymous Receive Connector" while calling a store procedure from anonymous block.
I am using SMTP host which is working for other cases.
Please suggest!!
create or replace
PROCEDURE SOA_TIMESTAMP(errbuf OUT VARCHAR2, retcode OUT VARCHAR2) IS
rc integer;
crlf VARCHAR2(2) := CHR(13) || CHR(10);
mesg VARCHAR2(1000);
c utl_tcp.connection;
L_FROM_DATE DATE;
L_TO_DATE DATE;
msg_from VARCHAR2(100) := '[email protected]';
to_addresses VARCHAR2(1000);
cc_addresses VARCHAR2(1000);
email_addresses VARCHAR2(2000);
msg_subject VARCHAR2(200) := 'E-mail Alert: ';
msg_text1 VARCHAR2(15) := 'Dear Sir,';
msg_text2 VARCHAR2(500) := 'Please find the attached file,';
msg_text3 VARCHAR2(25) := 'Division';
msg_text4 VARCHAR2(25) := 'For the period : ';
v_mail_to VARCHAR2(1000);
lv_gcn varchar2(1000);
next_column number;
recipient_email_length number;
single_recipient_addr varchar2(100);
v_is_there_any_attachment CHAR(1):='N'; --New var.
cursor cur_select is
SELECT (DELIVERY_NUMBER || ',' ||
RECD_IN_SOA || ',' ||
SENT_TO_OTM || ',' ||
OTM_RESP_RECD || ',' ||
SENT_TO_MENLO) gcn
from irsoa.otm_menlo_report;
cursor cur_to_email is
SELECT email_address
FROM alert_users_ID
WHERE MAIL_TYPE = 'To';
cursor cur_cc_email is
SELECT email_address
FROM alert_users_ID
WHERE MAIL_TYPE = 'Cc';
BEGIN
retcode := 'one';
for c_to in cur_to_email loop
to_addresses := to_addresses || ',' || c_to.email_address;
end loop;
to_addresses := ltrim(to_addresses, ',');
for c_cc in cur_cc_email loop
cc_addresses := cc_addresses || ',' || c_cc.email_address;
end loop;
retcode:= retcode||'two';
cc_addresses := ltrim(cc_addresses, ',');
email_addresses := to_addresses || ',' || cc_addresses;
recipient_email_length := length(email_addresses);
email_addresses := email_addresses || ','; -- Add comma for the last asddress
next_column := 1;
if instr(email_addresses, ',') = 0 then
-- Single E-mail address
single_recipient_addr := email_addresses;
recipient_email_length := 1;
end if;
retcode := retcode||'three';
c := utl_tcp.open_connection(remote_host => '127.0.0.1'',
remote_port => 25,
tx_timeout => null);
retcode := retcode||'four';
rc := utl_tcp.write_line(c, 'HELO '127.0.0.1');
rc := utl_tcp.write_line(c, 'HELO '127.0.0.1');
rc := utl_tcp.write_line(c, 'MAIL FROM: ' || msg_from);
retcode := retcode||'five';
while next_column <= recipient_email_length loop
-- Process Multiple E-mail addresses in the loop OR single E-mail address once.
single_recipient_addr := substr(email_addresses,
next_column,
instr(email_addresses, ',', next_column) -
next_column);
next_column := instr(email_addresses, ',', next_column) + 1;
--rc := utl_tcp.write_line(c, 'MAIL FROM: '||msg_from);
rc := utl_tcp.write_line(c, 'RCPT TO: ' || single_recipient_addr);
end loop;
retcode := retcode||'six';
rc := utl_tcp.write_line(c, 'DATA');
rc := utl_tcp.write_line(c,
'Date: ' ||
TO_CHAR(SYSDATE, 'dd Mon yy hh24:mi:ss'));
rc := utl_tcp.write_line(c,
'From: ' || msg_from || ' <' || msg_from || '>');
rc := utl_tcp.write_line(c, 'MIME-Version: 1.0');
rc := utl_tcp.write_line(c, 'To: ' || to_addresses);
rc := utl_tcp.write_line(c, 'Cc: ' || cc_addresses);
rc := utl_tcp.write_line(c, 'Subject: ' || msg_subject);
rc := utl_tcp.write_line(c, 'Content-Type: multipart/mixed;');
rc := utl_tcp.write_line(c, ' boundary="-----SECBOUND"');
rc := utl_tcp.write_line(c, '');
rc := utl_tcp.write_line(c, '-------SECBOUND');
rc := utl_tcp.write_line(c, 'Content-Type: text/plain');
rc := utl_tcp.write_line(c, 'Content-Transfer-Encoding: 7bit');
rc := utl_tcp.write_line(c, '');
rc := utl_tcp.write_line(c, msg_text1);
rc := utl_tcp.write_line(c, ' ');
rc := utl_tcp.write_line(c, msg_text2);
rc := utl_tcp.write_line(c, ' ');
rc := utl_tcp.write_line(c, msg_text3);
rc := utl_tcp.write_line(c,
msg_text4 || to_char(l_from_date, 'MON-YY') ||
' to ' || to_char(l_to_date, 'MON-YY'));
rc := utl_tcp.write_line(c, '');
rc := utl_tcp.write_line(c, '-------SECBOUND');
rc := utl_tcp.write_line(c, 'Content-Type: text/plain;');
rc := utl_tcp.write_line(c, ' name="GCN_Details.csv"');
rc := utl_tcp.write_line(c, 'Content-Transfer_Encoding: 8bit');
rc := utl_tcp.write_line(c, 'Content-Disposition: attachment;'); --Indicates that this is an attachment.
rc := utl_tcp.write_line(c, ' filename="GCN_Details.csv"');
rc := utl_tcp.write_line(c, '-------SECBOUND');
rc := utl_tcp.write_line(c, '');
retcode := retcode||'seven';
begin
-- WRITE COLUMN HEADERS
rc := utl_tcp.write_text(c, 'BRANCH' || ',' || 'ORDER NUMBER');
rc := utl_tcp.write_line(c, ' ');
for c1 in cur_select loop --You are starting to write the data
lv_gcn := c1.gcn;
rc := utl_tcp.write_text(c, lv_gcn);
rc := utl_tcp.write_line(c, ' ');
v_is_there_any_attachment:='Y';--Is there any data ?
end loop;
retcode :=retcode||'eight';
exception
when others then
dbms_output.put_line('error : ' || sqlerrm);
rc := utl_tcp.write_text(c, 'Data Error');
end;
If v_is_there_any_attachment ='Y' THEN
rc := utl_tcp.write_line(c, '');
rc := utl_tcp.write_line(c, '.');
rc := utl_tcp.write_line(c, '-------SECBOUND');
--end loop;
retcode := retcode||'nine';
END If;
rc := utl_tcp.write_line(c, 'QUIT');
dbms_output.put_line(utl_tcp.get_line(c, TRUE));
utl_tcp.close_connection(c);
retcode := retcode||'ten';
EXCEPTION
when others then
utl_tcp.close_connection(c);
raise_application_error(-20000, SQLERRM);
retcode := 'Unable to send mail'||' with error '||sqlerrm;
END SOA_TIMESTAMP
Edited by: 991162 on Mar 1, 2013 2:03 AM
Edited by: 991162 on Mar 1, 2013 2:07 AM

The error is coming from your SMTP server, so asking in their forums would be the better idea

FIXED - Exchange 2013 - Can I Recreate Default Frontend Receive Connector SAFELY?

Hi
I'm need of some urgent assistance please.
I had a fully functional Exchange 2013 server and decided to create a receive connector for a photocopier/scanner to included its static IP  port number 25.
I accidentally chose Hub Transport role and not FrontEndTransport role which appears to have messed up port 25 connectivity on mail coming in from the internet. When I stopped and restarted the Transport Service within services.msc I then got this error.
Source: MSExchangeTransport
Event ID: 1036
Task Category: SmtpReceive
Level: Error
Description: Inbound direct trust authentication failed for certificate %1. The source IP address of the server that tried to authenticate to Microsoft Exchange is [%2]. Make sure EdgeSync is running
properly.
I proceeded to delete the offending Receive connector for the scanner/photocopier and restart the server, the transport service started ok this time but still I cant receive mail from the outside world.
My question: Can I delete the automatically created default Frontend "servername" connector which contains the proper settings then recreate it again with the same settings and NOT harm/delete all the users emails or the mailstore
or anything bad for that matter?
I have the details on how to create the connector but just wanted to check that's its ok to remove it and re-add it again now that everything was setup and running fine. I'm hoping the recreated Connector will fix what I broke.
Appears what I have done has broken my connectivity to telnet to port 25 to the exchange server from the outside world although oddly I can telnet to the server from a command prompt on the exchange server (telnet "servername" 25) and
getpresented with the exchange server responding. The tickbox for anonymous is ticked already. Port 25 already is forwarded from the firewall to the exchange server and was working fine till I made the error.
Any help is greatly appreciated. Thankyou.

OK so I found some more details online and decided to take the plunge (after a backup was taken) and my problem is now fixed. Although thank you to the 40 people that atleast looked at my query.
This worked for me, please read, backup and decide yourself if you wish to follow my steps.
1. I Read this to understand more on how I broke it in the first place  :
First section of this......
https://exchangemaster.wordpress.com/tag/smtp/
then
http://support.microsoft.com/kb/2958036
2. Deleted the Default Frontend "servername" Receive connector
3. Recreated it using these guidelines below. (I included them all for your ref). Source https://social.technet.microsoft.com/Forums/exchange/en-US/32e13998-a84e-4f10-8557-3f7ce6fdb824/2013-default-receive-connectors:
[PS] C:\>Get-ReceiveConnector | fl Name,AuthMechanism,RemoteIPRanges,TransportRole,permissiongroups,MaxMessageSize
Name             : Default EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : HubTransport
PermissionGroups : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
MaxMessageSize   : 35 MB (36,700,160 bytes)
Name             : Client Proxy EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : HubTransport
PermissionGroups : ExchangeUsers, ExchangeServers
MaxMessageSize   : 35 MB (36,700,160 bytes)
Name             : Default Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : AnonymousUsers, ExchangeServers, ExchangeLegacyServers
MaxMessageSize   : 36 MB (37,748,736 bytes)
Name             : Outbound Proxy Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : AnonymousUsers, ExchangeServers
MaxMessageSize   : 36 MB (37,748,736 bytes)
Name             : Client Frontend EX2013
AuthMechanism    : Tls, Integrated, BasicAuth, BasicAuthRequireTLS
RemoteIPRanges   : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
TransportRole    : FrontendTransport
PermissionGroups : ExchangeUsers
MaxMessageSize   : 35 MB (36,700,160 bytes)
4. Recreated the Receive connector for my photocopier/scanner but this time choose Frontend Transport role and Not the default Hubtransport. Restarted the server, crossed my fingers and everything worked!! (Apparently restarting both transport services
is sufficient, but hey I just want to be sure it works from reboot in future.
Exchange SP1 will break any custom receive connectors that you have made prior to installing the update (nor even warn you that you're about to create an addition hub transport connector on port 25 after the SP1 update, there should
be only one hubtransport on port 25 as I understand it, its ok for Frontend transport) . The transport service will not start, so to save you the hassle of deleting your custom connector just run this command from an elevated exchange powershell command to
change the custom connector from hubtransport to Frontend Transport then start the transport service. ( you may have to kill the Transport service .exe process in task manager, then start the transport services after this amendment from the services.msc panel)
Set-ReceiveConnector –Identity "Your Receive connector name" –TransportRole FrontendTransport
Alternatively, delete and re-create the receive connector and set its role to
FrontendTransport and NOT HUBTRANSPORT !!!!!!!!!!!
This issue occurs if there is a receive connector of Transport type
HubTransport that has the binding set to port 25 on the affected Exchange 2013 server. On an Exchange 2013 server that has both back-end and front-end roles, only the
FrontendTransport server-type receive connector should have the binding set to port 25.
To fix this issue, run the following cmdlet to change the connector type from
HubTransport to FrontendTransport:
Source: http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/ManagementAdministration/exchange-server-2013-sp1-transport-service-stops-and-does-not-restart.html

Exchange Receive Connector Temporary Server Error. Please Try again later. PRX4

Hi ,
I installated Exchange server 2013 on Windows 2012 R2 Servers..
Topology ;
1 Active Directory Server : Windows 2012 r2 all updates installed.
1 Exchange 2013 Server : Windows 2012 r2 all updates installed.
I configured send Connector settings and I checked Receive connectors Default Frontend Exchange settings. Anonymous users is ok and don't have any problem.
When I send mail Exchange -> Internet mail goes. this is ok.
But when I send mail Internet -> Exchange I am getting this error ;
Message or connection acked with status Retry and response 451 4.4.0 Primary target IP address responded with: ""501 5.5.4 Required arguments not present."" Attempted failover to alternate host, but that did not succeed. Either there
are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was xxx.xxx.xxx.xxx:2525
telnet results are below ;
220 exchange.bulut.email Microsoft ESMTP MAIL Service ready at Tue, 30 Dec 2014
14:12:19 +0200
EHLO bulut.email 250-exchange.bulut.email Hello [xxxxxxxxxxxxxxxxx]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
MAIL FROM:[email protected] 250 2.1.0 Sender OK
RCPT TO:[email protected] NOTIFY=success,failure 250 2.1.5 Recipient OK
DATA354 Start mail input; end with <CRLF>.<CRLF>
Subject: Test from Contosoa
This is a test message
451 4.7.0 Temporary server error. Please try again later. PRX4
QUIT 221 2.0.0 Service closing transmission channel
Thanks. Regards.

Hi,
If the CAS and MBX servers are collocated on the same server the SMTP Receive connection for the Transport service will listen on 2525 instead of 25. This is because two services (FET and Transport Service) can’t listen on the same port.
Refer from this article:
http://blogs.technet.com/b/rischwen/archive/2013/03/13/exchange-2013-mail-flow-demystified-hopefully.aspx
Please try to create an endpoint for 2525 on default receive connector to test mail flow by the following steps:
EAC -> mail flow -> receive connectors -> Default EXCHANGE
Click Edit then click scoping tab.
Under Network adapter bindings, click
add button to create port 2525 for all available Ipv4/Ipv6 addresses.
Best Regards.

Migrate from 2003 to 2010 - Receive Connector Authentication

I'm in the process of upgrading a remote office from Exchange 2003 to Exchange 2010. Today, we changed the IP's on their firewall so that 2010 Hub Transport is handling mail. Normally, I always create a new Receive Connector for receiving mail
from the internet. I leave it as Anonymous users only and receive on internal IP of the server.
When I send an e-mail from the internet to a 2010 user, the mail is delivered fine, I'm assuming through the new "Anonymous" access connector I created. However, when I send e-mail from the internet to a 2003 user, I get the following NDR
with this error:
Reason: 530 5.7.1 Client was not authenticated
I was able to fix the problem by adding Anonymous authentication to the Default receive connector. I'm wondering why this connector is being chosen over the Internet connector though, and why only for 2003 users? Is it bad to leave the Default
Connector allowing anonymous access? I've always left that connector alone and created a new Internet connector which has seemed to work in the past.

Hi,
According to your description, exchange 2010 like a relay server, and relay the email to exchange 2003 when you send a email from the internet to a 2003 user.
As Ed mentioned, when you add the correct IP address where the traffic comes from on the receive connector, then it would ensure that the correct receive connector would be used.
The following article for your reference:
Resolve 530 5.7.1 Client was not authenticated
Hope this helps!
Thanks.
Niko Cheng
TechNet Community Support

Receive Connector stopped working after Update Rollout 2 for Exchange 2007 SP2

One of the Exchange 2007 servers receive connector has stopped working since installing the latest rollout update for Exchange 2007 SP2 - for some reason the following error is received (when troubleshooting on the adjacent server) :
"Remote server server.domain.co.uk failed the mail acceptance test. MAIL FROM command: Respond = 530 5.7.1 Client was not authenticated."
Most admins will know you usually get this when first setting up Exchange and the receive connector not allowing anonymous connections. But our setup has been working for well over a year with no problems. Even enabling anonymous connections still doesn't fix the problem.
Our setup is 2 exchange servers across 2 sites, with the problematic server never receiving email from the internet, only from the other Exchange server (which is internet facing). The above error is received when the internet facing server is relaying email over to the problematic server. Though in the message queue the following error is received:
"SMTPSEND.DNS.NonExistantDomain; nonecistant domain"
After testing DNS that all seems fine, so I don't believe it's a DNS problem.
Any ideas why this would happen?
Thanks,
Matt

Hi Matt....
To receive e-mails from the external servers or domains or clients, you can setup a new receive connector on Hub Transport Server. To do this task, you can go through the steps mentioned in this blog....
https://mailsolutions.wordpress.com/2015/02/06/resolving-error-530-5-7-1-client-was-not-authenticated-with-receiver-connector/
Hope this will work
Thanks

Receive connector to allow relay for localhost

I have set up a relay receive connector to allow anonymous relay from another exchange server (send mails with Send-MailMessage cmdlet ) and it works just fine, but trying to send same mail from localhost falls into default receive connector and returns
authentication error. Adding anonymous users to permission groups in default receive connector it works, but it's not what I want. Is there a way to make the relay connector work for localhost too avoiding the overlap between connectors ?

Hi,
Let’s begin with the following article:
http://blogs.visendo.com/post/2009/12/23/Configuring-Exchange-2007-Relay-Settings-for-Exchange-Connector.aspx
“If you are using the localhost alias as the server name, be sure to include the loopback address (127.0.0.1) in the range.”
Thus, we can try to add 127.0.0.1 in the list of "receive mails from remote servers " setting.
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
Thanks,
Angela Shi
TechNet Community Support

Configuring Receive Connectors for External Notifications while still displaying Site Name

This is closely related to the issue we 'resolved' in
this blog
Our SharePoint notifications would not display the Site Name in the Display Name. i.e. If an Expense Request was approved, we wanted the display name of the email to come from "Accounting"
To resolve, we went to the receive connector and made sure only "Anonymous Users" was checked under Permission groups. The workflows and notifications immediately started displaying the site they originated in the Display Name, but...
All notification emails going to external users (outside our primary domain) ceased. We has to check 'Exchange Servers' under permission groups and then we lost the display name but gained email to external users.
Does anyone know how to get both working at the same time?
Thanks!!
Devster

Hi
Devster,
Check outgoing email settings in SharePoint Central Admin > System Settings
Let us know your results, thanks
Regards,
Pratik Vyas | SharePoint Consultant |
http://sharepointpratik.blogspot.com
Posting is provided AS IS with no warranties, and confers no rights
Please remember to click Mark As Answer if a post solves your problem or
Vote As Helpful if it was useful.

Default frontend receive connector settings exchange 2013 hybrid edition?

Hi,
I am busy setting up a hybrid environment with exchange 2007 , exchange 2013 hybrid edition and office 365.
When installing exchange 2013 it creates a default frontend receive connector, on the security tab anonymous user is also selected.
Should i leave it this way?
At the moment the mx record is pointing to the exchange 2007, in the future i will change the mx record to the exchange cloud.
I can telnet and mail to the exchange 2013 server, but there is no spam protection, do i need the anonymous user if i am not intended to use this for the mx record, i suppose office 365 is going to use this connector.
(ps: still have to run the hybrid configuration wizard, waiting for dns ownership txt record)

Hi Steven,
Just as Ed said, the connector restrict access via IP address. We can also create another ones.
If you worry about the spam, I suggest enabling the Anti-Spam function on MBX server.
More details in the following articles:
Spam Protection
http://technet.microsoft.com/en-us/library/jj218660(v=exchg.150).aspx
Enable Anti-Spam Functionality on Mailbox Servers
http://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx
Hope it is helpful
Thanks
Mavis
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Mavis Huang
TechNet Community Support

Receive Connectors not working correctly - using random connectors.

I'm having a problem that I thought was DNS related, but I've since flushed the DNS.
What happens is when I try to relay off a Hub server, it always tries to use any random Receive connector, even though my client is explicitly in the Relay connector list.
When I telnet to the HT by hostname on 25, it opens a random receive connector. If I continue to /flush and telnet over and over, it cycles through all the connectors (default, Relay explicit and the others that block the connection).
When I telnet directly to the IP of the Relay connector, it works perfectly.
What would cause the server or client to not use the correct explicit connector all the time?

When you test this - I'm assuming you are coming in from a specific remote IP. What RC should this be hitting?
To troubleshoot this I like to change the banner on all of them so it says "Helo - Connector 1" "Helo - Connector" or something else meaningful like this.
Also enable verbose SMTP send receive logging on all receive connectors. What's in there?
Cheers,
Rhoderick
Microsoft Senior Exchange PFE
Blog:
http://blogs.technet.com/rmilne
Twitter:   LinkedIn:
  Facebook:
  XING:
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Exchange 2010 Receive Connector intermittently getting an SMTP RSET from sending SMTP servers causing missing user email

Users are receiving about 95% of their messages from sending SMTP servers. Intermittently, sending SMTP servers send the Exchange 2010 Server a SMTP RSET command for no apparent reason. The RSET Command (by SMTP specification) causes the Exchange 2010 Server
to drop the message. The sending SMTP servers then do not resend the message after asking the Exchange server to drop the message. This means the message is marked as Sent by the sending servers but the dropped messages never show up in the users' Outlook
inbox.
Exchange 2010 Version 14.3 (Build 123.4)
Roles: Hub Transport, Client Access, Mailbox
What is going on?
Exchange Receive Connector log showing a RSET example:
2014-07-17T12:47:07.370Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,1,10.80.120.15:25,65.99.255.73:53479,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2014-07-17T12:47:07.370Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,2,10.80.120.15:25,65.99.255.73:53479,>,"220 vpn.a1expediting.com Microsoft ESMTP MAIL Service ready at Thu, 17 Jul 2014 08:47:06 -0400",
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,3,10.80.120.15:25,65.99.255.73:53479,<,EHLO inbound37.exchangedefender.com,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,4,10.80.120.15:25,65.99.255.73:53479,>,250-vpn.a1expediting.com Hello [65.99.255.73],
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,5,10.80.120.15:25,65.99.255.73:53479,>,250-SIZE 52428800,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,6,10.80.120.15:25,65.99.255.73:53479,>,250-PIPELINING,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,7,10.80.120.15:25,65.99.255.73:53479,>,250-DSN,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,8,10.80.120.15:25,65.99.255.73:53479,>,250-ENHANCEDSTATUSCODES,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,9,10.80.120.15:25,65.99.255.73:53479,>,250-AUTH,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,10,10.80.120.15:25,65.99.255.73:53479,>,250-8BITMIME,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,11,10.80.120.15:25,65.99.255.73:53479,>,250-BINARYMIME,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,12,10.80.120.15:25,65.99.255.73:53479,>,250 CHUNKING,
2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,13,10.80.120.15:25,65.99.255.73:53479,<,MAIL FROM:<[email protected]> SIZE=165270,
2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,14,10.80.120.15:25,65.99.255.73:53479,*,08D16FD38F3D3355;2014-07-17T12:47:07.370Z;1,receiving message
2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,15,10.80.120.15:25,65.99.255.73:53479,>,250 2.1.0 Sender OK,
2014-07-17T12:47:07.558Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,16,10.80.120.15:25,65.99.255.73:53479,<,RCPT TO:<[email protected]> ORCPT=rfc822;[email protected],
2014-07-17T12:47:07.558Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,17,10.80.120.15:25,65.99.255.73:53479,>,250 2.1.5 Recipient OK,
2014-07-17T12:47:10.496Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,18,10.80.120.15:25,65.99.255.73:53479,<,RSET,
2014-07-17T12:47:10.496Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,19,10.80.120.15:25,65.99.255.73:53479,>,250 2.0.0 Resetting,
2014-07-17T12:47:10.559Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,20,10.80.120.15:25,65.99.255.73:53479,<,QUIT ,
2014-07-17T12:47:10.559Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,21,10.80.120.15:25,65.99.255.73:53479,>,221 2.0.0 Service closing transmission channel,
Daniel

Hi,
According to the receive connector log, your emails were failed to be deliverd with DNR. If I misudnerstand the meaning, please feel free to let me know. If yes, I'd like to confirm the detail information in the DNR to narrow down the
cause.
Additionally, based on my research, the RSET command performs an SMTP reset, and then aborts the message that is currently being sent. Thus, the log didn't provide more information for troubleshooting. Is there any other error in your event log? please check
the event log when the issue happens again.
Thanks,
Angela Shi
TechNet Community Support

Receive Connector

Hi,
I am running Exchange Server 2013 and after a reboot all works fine for an undetermined amount of time, then for some reason the receive connector stops working, well I presume it is the receive connector. Using the Microsoft Remote Connectivity Analyzer
I get the following error (See Below). As far as I can tell only a reboot of the Server will resolve this error as I have tried stopping all the Exchange Server's services & restarting them and did not fix the problem. As you could imagine rebooting
the server during the day is almost impossible but also not being able to receive emails is very painful. Any advice would be helpful as at this point I am fresh out of ideas except a re-install and hope it doesn't do it again (not really an option). I have
also deleted the receive connector & re-created it.
Delivery of the test email message failed.
Additional Details
The server returned status code -1 - The operation has timed out.
Exception details:
Message: The operation has timed out.
Type: System.Net.Mail.SmtpException
Stack trace:
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
Elapsed Time: 100001 ms.

Hello,
Regrettable the original fault is still there. somewhere between 2 1/2 hours to 3 hours after the server has rebooted it fails the connectivity test & we stop receiving emails same error as above. The only to resolve this issue is to reboot the server
again (almost impossible during working hours). I receive the same error as before, listed above. I have tried deleting the receive connector & re-creating it, have also tried as a frontend connector and a hub connector same thing happens on both.
Curly

Need to stop the pop and Imap receive connectors to be able to start the pop and Imap services in Service Manager

Hello All,
I am hoping that someone else has run across this issue (may have started after CU5 was installed).
Upon every reboot I have found that the "Microsoft Exchange IMAP4" and "Microsoft Exchange POP3" services in the service manager will not start... basic reason in the event viewer is that the ports are already in use.
If I go into the ECP and disable my POP and Imap receive connectors I am able to then start the services.
After the services are started I can then go back to ECP and enable the receive connectors again and everything is fine .
Can anyone shed any light on this?
Thanks in advance ;)
Chris

Hello Winnie,
I bounced the Transport service tonight (adjusting spam filter levels)... so I was able to issue a stop and re-start of the IMAP4 and POP3 services in the service manager.
I stopped both the IMAP4 and POP3 services in service manager.
I issued the start of the services with PowerShell as requested:
PS C:\Users\administrator.XXXXXXXX> Start-service MSExchangePOP3
WARNING: Waiting for service 'Microsoft Exchange POP3 (MSExchangePOP3)' to start...
WARNING: Waiting for service 'Microsoft Exchange POP3 (MSExchangePOP3)' to start...
WARNING: Waiting for service 'Microsoft Exchange POP3 (MSExchangePOP3)' to start...
Start-service : Failed to start service 'Microsoft Exchange POP3 (MSExchangePOP3)'.
At line:1 char:1
+ Start-service MSExchangePOP3
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
   ServiceCommandException
    + FullyQualifiedErrorId : StartServiceFailed,Microsoft.PowerShell.Commands.StartServiceCommand
Then I first stopped the receive connector in ECP and issued the command:
PS C:\Users\administrator.XXXXXXXX> Start-service MSExchangePOP3
WARNING: Waiting for service 'Microsoft Exchange POP3 (MSExchangePOP3)' to start...
WARNING: Waiting for service 'Microsoft Exchange POP3 (MSExchangePOP3
With the receive connector disabled in ECP it was successfully started.... then I enabled the receive connector in ECP and all is fine now
repeated the same with IMAP4
to recap....
If I stop the IMAP4 and/or POP3 service in service manager, I must first disable the IMAP and/or POP receive connector in the ECP, then start the service in service manage.. and then finally go into ECP and enable the receive connector.
Thanks,
Chris
Chris

CU5 failed due to issues with receive connectors

We have a CAS server (mail1, 10.1.0.26) and Mailbox server (mbx1, 10.1.0.25). When I ran the update on the mailbox server, it failed with the following errors (see below). The update completed successfully on the CAS server. It appears
I have a problem with receive connectors. I really could use some help please. Thank you. -Glen
Here are the results of the Get-ReceiveConnector PS script:
Identity
Bindings                                      Enabled
MBX1\Default MBX1                           {0.0.0.0:25}
True
MBX1\Client Proxy MBX1                      {10.1.255.26:25, 0.0.0.0:465}   True
MAIL1\Default Frontend MAIL1              {0.0.0.0:25}
True
MAIL1\Outbound Proxy Frontend MAIL1 {0.0.0.0:717}                              True
MAIL1\Client Frontend MAIL1                {0.0.0.0:587}
True
Here are snippets of the failure results:
The values that you specified for the bindings and RemoteIPRanges parameters conflict with the settings on Receive connector "MBX1\Client Proxy MBX1". A receive connector must have a unique combination of a local IP address & port bindings
and remote IP address ranges. Change at lease one of these settings.
The values that you specified for the bindings and RemoteIPRanges parameters conflict with the settings on Receive connector "MBX1\Default MBX1". A receive connector must have a unique combination of a local IP address & port bindings and remote
IP address ranges. Change at lease one of these settings.

Here's the full output from the failure messages:
Error:
The following error was generated when "$error.Clear();
$connectors = Get-ReceiveConnector -Server $RoleFqdnOrName;
foreach($connector in $connectors) { if($connector.MaxLocalHopCount -gt 1) { Set-ReceiveConnector -Identity $connector.Identity -MaxLocalHopCount 5 } };
" was run: "Microsoft.Exchange.Management.SystemConfigurationTasks.ConnectorMappingConflictException: The values that you specified for the Bindings and RemoteIPRanges parameters conflict with the settings on Receive connector "MBX1\Client Proxy MBX1". A Receive
connector must have a unique combination of a local IP address & port bindings and remote IP address ranges. Change at least one of these values.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
at Microsoft.Exchange.Management.SystemConfigurationTasks.SetReceiveConnector.InternalValidate()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
Error:
The following error was generated when "$error.Clear();
$connectors = Get-ReceiveConnector -Server $RoleFqdnOrName;
foreach($connector in $connectors) { if($connector.MaxLocalHopCount -gt 1) { Set-ReceiveConnector -Identity $connector.Identity -MaxLocalHopCount 5 } };
" was run: "Microsoft.Exchange.Management.SystemConfigurationTasks.ConnectorMappingConflictException: The values that you specified for the Bindings and RemoteIPRanges parameters conflict with the settings on Receive connector "MBX1\Default MBX1". A Receive
connector must have a unique combination of a local IP address & port bindings and remote IP address ranges. Change at least one of these values.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
at Microsoft.Exchange.Management.SystemConfigurationTasks.SetReceiveConnector.InternalValidate()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

Receive connector anonymous or authenticate

Similar Messages

Maybe you are looking for