If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
Solved
Exchange 2010 - Allow authenticated user to relay as any email address?
Posted on 2016-09-02
I have a vendor that sends notification emails from job applicants through our Exchange 2010 server. Vendor service connects and authenticates as donotreply@ on a separate receive connector on port 587. The vendor service then says the email is from the applicants email address, Exchange says the client doesn't have permission to send and dumps the message. How can I allow an authenticated user to send as anyone?
*,DOMAIN\donotreply,authenticated
>,235 2.7.0 Authentication successful,
<,MAIL FROM: <applicants_email_address@their_domain.com>,
*,08D3D15AAC2344AA;2016-09-02T15:31:08.310Z;1,receiving message
>,250 2.1.0 Sender OK,
,RCPT TO: <LEGIT EXCHANGE USER>,
>,250 2.1.5 Recipient OK,
<,DATA,
>,354 Start mail input; end with <CRLF>.<CRLF>,
>,550 5.7.1 Client does not have permissions to send as this sender,
<,QUIT,
>,221 2.0.0 Service closing transmission channel,
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
2
2
7 Comments
Active today
Hi,
If you want a secure way allow relay only on that particular IP. Detailed step below.
https://www.experts-exchange.com/articles/2666/Allow-relaying-on-Exchange-2007-Exchange-2010-in-4-easy-steps.html
Thanks
MAS
If you want a secure way allow relay only on that particular IP. Detailed step below.
https://www.experts-exchange.com/articles/2666/Allow-relaying-on-Exchange-2007-Exchange-2010-in-4-easy-steps.html
Thanks
MAS
Active 1 day ago
I read through that and it doesn't quite seem to fit what I am doing.
The vendor is not trying to send emails to an external user, they are trying to send an email to an internal user spoofing an external user.
The vendor is not trying to send emails to an external user, they are trying to send an email to an internal user spoofing an external user.
Active today
This is the commands you have to use
Then run this command to allow relay on that connector
Replace 192.168.1.100 with your Exchange2010 IP
This will work for internal and external.
New-ReceiveConnector -Name AllowRelay -usage Custom -Bindings '192.168.1.100:25' -fqdn server.domain.com -RemoteIPRanges <vendorIP> -server <YOUREXCHANGESERVERNAME> -permissiongroups AnonymousUsers
Then run this command to allow relay on that connector
Get-ReceiveConnector AllowRelay | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
Replace 192.168.1.100 with your Exchange2010 IP
This will work for internal and external.
Active 1 day ago
Will that make it so authentication won't work any longer? They have their side set up to use authentication to send and I'm trying to work with what they already have set up.
When the connection is authenticated, by default it can only send as that user, there is no mechanism in Exchange to allow an authenticated connection to send as "anything"
This is why MAS suggested setting up a relay connector bound to their exit IP address and to use an anonymous (not authenticated) connection.
You may however have issues if the original senders address is covered with an SPF record.
This is why MAS suggested setting up a relay connector bound to their exit IP address and to use an anonymous (not authenticated) connection.
You may however have issues if the original senders address is covered with an SPF record.
Active 1 day ago
Had to have the vendor change one of their email processes to not use authentication.
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month7 days, 10 hours left to enroll
715 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.