Error 530 5.7.1 Client was not authenticated when attempting to deliver a message.
| Article:TECH95299 | | | Created: 2009-01-30 | | | Updated: 2012-07-24 | | | Article URL http://www.symantec.com/docs/TECH95299 |
Problem
Unable to deliver email from a Brightmail Gateway to Exchange 2007 or 2010 mail server..
Symptoms
When attempting to deliver email to an Exchange 2007 or 2010 server from a Symantec Messaging Gateway appliance the email never delivers.
- In the message audit log the message displays an action of Deliver message normally
- Under the delivery the Delivered to is none
Performing a telnet communication from the appliance to the Exchange 2007 or 2010 server you receive error 530 5.7.1 client was not authenticated.
This is seen after the mail from: email@domain.com
Cause
By default, Exchange 2007 and 2010 only accepts secure, authenticated connections. The Symantec Messaging Gateway appliance is attempting to send email to the server without authenticating resulting in the message being rejected with a terminal 530 response.
Solution
Allow anonymous authentication email access to the Exchange server.
1. Open Exchange Management Console
2. Expand Server Configuration
3. Select Hub Transport
4. Under the "Receive Connectors" tab, right click on the connector that is used and select "Properties".
Note: The connector name usually starts with "Default", followed by the hostname of your exchange server. If you want to make sure it is the right connector or if there is more than one connector present in your configuration, then follow these steps to verify you are editing the right connector's settings:
- Right-click on the connector name and choose Properties, if not done so already
- Click on the Network tab
- Under the "Use these local IP addresses to receive mail" section, locate the entries that start with "All available IPv... " in the table
- Inside the "Port" column, make sure it has the value of "25". If this port value is different, then click "Cancel" and go back to the "Receive Connectors" tab and choose another connector and repeat these steps until you find a connector that has the port "25" listed under the "Port" column. This is the same SMTP port you configured on your Symantec Brightmail Gateway appliance for this mail server.
- If the port "25" is there, you can proceed to the next step - Permissions Group tab.
5. Select the tab "Permission Groups"
6. Check "Anonymous users"
If secure and authenticated communication is required by IT policy, the SBG appliance may be configured with a TLS client certificate to authenticate itself to the Exchange infrastructure.
For an explanation of the Transport permission's model please see:
Exchange 2007 Transport Permission's Model
http://technet.microsoft.com/en-us/library/aa997170.aspx
Information on configuring TLS client certificates can be found in the SBG appliance online help and in the Symantec Brightmail Gateway 8.0 Administration Guide.
References
http://technet.microsoft.com/en-us/library/aa997170.aspx
ftp://ftp.entsupport.symantec.com/pub/support/documentation/sbg_administration_guide.pdf
|
|
Related Articles
Legacy ID
2009073014432654
Article URL http://www.symantec.com/docs/TECH95299
Terms of use for this information are found in Legal Notices
Thank you.