IT Knowledge Base

Technical Repository

HowTo: Exchange 2013 – Receive Connector – Configure a SMTP Relay

1. Log into the Exchange Control Panel and navigate to Mail Flow > Receive Connectors.

2. Click the + icon to create a new receive connector.

Exchange 2013 Outbound Relay Recieve Connector 03

3. Under Name, type in Outbound Relay. Under Role, select Frontend Transport and under Type select Custom and click Next.

Exchange 2013 Outbound Relay Recieve Connector 04

4. By default this receive connector will bind to all of the network adapters on the server. You can modify this if needed.

Exchange 2013 Outbound Relay Recieve Connector 05

4. By default, the receive connector will accept mail from all IP Addresses. You can modify this as needed, i.e. lock it down to the internal network or a range of IP’s or specific servers that will be allowed to relay. Click Finish.

Exchange 2013 Outbound Relay Recieve Connector 06

5. Open the newly created Receive Connector and click Security. Check the box next to Anonymous Users.

Exchange 2013 Outbound Relay Recieve Connector 02

What happens when you place a check mark in the Anonymous users group in the above screenshot?  Although the Anonymous users check box is selected, you still will not be able to relay through this connector. Why?

When you place a check mark in that box, the following permissions are given to the Anonymous Logon group:

  • Ms-Exch-SMTP-Submit
  • Ms-Exch-SMTP-Accept-Any-Sender
  • Ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
  • Ms-Exch-Accept-Headers-Routing

So, as you can see, there is no Ms-Exch-SMTP-Accept-Any-Recipient permission added by default.  Because of this, users will NOT be able to relay off your Exchange Server by default.

To allow Anonymous users to use this connector for relaying, you must issue the following command:

Get-ReceiveConnector “Receive Connector Name” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

Exchange 2013 Outbound Relay Recieve Connector 01

The command should be easy enough to read, but what it essentially does is retrieve the receive connector that you created, add a permission into Active Directory for the Anonymous Logon group, and assign that group the Ms-Exch-SMTP-Accept-Any-Recipient permission for that group on that connector.  Once this is done, any server IPs you added to the Remote Network settings will be allowed to relay off your server utilizing port 25.



Leave a Reply