SBS 2008 R2: Did something change with anonymous relays?

Posted by gravyface on Server Fault See other posts from Server Fault or by gravyface
Published on 2011-02-20T22:26:48Z Indexed on 2011/02/20 23:26 UTC
Read the original article Hit count: 235

Filed under:
|
|

Have noticed that prior documentation on setting up anonymous relays in SBS 2008 no longer work without some additional configuration.

Used to be able to follow this documentation, which is basically:

  1. setup a new receive connector
  2. add the IP address(es) that will be permitted to relay
  3. check off "anonymous" under Permission Group and then run the Exchange shell script to grant permissions.

Now what seems to be happening is that if the permitted IP address happens to fall within the same address space as another more restrictive Receive Connector (like the "Default SBS08" one) and possibly if it's ahead of the new Receive Connector alphabetically (haven't tested that yet), the relay attempt fails with "Client Was Not Authenticated" error.

To get it to work, I had to modify the scope of the "Default SBS08" Receive Connector to exclude the one LAN IP that I wanted to allow relaying for.

I can't recall ever having to do this for Exchange 2007 Standard and/or any other SBS 2008 servers I've setup over the last couple of years and I don't remember doing this and the wiki entry I added at the office doesn't mention it either.

So my question is, has anyone else experienced this? Has there been a new change with R2 or perhaps an Exchange Service Pack?

© Server Fault or respective owner

Related posts about exchange

Related posts about sbs-2008