Exchange behind a filtered connection
On my previous blog (see here), I wrote an article on how to still be able to send email with Microsoft Exchange 2013 if your ISP is filtering your connection. Here’s a rewrite, with an Exchange 2019 installation.
The French ISP Orange is currently blocking every outgoing connection towards port 25 “in order to fight against SPAM”, with no option to disable this. See Here (fr) and Here (fr) for more info, along with this Wikipedia article (fr).
There’s two workaround: change the ISP or use a smarthost to relay every outgoing email. As I cannot (yet) switch ISP, I must use a smarthost to be able to send outgoing email. Luckily, I have an already set-up email server on a dedicated system outside my home.
Creating the connector
To be able to use a smarthost despite de port 25 being blocked, we must use the Exchange Management Shell to create a custom Send Connector using a custom port. The ECP doesn’t have the port option (yet ?).
The cmdlet is pretty straightforward:
$creds = Get-Credential
New-SendConnector -AddressSpaces * -Name "RelayHost" -RequireTLS $True -SmartHosts "<SmartHostIp>" -Port 587 -SmartHostAuthMechanism BasicAuth -AuthenticationCredential $creds -ProtocolLoggingLevel VerboseWe first get the SMTP Credentials (who owns an Open Relay in 2022?!), and then create the custom Send Connector using those credentials. Beware of the -Port 587 part of the cmdlet. This is where we tell the Send Connector to not use port 25 to relay our emails. We also enabled ProtocolLogging to be able to check if everything is working smoothly.
Checking if everything works
Now that our Send Connector is added and properly configured, we can send an email to any one we want. The fact that we use a residential IP with a non-configurable rDNS is not a problem since we use a RelayHost.
The logs are available at %ExchangeInstallDir%\TransportRoles\Logs\Hub\ProtocolLog\SmtpSend.
Once your email is sent, you should have some logs saying so:
#Fields: date-time,connector-id,session-id,sequence-number,local-endpoint,remote-endpoint,event,data,context
2022-09-06T13:17:41.618Z,RelayHost,08DA8FEA0CBD466E,0,,A.B.C.D:587,*,SendRoutingHeaders,Set Session Permissions
2022-09-06T13:17:41.618Z,RelayHost,08DA8FEA0CBD466E,1,,A.B.C.D:587,*,,attempting to connect
2022-09-06T13:17:41.638Z,RelayHost,08DA8FEA0CBD466E,2,E.F.G.H:20657,A.B.C.D:587,+,,
2022-09-06T13:17:41.702Z,RelayHost,08DA8FEA0CBD466E,3,E.F.G.H:20657,A.B.C.D:587,<,220 <SmartHostIp> ESMTP Postfix,
2022-09-06T13:17:41.702Z,RelayHost,08DA8FEA0CBD466E,4,E.F.G.H:20657,A.B.C.D:587,>,EHLO exchange19-host.myad.local,
2022-09-06T13:17:41.721Z,RelayHost,08DA8FEA0CBD466E,5,E.F.G.H:20657,A.B.C.D:587,<,250 <SmartHostIp> PIPELINING SIZE 40960000 VRFY ETRN STARTTLS ENHANCEDSTATUSCODES 8BITMIME DSN CHUNKING,
2022-09-06T13:17:41.721Z,RelayHost,08DA8FEA0CBD466E,6,E.F.G.H:20657,A.B.C.D:587,>,STARTTLS,
2022-09-06T13:17:41.740Z,RelayHost,08DA8FEA0CBD466E,7,E.F.G.H:20657,A.B.C.D:587,<,220 2.0.0 Ready to start TLS,
2022-09-06T13:17:41.740Z,RelayHost,08DA8FEA0CBD466E,8,E.F.G.H:20657,A.B.C.D:587,*, CN=exchange19-host CN=exchange19-host 0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF01234567 2022-01-27T15:25:28.000Z 2027-01-27T15:25:28.000Z exchange19-host;exchange19-host.myad.local,Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2022-09-06T13:17:41.826Z,RelayHost,08DA8FEA0CBD466E,9,E.F.G.H:20657,A.B.C.D:587,*," CN=<SmartHostIp> CN=XXX, O=XXX, C=US 0123456789ABCDEF0123456789ABCDEF 0123456789ABCDEF0123456789ABCDEF01234567 2022-08-21T19:20:27.000Z 2022-11-19T18:20:26.000Z <SmartHostIp>;mail.halo.fr;mail.viertuelle.fr;smtp.vwa.re",Remote certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2022-09-06T13:17:41.826Z,RelayHost,08DA8FEA0CBD466E,10,E.F.G.H:20657,A.B.C.D:587,*,,"TLS protocol SP_PROT_TLS1_2_CLIENT negotiation succeeded using bulk encryption algorithm CALG_AES_256 with strength 256 bits, MAC hash algorithm CALG_SHA_384 with strength 0 bits and key exchange algorithm CALG_ECDH_EPHEM with strength 384 bits"
2022-09-06T13:17:41.826Z,RelayHost,08DA8FEA0CBD466E,11,E.F.G.H:20657,A.B.C.D:587,*,0123456789ABCDEF0123456789ABCDEF01234567,Received certificate Thumbprint
2022-09-06T13:17:41.826Z,RelayHost,08DA8FEA0CBD466E,12,E.F.G.H:20657,A.B.C.D:587,>,EHLO exchange19-host.myad.local,
2022-09-06T13:17:41.845Z,RelayHost,08DA8FEA0CBD466E,13,E.F.G.H:20657,A.B.C.D:587,<,250 <SmartHostIp> PIPELINING SIZE 40960000 VRFY ETRN AUTH LOGIN PLAIN AUTH=LOGIN PLAIN ENHANCEDSTATUSCODES 8BITMIME DSN CHUNKING,
2022-09-06T13:17:41.845Z,RelayHost,08DA8FEA0CBD466E,14,E.F.G.H:20657,A.B.C.D:587,>,AUTH LOGIN,
2022-09-06T13:17:41.864Z,RelayHost,08DA8FEA0CBD466E,15,E.F.G.H:20657,A.B.C.D:587,<,334 <authentication information>,
2022-09-06T13:17:41.864Z,RelayHost,08DA8FEA0CBD466E,16,E.F.G.H:20657,A.B.C.D:587,>,<Binary Data>,
2022-09-06T13:17:41.883Z,RelayHost,08DA8FEA0CBD466E,17,E.F.G.H:20657,A.B.C.D:587,<,334 <authentication information>,
2022-09-06T13:17:41.883Z,RelayHost,08DA8FEA0CBD466E,18,E.F.G.H:20657,A.B.C.D:587,>,<Binary Data>,
2022-09-06T13:17:42.111Z,RelayHost,08DA8FEA0CBD466E,19,E.F.G.H:20657,A.B.C.D:587,<,235 2.7.0 Authentication successful,
2022-09-06T13:17:42.112Z,RelayHost,08DA8FEA0CBD466E,20,E.F.G.H:20657,A.B.C.D:587,*,,sending message with RecordId 4243427688450 and InternetMessageId <f9ae3402547147cc924d1b4a1c92d06c@rooteur.net>
2022-09-06T13:17:42.112Z,RelayHost,08DA8FEA0CBD466E,21,E.F.G.H:20657,A.B.C.D:587,>,MAIL FROM:<myuser@myrealdomain.com> SIZE=4537,
2022-09-06T13:17:42.112Z,RelayHost,08DA8FEA0CBD466E,22,E.F.G.H:20657,A.B.C.D:587,>,RCPT TO:<someone@example.com>,
2022-09-06T13:18:12.163Z,RelayHost,08DA8FEA0CBD466E,23,E.F.G.H:20657,A.B.C.D:587,<,250 2.1.0 Ok,
2022-09-06T13:18:12.191Z,RelayHost,08DA8FEA0CBD466E,24,E.F.G.H:20657,A.B.C.D:587,<,250 2.1.5 Ok,
2022-09-06T13:18:12.192Z,RelayHost,08DA8FEA0CBD466E,25,E.F.G.H:20657,A.B.C.D:587,>,BDAT 1819 LAST,
2022-09-06T13:18:12.215Z,RelayHost,08DA8FEA0CBD466E,26,E.F.G.H:20657,A.B.C.D:587,<,250 2.0.0 Ok: 1819 bytes queued as 4554E67E68C1,
2022-09-06T13:18:12.217Z,RelayHost,08DA8FEA0CBD466E,27,E.F.G.H:20657,A.B.C.D:587,>,QUIT,
2022-09-06T13:18:12.236Z,RelayHost,08DA8FEA0CBD466E,28,E.F.G.H:20657,A.B.C.D:587,<,221 2.0.0 Bye,
2022-09-06T13:18:12.236Z,RelayHost,08DA8FEA0CBD466E,29,E.F.G.H:20657,A.B.C.D:587,-,,Local