Description
I am trying to use "Default MAIL-SERVER" (port 2525) receive connector as an authenticated external relay. I am successful with the mailbox "Bob.smith@domain.com" but I am unable do it with "administrator@domain.com".
Permissions
Command
Get-ReceiveConnector -Identity "Default MAIL-SERVER" | Get-ADPermission -User administrator | ft AccessRights, ExtendedRights, Deny
Output
AccessRights ExtendedRights Deny
------------ -------------- ----
{ExtendedRight} {ms-Exch-SMTP-Submit} False
{ExtendedRight} {Send-As} True
{ExtendedRight} {Receive-As} True
{GenericAll} False
Event Viewer
The following error was logged in the event viewer;
The account 'Domain\administrator' provided valid credentials, but is
not authorized to use the server; failing authentication
Event Properties
- Event ID: 1020
- Source MSExchangeTransport
- Task Category: SmtpReceive
Error on client
I receive this error when trying to send a mail using System.Net.Mail SmtpClient
The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated
Update
I turned on "Verbose" ProtocolLogging for the receive connector and identified this entry in SmtpReceive
Inbound authentication failed as we reject well-known account authentication for Domain\administrator
How do I allow well-known account authentication without SSL/TLS?
Best Answer
Why are you using administrator? Setup a dedicated account for this task, which does not have high level permissions which you are passing over the internet, and relay with that. I wouldn't dream of using administrator for anything external.