Exchange SMTP rejecting mail from ubuntu vm root user

By SirEvan
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

SirEvan

Posted
Posted

I'm running exchange 2010 at home to learn more about AD and IT setups. I've set up an Ubuntu VM that sits in front of the exchange server, running Postfix/Spamassassin/Pyzor/Razor/DCC/CLAMAV/Mailscanner to weed out spam and viruses. While the setup works great at reducing nearly 100% of all spam, theres an issue with the vm sending messages to myself

post-26332-0-47766900-1353004471.png

I've set up the receive connector in exchange to only allow access from the VM for SMTP, so that nothing else can directly access exchange. I have no issues receiving email from anywhere on the internet, but if I try to send email from the ubuntu vm (logs, etc), Exchange seems to bounce or reject the message, with the following showing in the logs:

<myemail@mydomain>: host 192.168.0.3[192.168.0.3] said: 501 5.1.7 Invalid address(in reply to MAIL FROM command)

If I look in the root mail account on ubuntu, i see the following:


Final-Recipient: rfc822; <[email protected]>
Action: failed
Status: 5.1.7
Remote-MTA: dns; 192.168.0.3
Diagnostic-Code: smtp; 501 5.1.7 Invalid Address
.
.
.
.
To: [email protected]
From: root
Subject: Logwatch for ubuntu (Linux)
[/CODE]

I already enabled anonymous users to access the receiver connector, so why is exchange rejecting mail from the root user?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

why would exchange accept email from "root" That is not a valid email address, [email protected] would be valid email address.

To: [email protected]

From: root

Subject: Logwatch for ubuntu (Linux)"

Grand Master

SirEvan

Posted
  • Author
Posted

why would exchange accept email from "root" That is not a valid email address, [email protected] would be valid email address.

To: [email protected]

From: root

Subject: Logwatch for ubuntu (Linux)"

that's what ubuntu is sending as. Shouldn't the "anonymous" access allow any sending party to access the SMTP server? I thought about that, since "root" is just a account name, and not a proper address, but I don't know how to change it.

Organization -> Hub Transport -> Send Connectors:

post-26332-0-58909200-1353018529.png

post-26332-0-63993800-1353018531.png

post-26332-0-67988700-1353018533.png

post-26332-0-65627800-1353018535.png

Server Configuration -> Hub Transport -> Receive Connectors:

post-26332-0-21955000-1353018537.png

post-26332-0-32719200-1353018539.png

post-26332-0-32627000-1353018541.png

post-26332-0-22416500-1353018543.png

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

I would agree with budman that the email address "root" is the problem. You would have to change it with the format of [email protected]. Budmans instructions should do that for you. The receive connector should work for you. The send connector is fine. in exchange 2007 they incorporated a block from unauthenticated sources to send mail outside of the domain.

In exchange powershell (there is no gui check box or setting you can make to enable this):

Get-ReceiveConnector "modelxposure.com" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Proficient

duddit2

Posted
Posted

Looking at the initial diagram, your Linux box is 192.168.0.2, but on the receive connector on exchange you don't have that IP listed. Also for an internal machine to send to exchange direct (i.e. not through outlook so not AD secured) then you have to enable 'externally secured (For example with IPsec)' so that the connection will be permitted, as your box sending an email is acting as a client in this scenario and not a relay server.

See screenshot:

post-325730-0-58598200-1353071751.jpg

Proficient

duddit2

Posted
Posted

Sorry ignore me, this is for relaying through the server, doh!

and this being in the rejection message confirms for me the format of the from address is to blame:

<myemail@mydomain>: host 192.168.0.3[192.168.0.3] said: 501 5.1.7 Invalid address(in reply to MAIL FROM command)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Why it's almost impossible to produce a smartphone in the United States

      By ad47uk · Posted

      Cheap labour, the same as the U.K. China pays their people pittance.
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By ad47uk · Posted

      Those people that come over here on boats are already in a safe country, if they want to come over here then do so correctly though the right channels. I was born in the U.K, my family that came over here came so via the proper means. My partner came here via the correct channels, she also became a British citizen, she knows more about this country than most of them that was born here, including myself, she worked hard to do what she does. She will stick up for this country and have done a few times, when people from her own part of world have put the U.K down. We are not going to agree, all I said to start with is that maybe Trump has the right idea with this America first thing and maybe we should start doing the same. Maybe not as drastic as what he is doing, but we do need to sort this country out, we need to sort out tech instead of relying on the U.S and others. Again you have not shown why you are so annoyed that we have left the E.U and this is what it is all about? If you don't live in the U.K and live in the E.U are you annoyed that we left your little club? If you live in the U.K and is pro-E.U, then fair enough then I can see how it annoys you. Are you one of these people who lives in the U.K and have a holiday chalet in the E.U and can now only stay there for so long? If so, then that is bad luck. As I have posted before, I have no problem with people coming here to work, as long as they do if via the proper channels. We are out of the E.U, people voted out, and maybe if more people had voted instead of sitting on their backsides the results would have been different. But they like the E.U and our government thought no we would not vote to leave. How wrong they were, surprised me. I expected to wake up in the morning and hear on the radio that we voted to stay. As I said, we are out and have been for 10 years, we are not going to go back in anytime soon if we ever do, so we all need to make the best of how things are. Anyway, this is supposed to be a tech site.
    • Why it's almost impossible to produce a smartphone in the United States

      By JohnnyQ55 · Posted

      Tim Cook: "The US over time began to stop having as many vocational kinds of skills." What's the point of wasting time getting those skills if you can't get a job with them? Good Lord, maybe he and his cohort of CEO's who exported all these jobs to China should just shut the f**k up :D
    • The official Funny Pictures thread

      By Steven P. · Posted

    • Game I've been Working On

      By +pmrd · Posted

      I made a new Cinematic/Trailer for the game, this will be the intro, still a work in progress!  I also updated the Steam page with a ton of new screenshots! 👀 https://store.steampowered.com/app/3925340/Incoherence_Dark_Rooms/  

  • Recent Achievements

    • Conversation Starter
      jessse3334 earned a badge
      Conversation Starter
    • Reacting Well
      JuvenileDelinquent earned a badge
      Reacting Well
    • One Month Later
      Excellence2025 earned a badge
      One Month Later
    • Week One Done
      Excellence2025 earned a badge
      Week One Done
    • Week One Done
      flexorcist earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      502
    2. 2
      +Edouard
      215
    3. 3
      PsYcHoKiLLa
      150
    4. 4
      Steven P.
      74
    5. 5
      macoman
      62
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!