My Exchange 2010 server is configured to relay mail to a smart host. Basic authentication is required over TLS. For some reason, Exchange doesn't feel like logging in.
I see the following error message in the Queue Viewer:
451 4.4.0 Primary target IP address responded with: "451 5.7.3 Require basic authentication." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.
and the following in the Exchange SmtpSend protocol log:
<,220 smarthost.example.com ESMTP
>,EHLO exchange.example.net,
<,250-smarthost.example.com,
<,250-PIPELINING,
<,250-SIZE 10240000,
<,250-ETRN,
<,250-STARTTLS,
<,250-ENHANCEDSTATUSCODES,
<,250-8BITMIME,
<,250 DSN,
>,STARTTLS,
<,220 2.0.0 Ready to start TLS,
*,,Sending certificate
...
*,,Received certificate
...
>,EHLO exchange.example.net,
<,250-smarthost.example.com,
<,250-PIPELINING,
<,250-SIZE 10240000,
<,250-ETRN,
<,250-AUTH PLAIN,
<,250-AUTH=PLAIN,
<,250-ENHANCEDSTATUSCODES,
<,250-8BITMIME,
<,250 DSN,
>,QUIT,
<,221 2.0.0 Bye,
There doesn't appear to be anything wrong on the smart host -- Exchange is simply not attempting to authenticate.
Any ideas?
RFC4954 says:
Despite this requirement, Exchange 2010 does not support the
PLAINauthentication method -- the smart host must be configured to support theLOGINauthentication mechanism (which is not formally documented).