Microsoft Exchange - Setting up Anonymous Relay

Microsoft Exchange – Setting up Anonymous Relay

Most internal networks have devices that need to be able to send email notifications. If an on-premises Exchange server exists it’s simple to set up Anonymous Relay so all you have to specify on the device is a mail server and a port.

For security purposes it’s best to create a separate Receive Connector then apply conditions to prevent unauthorized use.

New-Receive Connector -Name “AnonymousRelay” -usage Custom -Bindings ‘10.1.1.50:2025′ -FQDN server.domain.com -RemoteIPRanges 10.1.1.125 -Server EXCHANGESERVER -PermissionGroups AnonymousUsers

10.1.1.50 = the IP of the Exchange Server
:2025 = the custom port designated for this use
server.domain.com = the FQDN of your exchange server (exchange.continuum.com for example)10.1.1.125 = the IP of the device using this relay connector
EXCHANGESERVER = the hostname of your server

You can optionally go into the Send Connector and adjust the RemoteIPRanges to encompass your entire LAN so other devices can use this service.

Once the connector is created it needs to be modified to allow for Anonymous connectivity:

Get-ReceiveConnector AnonymousRelay | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

This last step is the most important. Without it even the setting “Anonymous Users” in the Permission Group does not work. I have never found a way to apply this setting without using the Power Shell.

By admin|2018-01-31T02:20:19-08:00May 27th, 2016|Microsoft Exchange|Comments Off

About the Author: admin

An IT Specialist with humble beginnings at an ISP here in BC in 1996. Since then WiReDWoLF has expanded his knowledge and expertise in many areas of the IT field and is proficient with networking, applications, servers, and general application of all of the above.