Friday, 31 July 2009

SBS 2008 and Anonymous Mail

As previously mentioned we’re running CommitCRM as our CRM and PSA tool and the program needs to interact with Exchange to both receive and send emails.  Although we had this working to a degree, I finally got around to troubleshooting why we weren’t getting certain emails through.  I had previously read on UKSBSG that Exchange 2007 by default wouldn’t allow anon email to be routed internally – something a scan to email device might need to do.  CommitCRM has a tool to test the email settings and this was giving the following error:

504 5.7.4 Unrecognized authentication type
RequestDone Rq=11 Error=504 5.7.4 Unrecognized authentication type

A quick Google didn’t turn up anything useful so I turned to the ever resourceful MS Partner Online Technical Community (PTOC).  As always I got a extensive reply and because it was in the SBS forum this was within four hours.  Shawn from MS explained that the application was trying to use “UTH CRAM-MD5”, but that this was supported by Exchange 2003 and not Exchange 2007.  To work around this problem Shawn laid out the steps to create a new Receive Connector for Commit to use:

  1. 1.  In EMC, expand Server Configuration, highlight the Hub Transport.
  2. 2.  Start new Receive Connector wizard
  3. 3.  On the Introduction page, follow these steps:
  4. a.  In the Name: field, type a meaningful name for this connector. This name is used to identify the connector.
  5. b.  In the Select the intended use for this connector: field, select Custom.
  6. c.  Click Next.
  7. 4.  On the Local network settings page, click Next
  8. 5.  On the Remote Network settings page, remove the existing - entry. Then add only the IP of the application server to the list
  9. 6.  After completing the Wizard, open properties of the new created receive Connector
  10. 7.  Enable the option "Exchange Servers" under Permission group
  11. 8.  On the authentication page, enable "Externally secured" option
  12. 9.  Restart Microsoft Exchange Transport service

This helped partially, but I also needed to allow Commit to send emails anonymously:

  1. 1. Open the properties of the Receive Connector we created.
  2. 2. Under the Permission Group tab, enable Anonymous users.
  3. 3. Under Authentication tab, only enable "Basic Authentication"
  4. 4. Restart the Exchange Transport Service.

I was now closer and could send emails internally, but not externally.  Via further communication with Shawn I discovered that Exchange 2007 doesn’t allow anonymous users to relay, but this can be changed with the following command in the Exchange Management Shell:

Get-ReceiveConnector "Connector_Name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

After using this command email started flowing correctly for Commit and I’m pretty sure the same setup could be used for other devices/apps that need to route email.

Many thanks once again to the guys at MS PTOC, life is a lot easier when you know someone will have the answer.

Technorati Tags: ,,


Andy said...

Good post!

We had a similar issue with a sonicwall spam appliance - it would receive the messages but then be unable to relay to exchange even though it was an internal device!

I meant to blog about it myself but never gotten around to it...i don't think i'll bother now ;-)

Matt said...

Thank you. This is exactly what I was trying to figure out just now.

Re/Max Gallery said...

I have a toshiba e studio 230 copier. I recently installed sbs 2008. Install and upgrade a success with the exception my copier will no longer scan to email. With sbs 2003 I had no issues. Looking for a solution....wondering if this might work.

Alicia said...

nice article .... sbs 2008 is great...

ChrisUK said...

Spot on. Just had to do this myself for Commit. Like you say it's the same for other apps that need to relay email such as AhsayOBS.

IT Support said...

Good approach with resolutionary idea.

it solutions Manchester