Udostępnij za pośrednictwem

How to anonymously Relay in Exchange Server 2007/ 2010

  • Artykuł

Hello everyone,

In order to allow the Relay for an Internal Application, there are some simple steps that you should follow and that can be found below :

  1. Create a new Receive Connector, name it "TEST" or whatever you want, and then select "Custom" for the intended use for the receive connector.
  2. On the Local Network settings, leave it as is, because it will listen all local IP's on port 25.
  3. On the Remote Network Settings, clear 0.0.0.0-255.255.255.255, and then add the IP Address of the remote server that requires relaying permissions.
  4. Once the new Custom Receive Connector is created, go into the properties of this connector, go to the Permission Groups Tab and Add "Anonymous Users"

This is not everything. in order to activate the Anonymous users to relay via this connector, simply issue the following cmdlet :
Get-ReceiveConnector “TEST” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

The command should be easy enough to read, but what it essentially does is retrieve the receive connector that you created, add a permission into Active Directory for the Anonymous Logon group, and assign that group the Ms-Exch-SMTP-Accept-Any-Recipient permission for that group on that connector.

Now you may be thinking, why should I create this new connector?  Well, Exchange will always look to see how specific you are on a connector.  So let’s say we have a SharePoint Server at 192.168.119.150.  We would create a relay connector and allow ONLY 192.168.119.150 to relay.  So when Exchange receives SMTP from an address of 192.168.119.150, it will see there are a few connectors.  One being the Default Receive Connector and one being the Relay Connector.  The Default Receive Connector allows connections from any IP Address while the Relay Connector only allows connections from 192.168.119.150.  Because you explicitly set the address on your Relay Connector, that is given higher preference in serving that SMTP connection from SharePoint and your SharePoint Server will now be able to relay off of Exchange (even though you can configure SharePoint to authenticate, but still just giving an example). 

Thanks to Elan Shudnows for this nice description :)

Comments

  • Anonymous
    January 01, 2003
    Hi CR, Glad I could help ! Kind regards, João Ribeiro

  • Anonymous
    September 15, 2010
    Thanks... been trying to recall what step I was missing!

  • Anonymous
    July 07, 2011
    Hi, Thanks for the great article.  I was wondering if you could share how to do this on a 2 node CAS/HT NLB.  I already have it setup on our 2007 server but we are moving to Exchange 2010 sp1 shortly and I was hoping to find an article on how to load balance Anonymous Relay connectors.

  • Anonymous
    July 21, 2011
    Thanks so much!!! wow they want you to use powershell for everythign

  • Anonymous
    November 17, 2011
    That worked...  Thanks!!!

  • Anonymous
    June 26, 2012
    This was great!  After I ran the script above I was good to go!

  • Anonymous
    April 03, 2014
    Life saver, thanks

  • Anonymous
    June 24, 2015
    helped me... thx