Monday, 4 April 2011

Setting up Exchange 2010 to relay

By default, Exchange 2010 is locked down to stop unauthenticated users sending out emails to the Internet.
This is very good practice, but sometimes you do want this functionality (for example I want my monitoring system to alert me by SMS which involves sending an email to to phone provider).


First, you're going to need a new internal IP address.. there might be ways around this, but this will minimise any security risks... you don't need another NIC, just add a second IP address to your existing one.


One you have that set up, go to Server Config – Hub Transport:

Edit Default Receive Connector to only listen on the OLD IP address.

Then:  

Actions – New Receive Connector

Follow the wizard filling in the information:

Name: RelayConnector
Use: Custom

Local Network settings:
FQDN:

Remote Network Settings:

Then edit the new Receive Connector so nothing is ticked on the Authentication Tab

Then make sure Anonymous users is selected on the Permissions Groups tab


Once this is done, open up Exchange PowerShell and allow anonymous users to authenticate using:

Get-ReceiveConnector RelayConnector | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

You should then be able to relay from you own subnet to external IPs.

I hope this tip helps you out... show your appreciation by clicking on an advert on the site.