<

Allow relaying on Exchange 2007 & Exchange 2010 in 4 easy steps

Published on
34,614 Points
13,314 Views
13 Endorsements
Last Modified:
Awarded
I have this application/website that needs to send emails, I have it configured to use our exchange server as SMTP. It can send emails to internal users without any problem however external ones are failing with a "550 5.7.1 Unable to relay" error

I have been answering this question, under different forms, so often on Experts Exchange lately that I have it copied on a notepad and end up by pasting it again every now and then, so let's see how to fix it.

First of all you should know that a mail server should be configure to unconditionally (not talking about spam/viruses here) accept emails sent to users in the SMTP domains it is serving. However, to avoid spamming others and being blacklisted, it should be very careful about who gets to send emails to other SMTP domains using its services, and that's what is called relaying.

This should explain why, in the above scenario, emails sent to internal users are received but not to external one, that is because Exchange is refusing to relay. To solve your problem and enable your application/web server to be able to send external emails, you should allow it (or its IP address) to relay emails through your Exchange server and here is how to do it in Microsoft Exchange 2007 and Microsoft Exchange 2010.

   1. Add another internal IP to your exchange server, say 1.1.1.1
   2. Create a new receive connector, configure it to listen only to the newly added IP address & accept SMTP connections only to the application\web server IP address. This can be done by GUI using Exchange Management Console or through Exchange Management Shell by running

      New-ReceiveConnector -Name AllowRelay -usage Custom -Bindings '1.1.1.1:25' -fqdn server.domain.com -RemoteIPRanges WebServerIpAddress -server MYEXCHANGESERVER -permissiongroups AnonymousUsers

   3. Now that the connector is created, you should allow relaying on that connector, this can only by achieved using Management Shell as shown below.

      Get-ReceiveConnector AllowRelay | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

   4. Finally configure your web server or Application to use the Exchange server's newly assigned IP 1.1.1.1 as SMTP server.

N.B.:Make sure to change the 1.1.1.1 by the additional IP you added to your Exchange server, WebServerIpAddress with the IP of your Webserver/application, MYEXCHANGESERVER by the name of your exchange 2007/2010 and server.domain.com by the FQDN of your exchange server.

Hope this clears out things a little bit

13
Author:Akhater
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free