Exchange SMTP rejecting mail from ubuntu vm root user

By SirEvan
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

SirEvan

Posted
Posted

I'm running exchange 2010 at home to learn more about AD and IT setups. I've set up an Ubuntu VM that sits in front of the exchange server, running Postfix/Spamassassin/Pyzor/Razor/DCC/CLAMAV/Mailscanner to weed out spam and viruses. While the setup works great at reducing nearly 100% of all spam, theres an issue with the vm sending messages to myself

post-26332-0-47766900-1353004471.png

I've set up the receive connector in exchange to only allow access from the VM for SMTP, so that nothing else can directly access exchange. I have no issues receiving email from anywhere on the internet, but if I try to send email from the ubuntu vm (logs, etc), Exchange seems to bounce or reject the message, with the following showing in the logs:

<myemail@mydomain>: host 192.168.0.3[192.168.0.3] said: 501 5.1.7 Invalid address(in reply to MAIL FROM command)

If I look in the root mail account on ubuntu, i see the following:


Final-Recipient: rfc822; <[email protected]>
Action: failed
Status: 5.1.7
Remote-MTA: dns; 192.168.0.3
Diagnostic-Code: smtp; 501 5.1.7 Invalid Address
.
.
.
.
To: [email protected]
From: root
Subject: Logwatch for ubuntu (Linux)
[/CODE]

I already enabled anonymous users to access the receiver connector, so why is exchange rejecting mail from the root user?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

why would exchange accept email from "root" That is not a valid email address, [email protected] would be valid email address.

To: [email protected]

From: root

Subject: Logwatch for ubuntu (Linux)"

Grand Master

SirEvan

Posted
  • Author
Posted

why would exchange accept email from "root" That is not a valid email address, [email protected] would be valid email address.

To: [email protected]

From: root

Subject: Logwatch for ubuntu (Linux)"

that's what ubuntu is sending as. Shouldn't the "anonymous" access allow any sending party to access the SMTP server? I thought about that, since "root" is just a account name, and not a proper address, but I don't know how to change it.

Organization -> Hub Transport -> Send Connectors:

post-26332-0-58909200-1353018529.png

post-26332-0-63993800-1353018531.png

post-26332-0-67988700-1353018533.png

post-26332-0-65627800-1353018535.png

Server Configuration -> Hub Transport -> Receive Connectors:

post-26332-0-21955000-1353018537.png

post-26332-0-32719200-1353018539.png

post-26332-0-32627000-1353018541.png

post-26332-0-22416500-1353018543.png

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

I would agree with budman that the email address "root" is the problem. You would have to change it with the format of [email protected]. Budmans instructions should do that for you. The receive connector should work for you. The send connector is fine. in exchange 2007 they incorporated a block from unauthenticated sources to send mail outside of the domain.

In exchange powershell (there is no gui check box or setting you can make to enable this):

Get-ReceiveConnector "modelxposure.com" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Proficient

duddit2

Posted
Posted

Looking at the initial diagram, your Linux box is 192.168.0.2, but on the receive connector on exchange you don't have that IP listed. Also for an internal machine to send to exchange direct (i.e. not through outlook so not AD secured) then you have to enable 'externally secured (For example with IPsec)' so that the connection will be permitted, as your box sending an email is acting as a client in this scenario and not a relay server.

See screenshot:

post-325730-0-58598200-1353071751.jpg

Proficient

duddit2

Posted
Posted

Sorry ignore me, this is for relaying through the server, doh!

and this being in the rejection message confirms for me the format of the from address is to blame:

<myemail@mydomain>: host 192.168.0.3[192.168.0.3] said: 501 5.1.7 Invalid address(in reply to MAIL FROM command)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Why you need to take back control of your synced passwords and how to go about doing that

      By datacenter · Posted

      There is a saying in my country: "The wolf has a thick neck because he does his own work." Let that sink in
    • The Light of Life? We actually do glow till our Death, study finds

      By Liberi_Fatali · Posted

      Interesting image choice... reminds me of the human centipede poster
    • Why you need to take back control of your synced passwords and how to go about doing that

      By +Warwagon · Posted

      I love syncback!
    • Politically funny images of the World

      By +primortal · Posted

    • Get $50 of aloSIM Mobile Data Traveler eSim credit for just $24.97

      By News Staff · Posted

      Get $50 of aloSIM Mobile Data Traveler eSim credit for just $24.97 by Steven Parker Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where you can save 50% off aloSIM Mobile Data Traveler Lifetime eSim Credit: Pay $24.97 for $50. Stay connected affordably in 120+ countries/regions with your own lifetime eSIM! An eSIM is a digital SIM card. It's basically just mobile data. Once it's activated on your device, it can connect you to data networks in other countries – giving you an internet connection with NO roaming charges. With aloSIM, you can load prepaid eSIM data packages onto your phone, tablet, or computer. Your lifetime eSIM never expires, so it's yours forever and there are never any monthly charges. You'll get $50 in eSIM data credit, which is almost always enough to cover all your data roaming needs for a full year. But if you run out of data, you can always top up your lifetime eSIM and stay connected internationally. Pay $24.97 for a lifetime eSIM with $50 in travel data credit Use your eSIM to join data networks in 120+ countries Install your lifetime eSIM on a compatible device to roam on local data networks Your lifetime eSIM never expires, and can be topped up with more data anytime Many data packages cost as little as $4.50 and last 7 days. Depending on the package you choose, the length of time varies. Good to know Length of access: lifetime For NEW customers only Instant digital redemption Once you add your $50 credit to your aloSim account you have up to 12-months to use it — after that your credit will expire When you pay for a data plan you also get a free phone number (via Hushed) for the same duration of your plan that was purchased - IE 7 day eSim plan gives you a free 7-day phone number Purchased coupon must be redeemed and used within 12 months This deal is not stackable (one offer per aloSIM account) A $4.50 data package will last 7 days The data DOES expire, and you WILL NOT have any leftover data for your next trip unless it takes place within the validity period. While the eSIM never expires, the actual data package is only valid for the length of time stated at purchase (i.e. seven days after activation, 30 days after activation, etc.) So if you buy a seven-day package and only use a tiny bit, that package is still going to expire after seven days. Access options: mobile (check compatibility) Max number of device(s): 1 Updates included Here's the deal: This aloSIM Mobile Data Traveler eSim $50 Credit normally costs ... $50, but it can be yours for just $24.97 for a limited time, a saving of $25 (50% off). For specifications, and license info please click the link below. Get this aloSIM Mobile Data Traveler eSim for just $24.97 (was $50) Although priced in U.S. dollars, this deal is available for digital purchase worldwide. Support queries If you have queries or need support for any of the Neowin Deals, please use the contact form here. Neowin Deals are managed and sold by StackCommerce who represent Neowin on an affiliate basis. Why we post these deals We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. So for those that keep moaning and complaining, be thankful we're still online for you to even do that. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.

  • Recent Achievements

    • First Post
      DrWankel earned a badge
      First Post
    • Reacting Well
      DrWankel earned a badge
      Reacting Well
    • Week One Done
      Supreme Spray LV earned a badge
      Week One Done
    • One Month Later
      Genuinetonerink- Dubai earned a badge
      One Month Later
    • Week One Done
      Genuinetonerink- Dubai earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      498
    2. 2
      +Edouard
      158
    3. 3
      PsYcHoKiLLa
      90
    4. 4
      Steven P.
      74
    5. 5
      Michael Scrip
      72
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!