I'm trying to set up my Exchange 2010 Server to receive external emails, but the only way I have gotten this to work is by enabling anonymous authentication in my receive connector, which causes the server to be an open relay. This then results in my server getting blacklisted and then used by spammers. I've tried looking for solutions to enable receive of external mail, but they all state I should just do the above. The spam messages filled my message queue up so much, its just killed the server so that is not an option. I'll continue looking for a solution, but any help from here would be greatly appreciated. Thanks

By default ticking the anonymous access on the receive connector will not make the server an anonymous relay. Could you please type the following and post the results Get-ReceiveConnector | FL This will give us a better idea of how the connector is set up and why it is acting as a relay.Matt Cline - MCSE+M, MCITP: EA | EMA (2007, 2010) | Lync 2010 Blog: exchangeadventures.com

You need anonymous on there so that Exch will accept emails from the outside world, other you wont receive email. Select anonymous, this wont make your server an open relay. This is the default permission. It's only open relay if you allow this add permission. - http://technet.microsoft.com/en-us/library/bb232021.aspx Sukh If I do that in the Server Configurations > Hub Transport > Default > and click it. Instantly when I check my mail server status with mxtoolbox.com, it reports my server to be an open relay. When I unchecked it, it reports it all as being OK. Am I missing something else?

Have you checked that add permission in that KB I provided. You could always create a new connector using the wizard for the internet, disable the existing and test again, this would have the default permissions - http://technet.microsoft.com/en-us/library/bb125159.aspxSukh

Can you relay, telnet from the outside world and try.Sukh

Can you relay, telnet from the outside world and try. Sukh With the Anonymous Users UNchecked, I can the following message MAIL FROM:user@gmail.com 530 5.7.1 Client was not authenticated With the Anonymous User option in my receive connector check, I get a successful message, so it looks like I can relay. MAIL FROM:test@gmail.com 250 2.1.0 Sender OK RCPT TO:test@huawei.com 250 2.1.5 Recipient OK DATA 354 Start mail input; end with <CRLF>.<CRLF> test is a test . 250 2.6.0 <ba623e62-59d5-4a9b-b4fd-135eb6c87f02@WIN-XXXX.XXXXcom> [InternalId=49] Queued mail for delivery exit

Just a quick advise http://www.mxtoolbox.com can do the smtp relay test for you, just to verify that it's not open for relay Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82

Just a quick advise http://www.mxtoolbox.com can do the smtp relay test for you, just to verify that it's not open for relay Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82 Thanks, I use that site all the time. Which brings me to my problem. I want to be able to sent and receive emails from external users (ie gmail, yahoo, etc). I can send to them fine. When I check Anonymous Users in my receive connectors, I can receive external emails but mxtoolbox reports me as being an open relay. When I uncheck it, my server is no longer an open relay, but I am unable to receive emails from external users.

MAIL FROM:test@gmail.com 250 2.1.0 Sender OK RCPT TO:test@huawei.com Is @huawei.com your internal domain?Sukh

No, its also external.

Get an output of the all the permissions on that connector, double check the permission thereSukh

hi, Use the cmd: get-adpermission -identity your receive connector name | select identity,user,extendedrights,deny >C:\file name.txt. You will get all the permission about the connector. Check the permission:NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient" See whether it is true or appear in the txt file. If the permission isn't true, the open relay should be closed. hope can help you thanks,CastinLu TechNet Community Support

Just dump all the permissions and see if you can see the anonymous permission. Confirm you only have 2 receive connectors?Sukh

I have 2 receive connectors set up. The standard client one and then another for the internet. On the receive for the internet, when I have the anonymous user in the permission tab checked, I see this the following anonymous permissions in the logs: [IDENTITY]\Internet R... NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Accept-Autho... False [IDENTITY]\Internet R... NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Accept-Any-S... False [IDENTITY]\Internet R... NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Submit} False [IDENTITY]\Internet R... NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-Accept-Headers-Ro... False With the above, mxtoolbox reports my server as being an open relay. I don't see the Ms-Exch-SMTP-Accept-Any-Recipient for NT AUTHORITY\ANONYMOUS LOGON

Do you just have the 1 Exch server? Anything in front of your server like a Edge or Gateway?Sukh

Do you just have the 1 Exch server? Anything in front of your server like a Edge or Gateway? Sukh No, this is all on just a basic low traffic server running 2008RC2 with exchange 2010 installed on it.

Is this a SBS server?Sukh

Is this a SBS server? Sukh Just a standard Dell server. Not used for business, used for a lot of functionality testing.

hi, You have a lot of functionality on the server, so it should affect your exchange. Do you have another mail service on the server? It is not recommended that install exchange on that server. So my suggestion is that disable all function then see if you still meet the issue. hope can help you thanks,CastinLu TechNet Community Support

hi, You have a lot of functionality on the server, so it should affect your exchange. Do you have another mail service on the server? It is not recommended that install exchange on that server. So my suggestion is that disable all function then see if you still meet the issue. hope can help you thanks, CastinLu TechNet Community Support I currently have Exchanged, DNS, Active Directory Services, Fire Services, and IIS installed with no issues. Are you saying the problem I'm having is due to having to many functions on my server? Is the only solution to get another server to relay specifically off of?

hi, If you only have these functions on your server, it should not affect your exchange. At least it will not cause the issue. How about PS CL's suggestion, can it fix your issue? hope can help you thanks,CastinLu TechNet Community Support

When you run get-accepteddomain, what domains do you have listed? If you have a misconfiguration on your accepted domains list, such as *.com as an accepted domain, Exchange may act as an open relay. You were right. I checked my accepted domains and had an open * causing the relay. I took off that accepted domain and now I can receive emails from external addresses without being an open relay. Gmail is still blocking my IP, and yahoo isn't receive any of the mail now, but I feel like those are different issues. The Gmail one should correct itself now that my ip is no longer an open relay or on blacklist. Not sure why yahoo isn't accepting email but I can receive from yahoo. Hotmail accepts and Sends emails successfully. Thanks for the help guys