1. Log into the Exchange Control Panel and navigate to Mail Flow > Receive Connectors.
2. Click the + icon to create a new receive connector.
3. Under Name, type in Outbound Relay. Under Role, select Frontend Transport and under Type select Custom and click Next.
4. By default this receive connector will bind to all of the network adapters on the server. You can modify this if needed.
4. By default, the receive connector will accept mail from all IP Addresses. You can modify this as needed, i.e. lock it down to the internal network or a range of IP’s or specific servers that will be allowed to relay. Click Finish.
5. Open the newly created Receive Connector and click Security. Check the box next to Anonymous Users.
What happens when you place a check mark in the Anonymous users group in the above screenshot? Although the Anonymous users check box is selected, you still will not be able to relay through this connector. Why?
When you place a check mark in that box, the following permissions are given to the Anonymous Logon group:
So, as you can see, there is no Ms-Exch-SMTP-Accept-Any-Recipient permission added by default. Because of this, users will NOT be able to relay off your Exchange Server by default.
To allow Anonymous users to use this connector for relaying, you must issue the following command:
Get-ReceiveConnector “Receive Connector Name” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”
The command should be easy enough to read, but what it essentially does is retrieve the receive connector that you created, add a permission into Active Directory for the Anonymous Logon group, and assign that group the Ms-Exch-SMTP-Accept-Any-Recipient permission for that group on that connector. Once this is done, any server IPs you added to the Remote Network settings will be allowed to relay off your server utilizing port 25.