Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to Relay - Transport server resolving IP from External DNS source

Status
Not open for further replies.

dpvone

MIS
Aug 16, 2001
24
US
We have just purchased and implemented a Mobile Device Management Appliance solution in our company from MobileIron. We installed and configured it on our DMZ (10.10.10.) per Mobileiron's strong reccomendation. Part of this appliance's functionality is to notify users via text message, or email, or both, when their device has been registered and these messages have instructions and likns for the user to set up the apps necessary for management and email flow. When I registered the first device, neither of these message were received on the device or in the user's gmail account. The apps can be set up manually by IT staff, but for a large deployment this functionality needs to work. All connectors are created and configured correctly.

Working with MobileIron we were able to determine that if sending emails to any external address from the MobileIron device we received the following error message:

550 5.7.1 Unable to relay

We have ruled out the appliance itself, and our spam filtering application and isolated the issue to the hub transport server being used. Essentially here's what I ahve it narrowed down to using telnet session and SMPTP commands:

1. MobileIron appliance (10.10.10.70) establishes a session with the smtp server (192.168.0.77).
2. helo command sent =>250 response received
3. Mail From command entered => Response received 'Recipient OK'
4 rcpt to: command entered with a gmail address => response recevied 550.5.7.1 Unable to relay

Here's where this is failing: The 250 response to the helo command comes back with the following line:

250 smtp.nesn.org Hello [67.208.183.134]

The name smtp.nesn.org is defined in the defualt connector for our exchange environment and that IP address is the Public Address assigned to the MobileIron appliance, which tells me that the hub transport server is not using the correct Connector, and it is also looking at external DNS to resolve the name, hence it won't relay because we don't want to, by default, relay from an outside address.

We have checked all of the Hub Transport configuration to verify that we have all of the correct DNS entries in the correct fields. Per everything we've looked at, this should be working. Has anyone had a similar experience? Is there some hidden DNS file that the transport server uses which we're missing? Any help would be greatly appreciated.

Thanks,
Dan Perez
 
What's your custom receive connector look like? Does it specifically have the MobileIron appliance IP defined as the allowed sender? Has it also been configured to allow anonymous relay using the PowerShell permissions command?

Or it can be configured as shown in this article, with the Externally Secured and Exchange Servers settings in the Auth and Permissions tabs:

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top