Wednesday, May 9, 2012

APIPA IP address in email tracking log when using Exchange 2010 DAG

One of our customers noticed a strange thing when investigating a tracking log for an email in Exchange 2010. The user that was sending the email had his mailbox hosted on a database member of a DAG. Instead of seeing the IP address of the DAG or mailbox server, it was a an APIPA address like:
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 12 Jan 2012 17:21:53 +0200

Googling the issue I found this article from TechNet Magazine. The problem is generated by the Windows Failover Cluster (WFC) component that is installed and configured automatically when you configure an Exchange 2010 DAG.

If that IP address bothers you, please read the above article.

Thursday, May 3, 2012

Change display name when sending emails via SMTP in Exchange 2010

Last week one of our clients that we are migrating from Exchange 2003 to Exchange 2010 had a interesting problem.
We configured for him a receive connector that allows open relay from certain IP addresses. Everything worked fine until he tried to change the display name when sending an email via SMTP. No matter what was set in the email header, when the recipient was receiving it, the display name of the email sender was the one that was defined in Active Directory. This is a normal behavior when you send an email in Exchange via SMTP with authentication but in this case there was no authentication configured.
If you search the internet for ways to configure open relay in Exchange 2010, you will notice (as specified on Microsoft web site that there are two ways to obtain that, and one of them is to configure the receive connector as Externally Secured. This option works fine but is not exactly an anonymous connection to the receive connector, in fact the SMTP connection is authenticated as one from an Exchange server.
To be able to change the display name for sender when sending SMTP via open relay in Exchange 2010 you need to configure the receive connector by allowing Relay Permission for Anonymous Connections, not by using the Externally Secured configuration. To obtain that use the following cmdlets

New-ReceiveConnector -Name "Anonymous Relay" -Usage Custom -PermissionGroups AnonymousUsers -Bindings -RemoteIpRanges
Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"