I'm trying to set up a receive connector that will allow a web based CRM to relay mail. So far, it works, but only if the user I use to login is in the group "Domain Admins" in active directory.
Here are the settings I have checked for the receive connector:
- Security – Authentication: Transport Layer Security, Basic
Authentication - Security – Permission Groups: Exchange Users, Anonymous Users
- Scoping – IP Addresses: Addresses of the CRM, and my IP address for
testing purposes. - Scoping – Network Adapter Bindings: All available IPv4, Port 25.
And here's the steps I'm going through to send an email:
telnet (server fqdn) 25
ehlo
auth login
(username in base 64)
(password in base 64)
"Authentication successful"
mail from: (email address)
"sender ok"
rcpt to: (my email addres)
"recipient ok"
data
subject: test
test
.
"250 Mail queued for delivery."
quit
And I never get the email, it doesn't show up in the queue, or in the SMTP logs. But if I add the user to the "Domain Admins" group in Active Directory Users and Computers, and repeat these steps, everything looks exactly the same, but I do receive the email. Currently, the test user is only a member of "Domain Users". Any ideas?
Best Answer
You've already configured the transport connector that's specific to your CRM; that's good. You've got "Anonymous users" ticked? That will allow your CRM system to send on behalf of your local users.
Now, assuming the connector is called "CRM", also run this powershell snippet
What this does is to tell Exchange that your CRM system is to be permitted to use Exchange to relay through it to non-local users. (I don't recall whether this was required on my 2010 system to deliver to local users, too, but I do recall plenty of frustration on this matter. So much so that my notes became incomplete as I tried one thing after another.)
This link to Elan Shudnow's blog post on the matter may also help.