1

I have a Windows 2012 web server that is connected to a company's VPN (vpn.company.com) to access network resources and needs to send emails to users of that company as well.

When the web server is not connected to the VPN, emails can be sent to anyone successfully. However, as soon as I initiate the VPN connection, any user with an @company.com email will not receive the email. Sending to another domain works just fine.

The Badmail directory consistently has this error message: Diagnostic-Code: smtp;550 5.7.1 Unable to relay for user@company.com.

I also have split tunneling enabled so the server is publicly accessible on the Internet and has the VPN connection.

tiki_master
  • 11
  • 2
  • I sense that there's a question here, yet you haven't asked one. My guess as to the source of your problem, however, is a hairpin NAT issue. – HopelessN00b May 06 '14 at 17:38
  • Is the web server the SMTP mail server itself, or does it relay to another smarthost for that domain? Is that badmail message on the webserver or another SMTP server? – TheCleaner May 06 '14 at 18:03
  • @TheCleaner Yes, they are both on the same server. – tiki_master May 06 '14 at 18:09
  • Is the web server itself initiating the email or is it an app from somewhere else? If it's an app...what IP/hostname is the app using to connect to the SMTP server? – TheCleaner May 06 '14 at 18:18
  • @TheCleaner The web app on the web server is generating the email. I'm using the standard System.Net.Mail and using 127.0.0.1 as the SmtpServer address. In the SMTP server settings I have it set so 127.0.0.1 can relay. – tiki_master May 06 '14 at 18:37
  • From the web server, while connected to the VPN, can you open an elevated Command Prompt and type NSLOOKUP... then type set q=mx... then type the domain name that you are having trouble sending to... now go to mxtoolbox.com and put in the domain there... compare the MX records and make sure the web server see's the same MX records when connected to the VPN as the MXtoolbox records. Make sure to close the VPN tunnel before you do the MXTOOLBOX.COM check. Let me know the results then we can proceed from there. – Brad Bouchard May 06 '14 at 19:02
  • `In the SMTP server settings I have it set so 127.0.0.1 can relay.` Try setting it to allow the VPN address or all addresses to relay and see if that fixes it. If so, you can go from there to determine how best to configure it going forward. – joeqwerty May 06 '14 at 19:31

1 Answers1

1

As relay is denied, I guess it tries to connect to the SMTP server through VPN, and the SMTP server (@company.com) denies the connection because it does not come from the Internet.

Try using a smarthost on the Internet for this delivery domain.

MichelZ
  • 11,068
  • 4
  • 32
  • 59
  • Hmm, you think? That would be a weird mail setup, that accepts mail form the internet, but not from the local LAN, would it not? – HopelessN00b May 06 '14 at 17:53
  • why not? Exchange does that by default. He does get a relay denied message after all, so it connects to some SMTP server. – MichelZ May 06 '14 at 19:23