I have an issue with sending mail via authenticated SMTP in a multi-server environment. My environment is as follows:
- 1x multi role server (hostname EX1)
- 2x mailbox server (hostnames MB1 and MB2)
All are running Exchange 2013. Now to begin, all three are very much in a default configuration, and all core functionality is working perfectly. I have no mailflow issues in or out from the client access server, and as long as one is only using typical
exchange connections, every mailbox on every server works fine. Activesync accounts on phones etc. work fine, RPC over HTTPS connections in Outlook work fine. My only issues is a recently discovered one.
For the first time, one of our users has a need to be able to set up their accounts using IMAP and SMTP rather than as an Exchange account. Let's just take this as a given rather than preaching around alternates as I've been left with no option but to get this
working.
One sets up an IMAP account in the typical way just fine. A single external DNS FQDN has been set up for our server which is used as both the IMAP server and the outgoing SMTP Server. The issue I experience is that when the mailbox that's being used to authenticate
exists on EX1, the client access server, it can send fine. When that mailbox is moved to MB1 or MB2 or indeed if any other mailbox on MB1 or MB2 is used it can no longer send. In both instances the IMAP portion continues to function without issue and the account
can receive mail, but cannot send.
When sending I have tried two alternatives:
- If I attempt to send with no authentication then, as I would expect, I receive an NDR stating that I am not allowed to relay.
- If I attempt to send with authentication on I receive password prompts and the sending account refuses to authenticate, even though I'm using known-good credentials, as all I have done is ticket the "use the same details for outgoing as for incoming" box with a working incoming connection as mentioned above
Now whilst my experience here is limited, for me the crux of this comes down to being able to authenticate for outgoing SMTP when the mailbox is on EX1, but NOT being able to authenticate for outgoing SMTP when the same mailbox is moved to MB1.
I'm guessing this is going to turn out to be something obvious, as it feels in my gut like it SHOULD be obvious, but I've been looking at it so long now that I just can't see it. I'm fairly certain from the above that the crux of the issue lies in authentication
when the mailbox is on a mailbox server rather than a client access server, but any thoughts on a specific possible cause would be great!
Many thanks in advance.