Recently I had an issue where our ticketing system was unable to relay email through our exchange servers to about 90 recipients in a distribution group. When I looked at the message tracking for the message in question it showed that it was being
explicitly discarded and had the event ID HADISCARD.
The suggested solution was to modify the 'MaxInboundConnectionPerSource' setting to 200, which I did for that receive connector across all of our exchange servers. Hopeful that would be the solution, today the same email was attempted to send from
our ticketing system through exchange and I see the same issue as before, the message has HADISCARD and ExplicitlyDiscarded in the tracking log.
In doing some research today, I see some users are stating that for a custom SMTP connector where an internal application needs to relay through exchange out to the internet, you should allow not only Anonymous Permission but also the Exchange Server permission.
To me that doesn't make sense but perhaps someone can explain that further to me.
I have confirmed that the message in question is using the custom SMTP Relay connector. Below is the output of get-receive connector for the connector in question. Perhaps someone can review this and let me know if it is in fact configured correctly.
Thanks in advance
[PS] C:\Windows\system32>Get-ReceiveConnector "smtp relay" |fl
RunspaceId : 6b843728-a2a6-4e21-afe3-ab5d430780fa
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
SmtpUtf8Enabled : False
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
ProxyEnabled : False
AdvertiseClientSettings : False
Fqdn : SERVER.domain.org
ServiceDiscoveryFqdn :
TlsCertificateName :
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : Unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 200
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 128 KB (131,072 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 35 MB (36,700,160 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, Custom
PipeliningEnabled : True
ProtocolLoggingLevel : Verbose
RemoteIPRanges : {172.16.0.0/16, 172.17.0.0/16, 172.18.0.0/16, 192.168.0.0/16}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : SERVER
TransportRole : FrontendTransport
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : SMTP Relay
DistinguishedName : CN=SMTP Relay,CN=SMTP Receive
Connectors,CN=Protocols,CN=SERVER,CN=Servers,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Domain,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=ghc911,DC=org
Identity : SERVER\SMTP Relay
Guid : 6c1e28d4-4aed-44c5-877a-4c3caf535cbc
ObjectCategory : domain.org/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 3/22/2018 10:28:00 AM
WhenCreated : 10/31/2017 10:20:11 AM
WhenChangedUTC : 3/22/2018 3:28:00 PM
WhenCreatedUTC : 10/31/2017 3:20:11 PM
OrganizationId :
Id : SERVER\SMTP Relay
OriginatingServer : DomainController.domain.org
IsValid : True
ObjectState : Unchanged
I'm not even supposed to be here today.