How to configure anonymous relay connector that also bypasses distribution group authentication setting "Only senders inside my organization" ?
Can you configure the application to connect to TCP 587 and authenticate?
August 14th, 2015 3:50am

I've created a relay receive connector that allows anonymous users, scoped it to my application server IP's and even ran the powershell command to allow the ANONYMOUS logon the ms-Exch-SMTP-Accept-Any-Recipient permission.

All is working well except when the application is configured to send to distribution groups that are set to only accept mail from internal senders, in this case the email is rejected.. as it should be. We have literally hundreds of nested distribution groups and we would rather not change them to allow email from unauthenticated senders so that leaves me with figuring out how to change my receive connector to deliver these messages as if they are from an authenticated sender.

I know that I can just enable the "Externally Secured" mechanism and add Exchange Server to the permissions groups but I read that this is not a good practice. Is it possible to assign only the specific permission needed to the connector via powershell much I like I did with the ms-Exch-SMTP-Accept-Any-Recipient permission?

  • Edited by tpullins Friday, August 14, 2015 5:41 AM formatting
Free Windows Admin Tool Kit Click here and download it now
August 14th, 2015 5:38am

I might be able to but since I am already scoping this relay connector to only specific IP's it would be nice to just let them have the "full ride" if you know what I mean. This way I don't have to worry about messing with authentication settings on future applications I can simply add their IP to my relay connector.
August 14th, 2015 12:27pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics