I am reposting since I have not received any suggestions on this item.
I have been searching these forums for months trying to find the answer to this problem. When trying to send email through our server that comes either from an IP address that does not have reverse DNS or from an internal address, the server appears that it will authenticate the user, but does not accept the message. The console shows:
11/07/2007 10:56:58 AM SMTP Server [0E04:0008-0D4C] Connection from [192.168.1.107] rejected for policy reasons.
IP address of connecting host not found in reverse DNS lookup.
11/07/2007 10:56:58 AM SMTP Server: 192.168.1.107 connected
11/07/2007 10:56:58 AM SMTP Server: Authentication succeeded for user XXX/XXX ; connecting host 192.168.1.107
11/07/2007 10:56:58 AM SMTP Server: 192.168.1.107 disconnected. 0 message[s] received
It is as if the reverse DNS requirement is overriding the specific exceptions that I have set for both:
*Exclude these connecting hosts from anti-relay checks:
[192.168..]
and
*Exceptions for authenticated users:
Allow all authenticated users to relay
In the SMTP inbound site document, I have both Anonymous and Name & Password turned on for both TCP and SSL.
I have seen many posts that have similar problems, but have yet to find one with a solution.
Subject: SMTP inbound relay enforcements settings not working
Hi JimI am replying to your post along with a few other similar ones as there are quite a few people asking the same question with no replies.
It does seem the configuration “Exceptions for authenticated users” does not operate as expected, however even if it worked as expected, using the same server to provide authenticated relaying AND exchange SMTP mail (MX server) is bad practice.
Basically to support your users sending email you should provide a separate SMTP server where the SMTP port is 587 and the port is configured to allow authenticated users only. This would be the MSA server (as per Chris’s article in the link).
This MSA server would be configured to allow authenticated users to relay and not restrict connecting hosts to a specific range/pool of IP numbers.
The SMTP MSA server would be a separate server from your SMTP MX server (which listens on port 25, does not enforce authentication and has anti-relay controls configured).
Having two SMTP servers will allow roaming users using clients such as Outlook, Thunderbird, iPhone, etc. to send SMTP Mail by configuring them to send via the MSA server on port 587, (not via your MX server on port 25).
These users would receive email from whichever server you are happy to provide DMZ access and to run IMAP on. I guess this could be the MSA server if it has the disk space to hold replicas of their mail files.