Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 0 subscribers
  • Views 17133 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange 2010 with SPX Virtual Appliance - error 530 5.7.1

SGICT

Hi,

I've setup the following topology

Internet -> Sophos Virtaul Email Appliance -> Exchange 2010 Hub Transport

Sending emails out from internally works fine, as in it passes through the whole topology great.

However, incoming emails when switching it over to use the Sophos Appliance bounces emails back with 530 5.7.1 Client was not authenticated (in reply to mail from command)

The receive connection on the Hub transport allows anon. connections and ive bounced the hub transport service. Oddly with verbose logging mode on the email never appears even in the logs of exchange receive. However, the Sophos appliance does log it so I know for a fact the email is coming into the appliance but its getting rejected by Exchange. It's almost as if Exchange isnt allowing anon. connection.

Im wondering whether I need to create a new receive connection as an open relay to only the Sophos appliance.

Any help would be great

:25791


This thread was automatically locked due to age.
  • 0

    Ive spent further time on this and still no joy.

    I've double checked the setup and tried powershell command to allow relaying on the connection for anon. just to see if it would fix it - hasn't

    :25829
  • 0

    Hi There,

    By default a Hub transport server won't allow anonymous connections (even when not attempting to relay to external domains).  It sounds like you have been doing the right thing though.

    As well as allowing anonymous connections, did you allow anonymous permissions? 

    http://technet.microsoft.com/en-us/library/bb738138.aspx

    If the message isn't showing up in the Exchange logs, are you sure that the ESA is actually delivering mail to expected Exchange server?  The settings for this on the ESA are in:

    'Configuration | Routing | Mail Domains'

    You can also check which IP was used for delivery by checking:

    'Search | Mail Logs'

    Thanks,

    Tom.

    :25847
  • 0

    FIXED!

    Thanks TomA for your reply - Sadly, I had already gone through what you suggested.

    The problem was down to the Exchange 2010 setup and using Anti-Spam feature on the Hub Transport server rather than relying on an Edge Transport server (Sophos Appliance is taking it's role).

    If you use Hub Transport server as your external mail delivering/receiving server then you can enable Anti-Spam feature via running elevated powershell script:

    %system drive%/Program Files\Microsoft\Exchange Server\V14\Scripts folder\install-AntispamAgents.ps1

    What I didn't realise is activating the Anti-Spam filter on the hub transport actually disallows the ability of appliances to email it.

    This would explain why I didnt see any logs entries because it was simply being dropped.

    I didn't go into it much further as to how to allow it because we're switching over to Sophos Appliance as our external mail delivering/receiving server so Anti-Spam filter is no longer required on the Hub.

    However, there is very little on search engines on how to Remove or disable Anti Spam Functionality on an Exchange 2010 Hub Transport Server so for the record you need to run this in elevated mode in powershell

    %system drive%/Program Files\Microsoft\Exchange Server\V14\Scripts folder\uninstall-AntispamAgents.ps1

    Bounce the Transport Service on the Hub.

    That's it, Sophos will start working.

    :25899
  • 0

    Hi SGICT,

    Glad you managed to resolve this.  Thanks very much for updating the forum with your solution!

    -Tom.

    :25909
Unfiltered HTML