This is very good practice, but sometimes you do want this functionality (for example I want my monitoring system to alert me by SMS which involves sending an email to to phone provider).
First, you're going to need a new internal IP address.. there might be ways around this, but this will minimise any security risks... you don't need another NIC, just add a second IP address to your existing one.
One you have that set up, go to Server Config – Hub Transport:
Edit Default Receive Connector to only listen on the OLD IP address.
Actions – New Receive Connector
Follow the wizard filling in the information:
Name: RelayConnector
Use: Custom
Local Network settings:
FQDN:
Remote Network Settings:
Then edit the new Receive Connector so nothing is ticked on the Authentication Tab
Then make sure Anonymous users is selected on the Permissions Groups tab
Once this is done, open up Exchange PowerShell and allow anonymous users to authenticate using:
Get-ReceiveConnector RelayConnector | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”
You should then be able to relay from you own subnet to external IPs.
I hope this tip helps you out... show your appreciation by clicking on an advert on the site.