Exchange SMTP rejecting mail from ubuntu vm root user

By SirEvan
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

SirEvan

Posted
Posted

I'm running exchange 2010 at home to learn more about AD and IT setups. I've set up an Ubuntu VM that sits in front of the exchange server, running Postfix/Spamassassin/Pyzor/Razor/DCC/CLAMAV/Mailscanner to weed out spam and viruses. While the setup works great at reducing nearly 100% of all spam, theres an issue with the vm sending messages to myself

post-26332-0-47766900-1353004471.png

I've set up the receive connector in exchange to only allow access from the VM for SMTP, so that nothing else can directly access exchange. I have no issues receiving email from anywhere on the internet, but if I try to send email from the ubuntu vm (logs, etc), Exchange seems to bounce or reject the message, with the following showing in the logs:

<myemail@mydomain>: host 192.168.0.3[192.168.0.3] said: 501 5.1.7 Invalid address(in reply to MAIL FROM command)

If I look in the root mail account on ubuntu, i see the following:


Final-Recipient: rfc822; <[email protected]>
Action: failed
Status: 5.1.7
Remote-MTA: dns; 192.168.0.3
Diagnostic-Code: smtp; 501 5.1.7 Invalid Address
.
.
.
.
To: [email protected]
From: root
Subject: Logwatch for ubuntu (Linux)
[/CODE]

I already enabled anonymous users to access the receiver connector, so why is exchange rejecting mail from the root user?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

why would exchange accept email from "root" That is not a valid email address, [email protected] would be valid email address.

To: [email protected]

From: root

Subject: Logwatch for ubuntu (Linux)"

Grand Master

SirEvan

Posted
  • Author
Posted

why would exchange accept email from "root" That is not a valid email address, [email protected] would be valid email address.

To: [email protected]

From: root

Subject: Logwatch for ubuntu (Linux)"

that's what ubuntu is sending as. Shouldn't the "anonymous" access allow any sending party to access the SMTP server? I thought about that, since "root" is just a account name, and not a proper address, but I don't know how to change it.

Organization -> Hub Transport -> Send Connectors:

post-26332-0-58909200-1353018529.png

post-26332-0-63993800-1353018531.png

post-26332-0-67988700-1353018533.png

post-26332-0-65627800-1353018535.png

Server Configuration -> Hub Transport -> Receive Connectors:

post-26332-0-21955000-1353018537.png

post-26332-0-32719200-1353018539.png

post-26332-0-32627000-1353018541.png

post-26332-0-22416500-1353018543.png

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

I would agree with budman that the email address "root" is the problem. You would have to change it with the format of [email protected]. Budmans instructions should do that for you. The receive connector should work for you. The send connector is fine. in exchange 2007 they incorporated a block from unauthenticated sources to send mail outside of the domain.

In exchange powershell (there is no gui check box or setting you can make to enable this):

Get-ReceiveConnector "modelxposure.com" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Proficient

duddit2

Posted
Posted

Looking at the initial diagram, your Linux box is 192.168.0.2, but on the receive connector on exchange you don't have that IP listed. Also for an internal machine to send to exchange direct (i.e. not through outlook so not AD secured) then you have to enable 'externally secured (For example with IPsec)' so that the connection will be permitted, as your box sending an email is acting as a client in this scenario and not a relay server.

See screenshot:

post-325730-0-58598200-1353071751.jpg

Proficient

duddit2

Posted
Posted

Sorry ignore me, this is for relaying through the server, doh!

and this being in the rejection message confirms for me the format of the from address is to blame:

<myemail@mydomain>: host 192.168.0.3[192.168.0.3] said: 501 5.1.7 Invalid address(in reply to MAIL FROM command)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Secure Boot

      By cork1958 · Posted

      Simple answer is yes, you will still get the Windows updates and as long as browser is up to date, you will be good. Only thing secure boot does is protect you against boot level threats and make it harder to install other OS's. I've been looking into this pretty thoroughly lately myself as wifes computer has secure boot disabled plus my other, older computers that run Linux, don't have secure boot enabled. Have seen all kinds of questions about this on the Linux Mint and MX Linux forums. Just don't suddenly enable secure boot now.
    • Ford execs say they made a mistake when they replaced human engineers with AI

      By TsarNikky · Posted

      How many other companies will follow Ford's lead? Or, have they already gotten lazy and become enslaved to AI--and now can't figure out how to get out of that mess.
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By TsarNikky · Posted

      Why would any self-respecting intelligent person follow any recommendation by Donald's GOP administration? With almost two years of fabrications, deceit, and blatantly illegal behavior, why believe them now? They had best be gone after the November 2026 election, so we'll wait and see.
    • AltSendme 0.4.1

      By Copernic · Posted

      AltSendme 0.4.1 by Razvan Serea AltSendme is a minimal, cross-platform application designed for fast, secure, and private peer-to-peer file transfers. It allows users to send files or entire directories directly between devices without relying on cloud servers, accounts, or any personal information. Everything is encrypted end-to-end using modern protocols like QUIC and TLS 1.3, ensuring both strong security and low-latency performance. Transfers are verified with BLAKE3 for data integrity, and interrupted downloads automatically resume, making the experience reliable even on unstable connections. You can transfer anything—images, videos, documents, and more. Integrity checks are performed on both ends, so your files are automatically verified for correctness during both sending and receiving. AltSendme works seamlessly across local networks or long-distance links, capable of saturating multi-gigabit connections for extremely fast delivery. With built-in NAT traversal and encrypted relay fallback, it connects devices almost anywhere. The app integrates with the Sendme CLI and will soon support mobile and web platforms. Fully free and open-source, AltSendme offers a lightweight, privacy-first alternative to traditional cloud-based services, removing size limits, upload costs, and unnecessary data exposure. AltSendme 0.4.1 changelog: Release Highlights Self-hosted relays: Run your own iroh relay so transfers don't rely on public infrastructure. Includes a full deployment template in deploy/relay/ with Docker Compose for a VPS and configuration examples for production use. Fly.io support: One-click deploy template for Fly.io, including a quick-start config (fly.dev.toml) for testing without a custom domain, plus production setup with Let's Encrypt and your own hostname. Relay settings UI: New Settings → Network panel to choose how AltSendme connects: automatic public relays, custom self-hosted URLs (with optional auth token), or disabled. Test connections, verify latency, and see live relay status in the footer. Disable relays: Turn off relay servers entirely when you only need same-network transfers (e.g. LAN). Direct connections only. No relay hop required when devices can reach each other. Android graduates from beta: Android is now part of the regular release cycle alongside desktop. APKs ship with each version (universal, arm64, and armv7). Other improvements Private relay access control via shared auth token Relay fallback notifications when a custom relay is unreachable Broadcast mode toggle in sharing settings Android release build fixes (split-per-ABI APKs, universal APK preservation) UI polish: mobile safe-area insets, dropzone layout, transfer progress animation Bug fixes for minification-related serialization issues and system tray icon loading What's Changed feat(relay): add relay status functionality and settings UI (a120cdf) feat(relay): implement custom relay server configuration and verification (51276c7) feat(relay): add configuration for private relay access and enhance observability features (48fbabf) feat(relay): enhance relay URL validation, display connection status (d4fffa0) feat(relay): add RelayChangeGuard component and enhance relay-related translations (16ba514) feat(broadcast): add toggle setting for broadcast mode in sharing UI (ca6d977) fix(relay): correct QUIC discovery port, pin image, templatize fly.dev (52a2ba5) fix: More broken serialization due to minification (67491a9) fix(android): preserve true universal APK across per-ABI builds (e9f256f) fix(ui): conditional safe-area insets padding on mobile (1182f0e) refactor(transfer): CircularRing component animation fix (944572b) chore(android): drop x86 and x86_64 release APKs, keep universal+arm64+armv7 (34ada0b) Download: AltSendme 0.4.1 | ARM64 | ~9.0 MB (Open Source) Download: AltSendme for MacOS | Android Links: AltSendme Home Page | GitHub | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Why Delta Chat is the best decentralized messenger you have probably never tried

      By zikalify · Posted

      You are mostly right about the ephemeral nature of it. As I mention in the article, if you dont add a second device or take a backup of your account before uninstalling it, then yes you will lose access to your account. That said, in terms of actual user experience when you sync multiple devices your message history carries across and there's also a Saved Messages chat like there is on Telegram to send messages and attachments between your installs. But yh, what you point out are correct and its not trying to emulate Messenger or Telegram.

  • Recent Achievements

    • Week One Done
      flexorcist earned a badge
      Week One Done
    • One Month Later
      Woland13 earned a badge
      One Month Later
    • Week One Done
      Woland13 earned a badge
      Week One Done
    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      +Edouard
      225
    3. 3
      PsYcHoKiLLa
      149
    4. 4
      Steven P.
      75
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!