How to configure anonymous relay connector that also bypasses distribution group authentication setting "Only senders inside my organization" ?

I've created a relay receive connector that allows anonymous users, scoped it to my application server IP's and even ran the powershell command to allow the ANONYMOUS logon the ms-Exch-SMTP-Accept-Any-Recipient permission.

All is working well except when the application is configured to send to distribution groups that are set to only accept mail from internal senders, in this case the email is rejected.. as it should be. We have literally hundreds of nested distribution groups and we would rather not change them to allow email from unauthenticated senders so that leaves me with figuring out how to change my receive connector to deliver these messages as if they are from an authenticated sender.

I know that I can just enable the "Externally Secured" mechanism and add Exchange Server to the permissions groups but I read that this is not a good practice. Is it possible to assign only the specific permission needed to the connector via powershell much I like I did with the ms-Exch-SMTP-Accept-Any-Recipient permission?

  • Edited by tpullins Friday, August 14, 2015 5:41 AM formatting
August 14th, 2015 5:38am

"Full ride" means giving it "Externally Secured".

Free Windows Admin Tool Kit Click here and download it now
August 16th, 2015 2:32pm

Thanks Ed. I think that is the route that I will go.
August 16th, 2015 5:31pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics