Email messages cannot be delivered to the Hub Transport server in an Exchange Server 2007 environment

This article discusses email messages that cannot be delivered to a Microsoft Exchange Server 2007 Hub Transport server in a remote site.��This issue occurs when new Receive connectors are configured to have anonymous permissions for an IP range that contains the IP address of the Hub Transport server. This scenario may be seen in an instance where the Exchange administrator wants to create a connector for other applications or systems to use the Hub Transport server for email messages that are processed by SMTP relay service.

Consider the following scenario:

• A Hub Transport server role is installed in a Microsoft Exchange Server 2007 environment.
• A Receive connector is configured for a whole IP range that contains the IP address for the remote Hub Transport server.

In this scenario, email messages cannot be delivered to the Hub Transport server.

This issue occurs because the appropriate authentication and permission groups are not configured on the Receive connector. A default Receive connector is created when the Hub Transport server is installed. The default Receive connector is configured to receive incoming connections from the whole IPv4 range (from 0.0.0.0 to 255.255.255.255) and IPv6 range (from 0:0:0:0:0:0:0:0 to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) with the appropriate authentication and permission groups. However, when the new Receive connector is configured to have an IP address range that contains the IP address of the Hub Transport server in a remote AD site, the Hub Transport server will use a new more specific Receive connector for transfer over the default Receive connector. Therefore, email messages cannot be delivered to the new Receive connector.

To resolve this issue, perform one of the following methods:�

Method 1

The IP address of the remote site Hub Transport server can be omitted from the IP ranges that are configured for the Receive connector.

For example, if the IP range of the remote site is from 192.168.10.1 to 192.168.10.255 and the Hub Transport server is assigned the IP address 192.168.10.20, you can configure the Receive connector from all IPs 192.168.10.1-192.168.10.19 and 192.168.10.21-192.168.10.255. This configuration omits the 192.168.10.20 address of the remote site Hub Transport server. Therefore, force to use the default Receive connector.

Method 2

Configure permissions of the Receive connector to make sure that Exchange servers have the appropriate authentication and permission groups to allow for transfer through the new receive connector.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

For more information about how to enable anonymous relay on a receive connector, visit the following Microsoft website: