cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Hybrid Exchange change of SMTP relay connector

Anton5032
Copper Contributor

‎May 28 2020 06:03 PM - edited ‎May 28 2020 06:50 PM

‎May 28 2020 06:03 PM - edited ‎May 28 2020 06:50 PM

Hybrid Exchange change of SMTP relay connector

Hi All

 

So we have Hybrid Exchange environment, with few 2010 Exchange boxes on-prem, 1x Exchange 2016 on-prem (as the hybrid) and O365 tenant.

Until now we were using one of the EX2010 boxes as main smtp relay and it`s working great. Now we want to switch that role and move it to the hybrid 2016 Exchange. To beused by the internal scan2email, apps, etc for sending anonym.

All FW rules are configured correctly.

The ext IP address of the 2016 box is added as trusted connector in EXO

I have send/recieve connectors configured on the 2016 box

 

The problem:

 

If I go and test telnet (EXO ext IP) 25 - from within the EX2010 box, I got connection and response and all is nice and shiny

 

If I try to do the same from the hybrid 2016 box - got connection open and blank screen. Stays for about 60 seconds and then Connection closed. No need to say that it is not forwarding anything if I try lets sat scan2email from one of the printers.

 

I found in the logs some errors saying socket error - but it doesnt make sense because the fw shows all connections as allowed and as I said the fw rules are the same for EX2010 and EX2016 boxes, the difference is that they are presented with different ext IPs, but both of them added as trusted in EXO Admin

 

Any ideas? I cant find any other reason why it would not establish smtp connection to the EXO ?

11.9K Views
0 Likes
5 Replies
Reply
5 Replies
PeterRising

‎May 29 2020 12:56 AM

‎May 29 2020 12:56 AM

Re: Hybrid Exchange change of SMTP relay connector

@Anton5032 

 

Hmm, that's interesting.  Are you able to share a screenshot of the receive connector you have created on your Exchange 2016 server please?

 

Also, could you share the socket error you are seeing too?

0 Likes
Reply
Anton5032

‎Jun 01 2020 06:36 PM

‎Jun 01 2020 06:36 PM

Re: Hybrid Exchange change of SMTP relay connector

@PeterRisingthanks for the reply

this is the receive connector (screenshot) and under security we have marked ONLY - Anonymous

Scoping is the internal printer network

Anton5032_0-1591061635922.png

 

Looks like the receive connector on the Exchange 2016 is ok, but then if try to open SMTP 25 to Outlook.office.com from the Exchange 2016 all I am getting is blank screen and nothing else. When I try to do the same from the old 2010 Exchange box it all works perfectly. As I said on the FW both boxes have identical rules. Not sure why EXCH2016 -> Outlook.office.com:25 not working

0 Likes
Reply
best response confirmed by Anton5032 (Copper Contributor)
PeterRising

‎Jun 01 2020 10:44 PM - edited ‎Jun 01 2020 10:47 PM

‎Jun 01 2020 10:44 PM - edited ‎Jun 01 2020 10:47 PM

Solution

Re: Hybrid Exchange change of SMTP relay connector

@Anton5032 

 

Whenever I setup a connector for this purpose on an Exchange 2016 Server, I always set the security tab options as follows;

 

Screenshot 2020-06-02 at 06.42.46.png

I would definitely double and triple check your firewall rules too.  Do you definitely have the Exchange Online IP's all allowed for the Exchange 2016 server?

1 Like
Reply
Anton5032

‎Jun 02 2020 03:16 PM

‎Jun 02 2020 03:16 PM

Re: Hybrid Exchange change of SMTP relay connector

@PeterRising 

THANK YOU!

 

That definitely did the trick, although now it looks like whoever created the send connector didnt do the work right - it is only relaying emails to internally and if try to send externally (ie: gmail) - nothing happens.

I can see there is a separate send connector for that 2016 box and another one which serves the on-prem (which obviously works fine at the moment). So, I am not sure how the 2016 send must looking.

Current config:

 

delivery:

Route via smart hosts (address of our securemx)

Smart host auth: NONE

 

Scoping:

Address Space - SMTP *

Source server: ADDRESS of the 2016 Exch box

 

 

Any help will be greatly appreacited!

 

 

0 Likes
Reply
Anton5032

‎Jun 04 2020 02:01 PM

‎Jun 04 2020 02:01 PM

Re: Hybrid Exchange change of SMTP relay connector

Found the problem!

 

FW issue - someone forgot to fix the src ip masq and the requests were going with the default ext ip instead the dedicated one

 

Thanks for the help!

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Anton5032 (Copper Contributor)
PeterRising

‎Jun 01 2020 10:44 PM - edited ‎Jun 01 2020 10:47 PM

‎Jun 01 2020 10:44 PM - edited ‎Jun 01 2020 10:47 PM

Solution

Re: Hybrid Exchange change of SMTP relay connector

@Anton5032 

 

Whenever I setup a connector for this purpose on an Exchange 2016 Server, I always set the security tab options as follows;

 

Screenshot 2020-06-02 at 06.42.46.png

I would definitely double and triple check your firewall rules too.  Do you definitely have the Exchange Online IP's all allowed for the Exchange 2016 server?

View solution in original post

1 Like
Reply