Get-ReceiveConnector
Identity Bindings Enabled
-------- -------- -------
EX2016\Default EX2016 {0.0.0.0:2525, [::]:2525} True
EX2016\Client Proxy EX2016 {[::]:465, 0.0.0.0:465} True
EX2016\Default Frontend EX2016 {[::]:25, 0.0.0.0:25} True
EX2016\Outbound Proxy Frontend EX2016 {[::]:717, 0.0.0.0:717} True
EX2016\Client Frontend EX2016 {[::]:587, 0.0.0.0:587}
Now let’s do an SMTP test by telneting SMTP port (port 25)
EX2016.DOMANI.LOCAL Microsoft ESMTP MAIL Service ready at Sat, 3 Apr 2021 18:45:48 +0300
ehlo
250-EX2016.DOMAIN.LOCAL Hello [::1]
250-SIZE 36700160
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
mail from:abbasiftt2@gmail.com
250 2.1.0 Sender OK
rcpt to:administrator@domain.com
250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
Subject:Test Email Relay
.
250 2.6.0 <694f41b5-49b5-4bd9-8131-4360ab77459a@EX2016.DOMAIN.LOCAL> [InternalId=101588861452334, Hostname=EX2016.domain.local] Queued mail for delivery
There is no specific configuration required on the server or the connectors to allow this scenario, however, it is recommended that you use a name(A record) instead of an IP address or server’s FQDN. For example mail.domain.com. It will help you configure all the devices/applications with name (A Record) and change the server later upgrade/migrate to a higher version or change the server.
220 EX2016.DOMAIN.LOCAL Microsoft ESMTP MAIL Service ready at Sat, 3 Apr 2021 18:59:35 +0300
ehlo
250-EX2016.GT.KW Hello [::1]
250-SIZE 36700160
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
mail from:administrator@domain.com
250 2.1.0 Sender OK
rcpt to:abbasiftt@gmail.com
550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain
An SMTP error code “550 5.7.54, Unable to relay recipient in non-accepted domain”. The receive connector will not allow an anonymous/unauthenticated sender to relay to external email addresses, which prevents our Exchange server from being exploited as an open relay.
Get-ReceiveConnector
Identity Bindings Enabled
-------- -------- -------
EX2016\Default EX2016 {0.0.0.0:2525, [::]:2525} True
EX2016\Client Proxy EX2016 {[::]:465, 0.0.0.0:465} True
EX2016\Default Frontend EX2016 {[::]:25, 0.0.0.0:25} True
EX2016\Outbound Proxy Frontend EX2016 {[::]:717, 0.0.0.0:717} True
EX2016\Client Frontend EX2016 {[::]:587, 0.0.0.0:587} True
[PS] D:\>Get-ExchangeCertificate | ft thumbprint,notafter,issuer -AutoSize
Thumbprint NotAfter Issuer
---------- -------- ------
EF748982B467BE652624CEDB5569011D7AB7CECA 7/10/2021 2:59:59 AM CN=Sectigo RSA Domain Validation Secure Server CA, O=...
D3512533EDC3ECED8CE40ECC34DE2CEB7296F3C1 6/17/2022 4:46:56 PM CN=EX2016
29A2F0B52524469D77307DB0CB87CC728331DCB7 6/15/2027 3:55:05 PM CN=WMSvc-EX2016
EE64D939BCD76050A01AC386D4E9255F6622DE6E 4/28/2022 5:53:01 PM CN=Microsoft Exchange Server Auth Certificate
[PS]$cert = Get-ExchangeCertificate -Thumbprint EF748982B467BE652624CEDB5569011D7AB7CECA
[PS]$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"
[PS]Set-ReceiveConnector "Client Frontend EXCH2016" -Fqdn mail.domain.com -TlsCertificateName $tlscertificatename
$credential = Get-Credentia
Now send an email by specifying the server name(A record), To address and From addresses, subject line, and the port number. You have to specify the same email that you used to authenticate in the authentication popup.
Send-MailMessage -SmtpServer mail.domain.com -Credential $credential -From 'administrator@domain.com' -To 'exchangeserverpro@gmail.com' -Subject 'Test email' -Port 587 -UseSsl
The email we sent is received successfully received by the external recipient. So the device/application on the network that sends authenticated SMTP traffic can be configured to use Client FrontEnd connector listening on port 587 on Exchange server.
Set-ReceiveConnector "Allow-Relay" -PermissionGroups AnonymousUsers
Get-ReceiveConnector "Allow-Relay" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient
220 EX2016.DOMAIN.LOCAL Microsoft ESMTP MAIL Service ready at Sat, 3 Apr 2021 22:49:10 +0300 ehlo 250-EX2016.DOMAIN.LOCAL Hello [192.168.0.215] 250-SIZE 37748736 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250 8BITMIME mail from:administrator@domain.com.com 250 2.1.0 Sender OK rcpt to:myemail@gmail.com 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> subject:Test email relay . 250 2.6.0 <94bd68aa-a6be-4499-9912-66f3a23465bc@EX2016.DOMAIN.LOCAL> [InternalId=135046656688193, Hostname=EX2016.DOMAIN.LOCAL] 1617 bytes in 0.141, 11.144 KB/sec Queued mail for delivery |
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)