Anonymous Relay in Exchange 2007

• Print

Details

Category: Exchange

Sending mails from applications servers that don't support SMTP authentication in Exchange 2007 is easy.

Just build a custom receive connector, add your servers' ip addresses, in the "Network" tab, turn everything off in "Authentication" and allow "Anonymous users" in the "Permission Groups" tab.

That's it. .... most of the time.... 

Works great - except when it doesn't work. Like when your application also wants to mail to the rest of the world (And not just your own organization). That's called relaying - and is really, really bad if it happen without your knowledge. If you want to enable it for this connector you'll need to switch over to Powershell in the Exchange Management Shell and grant those pesky anonymous users the right to actually send to any recipient.

To do so, use the following script:

Get-ReceiveConnector "<your receive connector>" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"