• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 649
  • Last Modified:

Exchange 2007 - Creating Internal Trusted Relay

I have a copier that can not seem to authenticate when sending mail. It is setup to scan documents and email them to us. Previously I used a Fedora server and made its IP address trusted so it could relay mail. Does exchange have the ability to be an open relay based on ip addresses?
0
celoedus
Asked:
celoedus
  • 4
  • 3
2 Solutions
 
MesthaCommented:
Is it emailing external people as well, or just internal people?

Simon.
0
 
celoedusAuthor Commented:
Internal Only.
0
 
big_daddy0690Commented:
You need to add a receive connector to allow this.
 
  1. In the Exchange Management Console expand Server Configuration and select Hub Transport.
  2. Select your exchange server then on the right side click New Receive Connector.
  3. Name your connector for example "Internal Trusted Relay" and select Custom for the connector type. Next
  4. Specify your FQDN for the connector. Next
  5. Remove the default remote IP range and add the IP address(es) or range(s) that you wish to allow relaying.
  6. Next, New, Finish.
  7. Right click the new connector and select Properties.
  8. Configure the options within the Authentication and Permission Groups tabs as appropriate.
Note - If you need to allow Anonymous users to send to external recipients then you will need to manually add that permission with the following command using the Management Shell.

Get-ReceiveConnector Receive Connector Name | Add-ADPermission -User NT AUTHORITY\ANONYMOUS LOGON -ExtendedRights Ms-Exch-SMTP-Accept-Any-Recipient
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
big_daddy0690Commented:

Get-ReceiveConnector Receive Connector Name | Add-ADPermission -User NT AUTHORITY\ANONYMOUS LOGON -ExtendedRights Ms-Exch-SMTP-Accept-Any-Recipient

Open in new window

0
 
MesthaCommented:
If it is internal only then you shouldn't need to do anything. Are you using an Edge server? If not then you should already have anonymous enabled on the receive connector. If you are using an Edge then simply enable anonymous on the Receive Connector.

You shouldn't need to add a new connector, the existing ones will be fine.

Simon.
0
 
big_daddy0690Commented:
That was not the case when I was setting up my Exchange 2007 server. I have all roles installed on the same server and it would not accept mail from anything other then Outlook Clients and our Exchange 2003 server.

Currently I have two connectors. One for Outlook clients connecting on port 587 and one for internal relay.
0
 
MesthaCommented:
By default the connectors are configured in that way, because Microsoft is expecting everyone to have an Edge server. All you need to do is enable anonymous on the Connector for port 25.

Simon.
0
 
big_daddy0690Commented:
I feel that the question was answered by Mestha and myself. My suggestion would be to split the point between us.

Thanks,
Bob
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now