Sendmail Configuration for Exchange Server
Create anonymous relay connector on Exchange Server
Create connector using powershell
New-ReceiveConnector -Name "Anonymous Relay" -Usage Custom -PermissionGroups AnonymousUsers -Bindings 0.0.0.0:26 -RemoteIpRanges 192.168.1.1
-RemoteIpRanges Parameter is allowed to relay server ip address
Add permissions
Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
No auth nesessary after this powershell command
Add allowed relay server ip to list
$RecvConn = Get-ReceiveConnector "Anonymous Relay"
$RecvConn.RemoteIPRanges += "192.168.1.2", "178.151.1.2", "8.8.8.2"
Set-ReceiveConnector "Anonymous Relay" -RemoteIPRanges $RecvConn.RemoteIPRanges
Links
All info avalible on MS TechNet Allow Anonymous Relay on a Receive Connector
Related videos on Youtube
user119720
Updated on September 18, 2022Comments
-
user119720 over 1 year
i need help for sendmail configuration in our linux machine.
Here the things: I want to send email to outside by using our exchange server as the mail relay.But when sending the email through the server,it will response "user unknown".To make it worse, it will bounce back all the sent message to my localhost.
I already tested our configuration by using external mail server such as gmail and yahoo,the configuration is working without any issue and the email can be sent to the recipient.Most of the configuration of my sendmail is based on here.
authinfo file :
AuthInfo:my_exchange_server "U:my_name" "I:my_email" "P:my_passwd" "M:PLAIN LOGIN" AuthInfo:my_exchange_server:587 "U:my_name" "I:my_email" "P:my_passwd" "M:PLAIN LOGIN"
sendmail.mc :
FEATURE(authinfo,hash /etc/mail/authinfo.db) define(`SMART_HOST', `my_exchange server')dnl define('RELAY_MAILER_ARGS', 'TCP $h 587') define('ESMTP_MAILER_ARGS', 'TCP $h 587') define('confCACERT_PATH', '/usr/share/ssl/certs') define('confCACET','/usr/share/ssl/certs/ca-bundle.crt') define('confSERVER_CERT','/usr/share/ssl/certs/sendmail.pem') define('confSERVER_KEY','/usr/share/ssl/certs/sendmail.pem') define('confAUTH_MECHANISMS', 'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN') TRUST_AUTH_MECH('EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN') define('confAUTH_OPTIONS, 'A')dnl
My first assumptions the problem occur is due to the authentication problem, as exchange server need encrypted authentication (DIGEST-MD5).I have already changed this in the authinfo file (from plain login to digest-md5 login) but still not working.
I also can telnet our exchange server.So the port is not being blocked by firewall.
Can someone help me out with this problems?I'm really at wits ends. Thanks.
-
Admin about 12 yearsHave you added the IP of your sendmail box to the list of IPs that are allowed to relay mail through exchange?
-
Admin about 12 years@ErikA how can i do that?can you show me the way?
-
-
user119720 about 12 yearsI have already tested my exchange relay but it show this error:
530 5.7.1 Client was not authenticated Connection closed by foreign host.
maybe this is because of the security reasons? -
LisonFan about 12 yearsDid you specify the IP for the server in the send connector? So it's actually allowed to relay? Did you also restart the transport service after making the changes to the connector?
-
LisonFan about 12 yearsAlso: do you try to auth with a special account? If so, do you HAVE to? Could it be set to Anonymous?
-
user119720 about 12 years@xstnc can i know where should i check the settings that you have mention?is it in our sendmail box or is it at the exchange mail server?because if its in the exchange mail server i need to wait as I do not have the permission to access that server =(
-
LisonFan about 12 yearsSorry that I forgot to mention! Some of it is exchange and some of it is sendmail. The smtp relay and connector is set in exchange, and the auth I was asking about is the sendmail server. If you can't check the exchange, it would be a good place to start checking the auth for the other server!
-
user119720 about 12 years@xstnc seems that the only auth in my sendmail that i have use is in the authinfo file itself (refer my post above).Other than that i do not change anything(using default sendmail)..Maybe i need add something else somewhere in the sendmail file?
-
LisonFan about 12 yearsShouldn't have to add anything else than define which "smart-host" or relay to use. When looking at this: cri.ch/linux/docs/sk0009.html I would try skipping the authinfo.db file, and just add the smarthost in the .mc file as you have done. In other words, what happens if you remove the "FEATURE(authinfo,hash /etc/mail/authinfo.db)" line?
-
user119720 about 12 years@xstnc without the authinfo file,the sendmail configuration is not working!this is because authinfo file hold the credential of the email account(password,email,username).Without this file sendmail is useless.
-
LisonFan about 12 yearsOh, kinda on deep waters here then.. When using the smtp-relay, you don't have to specify a user and password if you enable anonymous connections - which is the reason why I asked. Next step is confirming the settings on the exchange side
-
user119720 about 12 years@xstnc so there is no other way but to check the exchange mail server settings?seems i'm going to "stuck" on this problem until i have permission to check the mail exchange server then.Hopefully it will work though.
-
LisonFan about 12 yearsWell, that's the best I've got at the moment.. I'll try to run this in a lab - to see how it works in my environment.
-
LisonFan about 12 yearsI'm able to recreate the problem in my lab. I get the same message when not using any auth against exchange. As of now, I don't have the relay/connector setup.