This is a default setting so the permissions on the Receive Connector have to be changed. However, only messages for recipients whose SMTP domain is an an Accepted Domain in the Exchange organization are accepted at this point. Relay AddADPermission User NT AUTHORITY ExtendedRights Ms-Exch-SMTP. This command will create a new Receive Connector, bind it to the IP address 10.19.67.33 (this should be on the network card of the server of course) and allow the IP address 10.19.67.201 to submit SMTP messages anonymously.
New-ReceiveConnector –Name “Relay Connector (EXCH01)” –usage Custom –Bindings 10.19.67.33:25 –FQDN –RemoteIPRanges 10.19.67.201 –Server ServerName –PermissionGroups AnonymousUsers To create the new Receive Connector use the following command in the Exchange Management Shell: This IP address can have an easy to remember FQDN like I always recommend not to change the default receive connectors with the exception of setting Anonymous Users on the Permission Groups to allow other SMTP hosts to submit messages as well.įor relaying SMTP messaging I normally recommend to use an additional Receive Connector with an additional IP address on the server. Default Receive Connector – used to receive SMTP messages on port 25 from other Exchange Hub Transport Servers or the Edge Transport Server.This is authenticated SMTP and the connector is using port 587 for this Client Receive Connector – used by end users with an SMTP client that want to send out messages.Next, allow anonymous users to relay.When an Exchange 2010 Hub Transport Server is installed two Receive Connectors are automatically created: The big difference from the previous approach is we’re not treating the host as trusted. However, we’re still restricting it to a particular IP address- 192.168.1.100. Notice, we’ve left out the AuthMechanism parameter in the above command. New-ReceiveConnector -Name Rela圜onnector -usage Custom -Bindings ’192.168.1.17:25′ -fqdn -RemoteIPRanges 192.168.1.100 -server MYEXCHANGESERVER -permissiongroups AnonymousUsers If you want it to be more secure, you can create a Receive Connector with PermissionGroups set to AnonymousUsers: Going back to Exchange Server 2003, this is somewhat similar to adding the sending host’s address to Connection Filtering‘s Global Accept list.Ī better, more secure way to allow relaying Because Exchange treats all hosts specified in RemoteIPRanges as trusted, it doesn’t apply anti-spam filters, doesn’t enforce message size limits, resolves P2 headers, and allows sending on behalf of users. This also bypasses all security for messages received from that IP address. im having a problem with a smtp relay queue spiking in the mornings, (which isnthe problem) the problem is is i would like to be able to monitor (get email notifications and such) about the amount of emails, the time the spike starts and ends. When you select ExternalAuthoritative for authentication, you’re telling Exchange that you completely trust the IP address(es) or subnets specified in the RemoteIPRanges parameter (192.168.1.100) and you have another authentication mechanism outside of Exchange, such as IPSec, to authenticate. Exchange 2010 Smtp Relay monitoring Posted by dustincassells. Allows only the host with the IP address 192.168.1.100 to connect to it (specified by the RemoteIPRanges parameter)Īdditionally, and most importantly, it assigns the ExchangeServers permission group to it, and disables authentication.Binds the Receive Connector to port 25 on IP address 192.168.1.17.Creates a new Receive Connector called Rela圜onnector.New-ReceiveConnector -Name Rela圜onnector -usage Custom -Bindings ’192.168.1.17:25′ -fqdn -RemoteIPRanges 192.168.1.100 -server MYEXCHANGESERVER -permissiongroups ExchangeServers -AuthMechanism ‘TLS, ExternalAuthoritative’ With the new IP address added to the Exchange server – let’s say it is 192.168.1.17, and your app server, device or copier that needs to relay is 192.168.1.100, fire up Exchange shell and use the following command: