User comments on ISPs
  >> Zen Internet


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User andyhud
(newbie) Fri 28-Jul-17 15:29:47
Print Post

Exchange Server Mail Relay - Zen Internet


[link to this post]
 
Hi Guys

I have a Zen Internet FTTP Circuit but I also have a BT Business FTTP Circuit.
I have an Exchange 2016 server and I'm trying to configure it to send email via "mailhost.zen.co.uk" using Authenticated Relay over TLS (Port 587). Problem is, its just bouncing back saying I'm not authenticated. (this is over the BT Business circuit of course, its fine if I send over the Zen FTTP circuit)

I just get back "smarthost01d.mail.zen.net.uk
Remote Server returned '550-This is not an open relay. To send through this server you must either be 550 on a Zen Internet IP address or be authenticated over TLS.
"

Has anyone managed to get any mail server to relay over TLS to mailhost.zen.co.uk that is NOT on a Zen Internet connection?

These are my exchange send connector settings

AddressSpaces : {SMTP:*;1}
AuthenticationCredential : System.Management.Automation.PSCredential
CloudServicesMailEnabled : False
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
ConnectorType : Default
DNSRoutingEnabled : False
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn : mx1.mydomain.com
FrontendProxyEnabled : True
HomeMTA : Microsoft MTA
HomeMtaServerId : SERVER01
Identity : SERVER01 - Zen Send Connector
IgnoreSTARTTLS : False
IsScopedConnector : True
IsSmtpConnector : True
MaxMessageSize : 35 MB (36,700,160 bytes)
Name : SERVER01 - Zen Send Connector
Port : 587
ProtocolLoggingLevel : None
Region : NotSpecified
RequireOorg : False
RequireTLS : True
SmartHostAuthMechanism : BasicAuthRequireTLS
SmartHosts : {mailhost.zen.co.uk}
SmartHostsString : mailhost.zen.co.uk
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {SERVER01}
TlsAuthLevel : EncryptionOnly
TlsCertificateName :
TlsDomain :
UseExternalDNSServersEnabled : False


(Note: I've edited a couple of lines above so my real internal server name etc dont show. I've also highlighted some key lines in bold).

Ironically, if I setup a mail client (like Thunderbird etc) and try that over my BT circuit it works with Authenticated Relay, just not when using Exchange.. its like it needs something else.

I'm using my Zen "Webmail" username for my username to auth with (zen123467@zen.co.uk) and my password. I've checked these credentials work via Zen's Webmail Service. They login fine.

Any ideas?

Cheers!

Andy
Standard User PaulKirby
(knowledge is power) Fri 28-Jul-17 16:51:35
Print Post

Re: Exchange Server Mail Relay - Zen Internet


[re: andyhud] [link to this post]
 
Have you tried using port 25 or 465, other than that I have no clue why its not working.

Paul

BTBroadband - Infinity 4 310Mbps (down), 31Mbps (up) FVA
TBB Speedtest | BQM #4 Linksys WRT 3200 ACM
Standard User andyhud
(newbie) Sat 29-Jul-17 14:00:05
Print Post

Re: Exchange Server Mail Relay - Zen Internet


[re: PaulKirby] [link to this post]
 
Hi there

Thanks for your reply. I tried 25 first of all, then saw on Zen's Support site for Outlook SMTP auth relay over TLS it used 587, so I tried that too

I can telnet port 25 and 587 successfully from my exchange server to "mailhost.zen.co.uk" and it responds, just can't auth. I could try to run the telnet commands manually and see if that works but its a faff converting the credentials into base64.

mailhost.zen.co.uk doesnt respond on 465...

Right now, I've got no idea why its not working...

Any other thoughts out there?

Cheers

Andy


Register (or login) on our website and you will not see this ad.

Standard User 10forcash
(regular) Sat 29-Jul-17 16:49:41
Print Post

Re: Exchange Server Mail Relay - Zen Internet


[re: andyhud] [link to this post]
 
The sending domain needs to be in your control, (i.e. verifiably yours) and registered with BT business as a mail server, you then need to set up a 'smarthost' within Exchange to send via smtp.btconnect.com port 25. If using to forward to another sending domain, auth needs to be on and set to the credentials for the ultimate sending domain, if using BT as the sending domain, auth needs to be off.
Standard User andyhud
(newbie) Sat 29-Jul-17 18:03:46
Print Post

Re: Exchange Server Mail Relay - Zen Internet


[re: 10forcash] [link to this post]
 
In reply to a post by 10forcash:
The sending domain needs to be in your control, (i.e. verifiably yours) and registered with BT business as a mail server, you then need to set up a 'smarthost' within Exchange to send via smtp.btconnect.com port 25. If using to forward to another sending domain, auth needs to be on and set to the credentials for the ultimate sending domain, if using BT as the sending domain, auth needs to be off.


Hi there, thanks for your reply, but I think you may have mis-understood my question?

My issue is not with BT or their mailserver(s), my issue is trying to send email via Exchange 2016 to the ZEN Internet Mail Server (mailhost.zen.co.uk) using Authentication over TLS but from a non-Zen Internet connection (e.g. a BT one, but it could be any ISP, just not Zen).

My send connector is already configured with a smart host (see above, its in bold) for mailhost.zen.co.uk, but I'm getting bounce backs saying I'm unable to relay because the Auth over TLS is failing (and thats the reason for my query)

I own all my domain names, but they are not with BT nor Zen, but thats actually irrelevant to this issue.

Any additional thoughts you have would be appreciated

Thanks
Standard User 10forcash
(regular) Sat 29-Jul-17 21:37:43
Print Post

Re: Exchange Server Mail Relay - Zen Internet


[re: andyhud] [link to this post]
 
Because you are transiting SMTP traffic over BT's infrastructure, it is effectively the first hop in a mail relay, therefore the above configuration applies. You can find more detail as to why on the BT Business fora, like this snippet:-

"Allow me to explain the situation, and the resolution.



Firstly, you *do* need to use BT's SMTP relay. You can configure a connector for this purpose, or just enter the smtp relay (mail.btconnect.com or whatever) in the smart host box of the SMTP Virtual Server's outbound-connection tab.



The problem though, is that if you tell Exchange (2003) to use authentication, which BT say they require, then Exchange will *fail* when it gets through to one of BT's cluster of SMTP servers which does not accept authentication. This is different to Outlook Express for example, which will just send the message without AUTH if the server doesn't accept AUTH. BT's servers can't seem to make their minds up whether they want AUTH or not. So you should leave auth turned off and use mail.btconnect.com or mail.btclick.com whichever it is.. I can't remember). This works for me on many sites.



The reason you have to use your ISP's relay rather than direct delivery via DNS MX lookups, is because it is simply not accepted practice to deliver directly any more. End user IP addresses are contained within many DNS blocklists (DUL - dial-up user lists as they were once known). Many ISPs now will not accept direct delivery of mail from end user IP addresses



You make sure your WHOIS postal address matches the BT account holder's address, then you call up BT on 0845 600 7020 and have your domain added for 'mail relay' on their whitelist, then your outbound mail works."

It's an old post but still explains the situation quite well.
Standard User jchamier
(eat-sleep-adslguide) Sat 29-Jul-17 21:39:22
Print Post

Re: Exchange Server Mail Relay - Zen Internet


[re: andyhud] [link to this post]
 
Why do you want to use Zen smarthost from another network even authenticated?

Might be that Zen haven't allowed relay from your source subnet even with SMTP AUTH.

plusnet unlimited fibre 80/20 - 2 Jun 14 - Sync at 28/Jul/17: 64,899/9,065 - G.INP & 3.3 dB SNRm
18 years of UK broadband since 1999 ntl:cable modem trial - Asus RT-AC68U and HG612 - BQM
Standard User 10forcash
(regular) Sat 29-Jul-17 21:56:42
Print Post

Re: Exchange Server Mail Relay - Zen Internet


[re: jchamier] [link to this post]
 
Failover was the assumption I was making, otherwise it makes no sense.
It would be easier to set up two SMTP routes, with the preferred one having a lower cost, that way, if it is failover, the emails will still be sent once the lower cost route times out.

Edited by 10forcash (Sat 29-Jul-17 22:01:05)

Standard User CecilWard
(newbie) Sun 30-Jul-17 01:11:17
Print Post

Re: Exchange Server Mail Relay - Zen Internet


[re: andyhud] [link to this post]
 
Andy,

Can't help you with Zen, but I use UKServers Ltd's (trading as 'virtualnames') email system for SMTP over TLS. You will need an account, which is peanuts per year. Then you just need to authenticate as you are doing now and your source IP can be whatever you need. I have been using them for 15 years and they are superb, brilliant support, extremely reliable and unbeatable value. See http://www.virtualnames.co.uk/email_services.php and there is a page with detailed settings for smtp https://support.ukservers.net/support/solutions/arti...

See what you think.
Standard User CecilWard
(newbie) Sun 30-Jul-17 01:16:05
Print Post

Re: Exchange Server Mail Relay - Zen Internet


[re: andyhud] [link to this post]
 
I would be surprised if an ISP, Zen included, let anyone use their servers when not coming from one of their client networks, even with smtp-auth. That's why I use a non-ISP mail service provider for all of my email, then it all just works from anywhere.

An ISP probably would not want the hassle of trying to locate an abuse coming from an IP address that they don't know anything about, whereas if it is one of their own customer networks then they can just track down and shoot the customer responsible,
Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to