asked on Exchange 2010 - Allow authenticated user to relay as any email address?
I have a vendor that sends notification emails from job applicants through our Exchange 2010 server. Vendor service connects and authenticates as donotreply@ on a separate receive connector on port 587. The vendor service then says the email is from the applicants email address, Exchange says the client doesn't have permission to send and dumps the message. How can I allow an authenticated user to send as anyone?
*,DOMAIN\donotreply,authenticated
>,235 2.7.0 Authentication successful,
<,MAIL FROM: <applicants_email_address@their_domain.com>,
*,08D3D15AAC2344AA;2016-09-02T15:31:08.310Z;1,receiving message
>,250 2.1.0 Sender OK,
,RCPT TO: <LEGIT EXCHANGE USER>,
>,250 2.1.5 Recipient OK,
<,DATA,
>,354 Start mail input; end with <CRLF>.<CRLF>,
>,550 5.7.1 Client does not have permissions to send as this sender,
<,QUIT,
>,221 2.0.0 Service closing transmission channel,
Exchange
Last Comment
ArneLovius
ASKER
I read through that and it doesn't quite seem to fit what I am doing.
The vendor is not trying to send emails to an external user, they are trying to send an email to an internal user spoofing an external user.
The vendor is not trying to send emails to an external user, they are trying to send an email to an internal user spoofing an external user.
This is the commands you have to use
Then run this command to allow relay on that connector
Replace 192.168.1.100 with your Exchange2010 IP
This will work for internal and external.
New-ReceiveConnector -Name AllowRelay -usage Custom -Bindings '192.168.1.100:25' -fqdn server.domain.com -RemoteIPRanges <vendorIP> -server <YOUREXCHANGESERVERNAME> -permissiongroups AnonymousUsers
Then run this command to allow relay on that connector
Get-ReceiveConnector AllowRelay | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
Replace 192.168.1.100 with your Exchange2010 IP
This will work for internal and external.
ASKER
Will that make it so authentication won't work any longer? They have their side set up to use authentication to send and I'm trying to work with what they already have set up.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Had to have the vendor change one of their email processes to not use authentication.
excellent to hear :-)
If you want a secure way allow relay only on that particular IP. Detailed step below.
https://www.experts-exchange.com/articles/2666/Allow-relaying-on-Exchange-2007-Exchange-2010-in-4-easy-steps.html
Thanks
MAS