Get-ReceiveConnector Identity Bindings Enabled -------- -------- ------- EX2016\Default EX2016 {0.0.0.0:2525, [::]:2525} True EX2016\Client Proxy EX2016 {[::]:465, 0.0.0.0:465} True EX2016\Default Frontend EX2016 {[::]:25, 0.0.0.0:25} True EX2016\Outbound Proxy Frontend EX2016 {[::]:717, 0.0.0.0:717} True EX2016\Client Frontend EX2016 {[::]:587, 0.0.0.0:587}Now let’s do an SMTP test by telneting SMTP port (port 25)
EX2016.DOMANI.LOCAL Microsoft ESMTP MAIL Service ready at Sat, 3 Apr 2021 18:45:48 +0300 ehlo 250-EX2016.DOMAIN.LOCAL Hello [::1] 250-SIZE 36700160 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-X-ANONYMOUSTLS 250-AUTH NTLM 250-X-EXPS GSSAPI NTLM 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 XRDST mail from:abbasiftt2@gmail.com 250 2.1.0 Sender OK rcpt to:administrator@domain.com 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> Subject:Test Email Relay . 250 2.6.0 <694f41b5-49b5-4bd9-8131-4360ab77459a@EX2016.DOMAIN.LOCAL> [InternalId=101588861452334, Hostname=EX2016.domain.local] Queued mail for deliveryThere is no specific configuration required on the server or the connectors to allow this scenario, however, it is recommended that you use a name(A record) instead of an IP address or server’s FQDN. For example mail.domain.com. It will help you configure all the devices/applications with name (A Record) and change the server later upgrade/migrate to a higher version or change the server.
220 EX2016.DOMAIN.LOCAL Microsoft ESMTP MAIL Service ready at Sat, 3 Apr 2021 18:59:35 +0300 ehlo 250-EX2016.GT.KW Hello [::1] 250-SIZE 36700160 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-X-ANONYMOUSTLS 250-AUTH NTLM 250-X-EXPS GSSAPI NTLM 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 XRDST mail from:administrator@domain.com 250 2.1.0 Sender OK rcpt to:abbasiftt@gmail.com 550 5.7.54 SMTP; Unable to relay recipient in non-accepted domainAn SMTP error code “550 5.7.54, Unable to relay recipient in non-accepted domain”. The receive connector will not allow an anonymous/unauthenticated sender to relay to external email addresses, which prevents our Exchange server from being exploited as an open relay.
Get-ReceiveConnector Identity Bindings Enabled -------- -------- ------- EX2016\Default EX2016 {0.0.0.0:2525, [::]:2525} True EX2016\Client Proxy EX2016 {[::]:465, 0.0.0.0:465} True EX2016\Default Frontend EX2016 {[::]:25, 0.0.0.0:25} True EX2016\Outbound Proxy Frontend EX2016 {[::]:717, 0.0.0.0:717} True EX2016\Client Frontend EX2016 {[::]:587, 0.0.0.0:587} True
[PS] D:\>Get-ExchangeCertificate | ft thumbprint,notafter,issuer -AutoSize Thumbprint NotAfter Issuer ---------- -------- ------ EF748982B467BE652624CEDB5569011D7AB7CECA 7/10/2021 2:59:59 AM CN=Sectigo RSA Domain Validation Secure Server CA, O=... D3512533EDC3ECED8CE40ECC34DE2CEB7296F3C1 6/17/2022 4:46:56 PM CN=EX2016 29A2F0B52524469D77307DB0CB87CC728331DCB7 6/15/2027 3:55:05 PM CN=WMSvc-EX2016 EE64D939BCD76050A01AC386D4E9255F6622DE6E 4/28/2022 5:53:01 PM CN=Microsoft Exchange Server Auth Certificate
[PS]$cert = Get-ExchangeCertificate -Thumbprint EF748982B467BE652624CEDB5569011D7AB7CECA [PS]$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)" [PS]Set-ReceiveConnector "Client Frontend EXCH2016" -Fqdn mail.domain.com -TlsCertificateName $tlscertificatename
$credential = Get-Credentia
Now send an email by specifying the server name(A record), To address and From addresses, subject line, and the port number. You have to specify the same email that you used to authenticate in the authentication popup.Send-MailMessage -SmtpServer mail.domain.com -Credential $credential -From 'administrator@domain.com' -To 'exchangeserverpro@gmail.com' -Subject 'Test email' -Port 587 -UseSslThe email we sent is received successfully received by the external recipient. So the device/application on the network that sends authenticated SMTP traffic can be configured to use Client FrontEnd connector listening on port 587 on Exchange server.
Set-ReceiveConnector "Allow-Relay" -PermissionGroups AnonymousUsers Get-ReceiveConnector "Allow-Relay" | Add-ADPermission -User 'NT AUTHORITY\Anonymous Logon' -ExtendedRights MS-Exch-SMTP-Accept-Any-Recipient
220 EX2016.DOMAIN.LOCAL Microsoft ESMTP MAIL Service ready at Sat, 3 Apr 2021 22:49:10 +0300 ehlo 250-EX2016.DOMAIN.LOCAL Hello [192.168.0.215] 250-SIZE 37748736 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250 8BITMIME mail from:administrator@domain.com.com 250 2.1.0 Sender OK rcpt to:myemail@gmail.com 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> subject:Test email relay . 250 2.6.0 <94bd68aa-a6be-4499-9912-66f3a23465bc@EX2016.DOMAIN.LOCAL> [InternalId=135046656688193, Hostname=EX2016.DOMAIN.LOCAL] 1617 bytes in 0.141, 11.144 KB/sec Queued mail for delivery |
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)