Eu tenho um servidor Exchange 2010 que nega logins SMTP em um conector de recebimento separado sem nenhum motivo claro. Para um groupware eu tenho que habilitar o "login de autenticação" no conector de recebimento. Os grupos "Autenticação básica" e "Usuários do Exchange" estão habilitados no conector de recebimento.
[PS] C:\Windows\system32>Get-ReceiveConnector -Identity "*MAILRELAY NAME REMOVED" | fl
RunspaceId : b578795d-0460-41eb-87b8-e7b223867968
AuthMechanism : BasicAuth
Banner :
BinaryMimeEnabled : True
Bindings : {*IP-ADDRESS REMOVED*:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : *FQDN REMOVED*
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : ExchangeUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {*IP-ADDRESS REMOVED*}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : *HOSTNAME REMOVED*
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : *MAILRELAY NAME REMOVED*
DistinguishedName : CN=*MAILRELAY NAME REMOVED*,CN=SMTP Receive Connectors,CN=Protocols,CN=*HOSTNAME REMOVED,CN=Serv
ers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Grou
ps,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,D
C=*DOMAIN NAME REMOVED*,DC=local
Identity : *HOSTNAME REMOVED*\*MAILRELAY NAME REMOVED*
Guid : ea8993a2-85df-45fb-81ec-ccc09630f2a2
ObjectCategory : *DOMAIN NAME REMOVED*.local/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 30.10.2018 15:16:45
WhenCreated : 30.10.2018 14:07:02
WhenChangedUTC : 30.10.2018 14:16:45
WhenCreatedUTC : 30.10.2018 13:07:02
OrganizationId :
OriginatingServer : *FQDN REMOVED*
IsValid : True
Uma amostra do log stmp-receive é lida da seguinte forma:
220 *FQDN REMOVED* Microsoft ESMTP MAIL Service ready at Tue, 30 Oct 2018 14:37:03 +0100",
ehlo test,
250-*FQDN REMOVED* Hello [*IP-ADDRESS REMOVED*],
250-SIZE 10485760,
250-PIPELINING,
250-DSN,
250-ENHANCEDSTATUSCODES,
250-AUTH LOGIN,
250-8BITMIME,
250-BINARYMIME,
250 CHUNKING,
auth login,
334 <authentication response>,
334 <authentication response>,
Inbound AUTH LOGIN failed because of LogonDenied
User Name: *USERNAME REMOVED*
Tarpit for '0.00:00:05',
535 5.7.3 Authentication unsuccessful,
Eu tentei até agora:
Get-ReceiveConnector -Identity "*MAILRELAY NAME REMOVED*" | Add-ADPermission -User "*USERNAME REMOVED*" -ExtendedRights ms-Exch-SMTP-Submit
) e verificadas se estão no lugar Get-ReceiveConnector -Identity "*MAILRELAY NAME REMOVED" | Get-ADPermission | ft ExtendedRights,User,Deny
), não é. Quaisquer pensamentos são apreciados.
Como os logs de groupware parecem ser de alguma forma imprecisos ou mal formatados, aqui está minha sessão de telnet para referência futura.
220 *FQDN REMOVED* Microsoft ESMTP MAIL Service ready at Wed, 31 Oct 2018 11:14:57 +0100
ehlo test
250-*FQDN REMOVED* Hello [*IP REMOVED*]
250-SIZE 10485760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN
250-8BITMIME
250-BINARYMIME
250 CHUNKING
auth login
334 VXNlcm5hbWU6
*BASE64 ENCODED USERNAME* ([email protected])
334 UGFzc3dvcmQ6
*BASE64 ENCODED PASSWORD*
535 5.7.3 Authentication unsuccessful
Tags smtp-auth exchange-2010