How to Setup Anonymous Relay for Exchange

Last Review: August 8, 2010
Product(s): Exchange 2007 / 2010

When you have scenarios such as scanner/copiers that must send to external recipients, setup a Receive Connector with anonymous permissions. This configuration is not required to send to internal users. Be sure to limit the from IP addresses to just the copier devices, or you have an open relay that if compromised could cause blacklisting and the inability to send e-mail.

1. Open Exchange Management Console, Server Configuration, and Hub Transport.

2. Click "New Receive Connector" to start the wizard and on the first page enter a suitable name such as Copiers, then select "Custom" from the drop-down menu. Configure the connector with Authentication settings of only "Anonymous Users" allowed, then in the "Network" section just add the IP addresses of the devices you wish to allow anonymous relay rights.

3. Enter the following through the Exchange Management Shell:
   
   Get-ReceiveConnector "connector name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

4. In Services, restart the Microsoft Exchange Transport Service for the changes to take affect and test.