Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, April 21, 2016 6:28 PM
Looking for some assistance on setting up SMTP authentication using AD service account receive connector on CAS2013 servers.
Sending device/server must be able to send internally and externally. I am not finding a document on this from Microsoft. I have seen few others but not much luck.
Than you
All replies (6)
Friday, April 22, 2016 3:02 PM âś…Answered
You can't authenticate without a mailbox user. The reason I gave you my method is that it uses the existing default Client receive connector without any reconfiguration required whatsoever. If for some reason your client or application cannot use TCP port 587, you can create your own receive connector, lock it down by specifying the client or application IP address in the RemoteIpRanges property and adding AnonymousUsers to the PermissionGroups property, and then enabling the connector for relay.
http://exchangeserverpro.com/exchange-2013-configure-smtp-relay-connector/
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Celebrating 20 years of providing Exchange peer support!
Thursday, April 21, 2016 10:06 PM
Enable a mailbox for the AD service account. Connect your SMTP client to TCP port 587 and authenticate with that account.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Celebrating 20 years of providing Exchange peer support!
Friday, April 22, 2016 2:53 PM
thanks Ed. The receive connector I created is on the cas server shows port 25. Mailbox role is on separate server. my AD service account is w/o a mailbox. Do we really need a mailbox user to make this work?
Monday, April 25, 2016 2:10 PM
Thanks Ed.
Now what's the best way to tackle when the AD service Account gets locked?
I noticed when the account is locked email will not be relayed.
Monday, April 25, 2016 8:16 PM
Unlock it. Then figure out what is logging on to it with the wrong password. Consider changing your account lockout policy so that you don't get so many nuisance lockouts. It's my opinion that this is often set so strictly that it becomes a big pain in the butt with no significant improvement in security.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Celebrating 20 years of providing Exchange peer support!
Tuesday, April 26, 2016 12:24 PM
Thanks Ed. Of course I will unlock and find out what's causing the locks outs. I have around 100 devices/servers relaying mail in and out. I was going to use one account for all of them ...since the lock out issue I will be creating separate accounts for each of these, so if the account gets locked out only that server/device is affected. minimum impact but lot of work.