Allow Anonymous Relay on a Receive Connector

One of those things you do once a year and think, how did i do that the last time?

Set up your receive connector:

Use the EMC to create the Receive connector

---

1. Perform one of the following steps:
   
   1. To create a Receive connector on a computer that has the Edge Transport server role installed, select Edge Transport, and then in the work pane, click the Receive Connectors tab.
   2. To create a Receive connector on a Hub Transport server role, in the console tree, expand Server Configuration and select Hub Transport. In the result pane, select the server on which you want to create the connector, and then click the Receive Connectors tab.
2. In the action pane, click New Receive Connector. The New Receive Connector wizard starts.
3. On the Introduction page, follow these steps:
   
   1. In the Name field, type a meaningful name for this connector. This name is used to identify the connector.
   2. In the Select the intended use for this Receive connector field, select Custom.
   3. Click Next.
4. On the Local Network settings page, follow these steps:
   
   1. Select the existing All Available IPv4 entry, and then click .
   2. Click Add. In the Add Receive Connector Binding dialog box, select Specify an IP address. Type an IP address assigned to a network adapter on the local server that's best able to communicate with the remote messaging server. In the Port field, type 25, and then click OK. Leave the Specify the FQDN this connector will provide in response to HELO or EHLO field blank.
   3. Click Next.
5. On the Remote Network settings page, follow these steps:
   
   1. Select the existing 0.0.0.0 - 255.255.255.255 entry, and then click .
   2. Click Add or the drop-down arrow located next to Add and type the IP address or IP address range for the remote messaging server or servers that are allowed to relay mail on this server. When you're finished entering the IP addresses, click OK.
   3. Click Next.
6. On the New Connector page, review the configuration summary for the connector. If you want to modify the settings, click Back. To create the Receive connector by using the settings in the configuration summary, click New.
7. On the Completion page, click Finish.
8. In the work pane, select the Receive connector that you created.
9. Under the name of the Receive connector in the action pane, click Properties to open the Properties page.
10. Click the Permission Groups tab. Select Anonymous users.
11. Click OK to save your changes and exit the Properties page.

Use the Shell to create the Receive connector

---

This example uses the New-ReceiveConnector cmdlet to create the Receive connector Anonymous Relay that listens on local IP address 10.2.3.4 on port 25 from a source server at IP address 192.168.5.77.

Copy

New-ReceiveConnector -Name "Anonymous Relay" -Usage Custom -PermissionGroups AnonymousUsers -Bindings 10.2.3.4:25 -RemoteIpRanges 192.168.5.77

For detailed syntax and configuration information, see New-ReceiveConnector.

Use the Shell to grant relay permission to anonymous connections on the new Receive connector

---

Note:
You can't use the EMC to perform this task.

This example retrieves the specified Receive connector information and pipes the result to the Add-ADPermission cmdlet to grant relay permission to anonymous connections on the new Receive connector.

Copy

Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

For detailed syntax and configuration information, see Get-ReceiveConnector or Add-ADPermission.

Use the EMC to create the Receive connector as externally secured

---

1. Perform one of the following steps:
   
   1. To create a Receive connector on a computer that has the Edge Transport server role installed, select Edge Transport, and then in the work pane, click the Receive Connectors tab.
   2. To create a Receive connector on a Hub Transport server role, in the console tree, expand Server Configuration and select Hub Transport. In the result pane, select the server on which you want to create the connector, and then click the Receive Connectors tab.
2. In the action pane, click New Receive Connector. The New Receive Connector wizard starts.
3. On the Introduction page, follow these steps:
   
   1. In the Name field, type a meaningful name for this connector. This name is used to identify the connector.
   2. In the Select the intended use for this Receive connector field, select Custom.
   3. Click Next.
4. On the Local Network settings page, follow these steps:
   
   1. Select the existing All Available entry, and then click .
   2. Click Add. In the Add Receive Connector Binding dialog box, select Specify an IP address. Type an IP address assigned to a network adapter on the local server that's best able to communicate with the remote messaging server. In the Port field, type 25, and then click OK. Leave the Specify the FQDN this connector will provide in response to HELO or EHLO field blank.
   3. Click Next.
5. On the Remote Network settings page, follow these steps:
   
   1. Select the existing 0.0.0.0 - 255.255.255.255 entry, and then click .
   2. Click Add or the drop-down arrow located next to Add and type the IP address or IP address range for the remote messaging server or servers that are allowed to relay mail on this server. When you're finished entering the IP addresses, click OK.
   3. Click Next.
6. On the New Connector page, review the configuration summary for the connector. If you want to modify the settings, click Back. To create the Receive connector by using the settings in the configuration summary, click New.
7. On the Completion page, click Finish.
8. In the work pane, select the Receive connector that you created.
9. Under the name of the Receive connector in the action pane, click Properties to open the Properties page.
10. Click the Permission Groups tab. Select Exchange servers.
11. Click the Authentication tab. Select Externally Secured (for example, with IPsec).
12. Click OK to save your changes and exit the Properties page.

Use the Shell to create the Receive connector as externally secured

---

This example creates the Receive connector Anonymous Relay that listens on local IP address 10.2.3.4 on port 25 from a source server at IP address 192.168.5.77.

Copy

New-ReceiveConnector -Name "Anonymous Relay" -Usage Custom -AuthMechanism ExternalAuthoritative -PermissionGroups ExchangeServers -Bindings 10.2.3.4:25 -RemoteIpRanges 192.168.5.77

For detailed syntax and configuration information, see New-ReceiveConnector.

Source