Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to tell which Receive Connector is set to allow open relay?

Posted on 2016-11-03
5
Medium Priority
?
82 Views
Last Modified: 2016-11-07
We have several receive connectors. And we did issue the following cmdlet in the past to allow open relay on that specific connector. But now we don't remember which one. How to tell?

Get-ReceiveConnector -identity 'server\receive-connector' | Add-ADPermission –User  "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
0
Comment
Question by:Castlewood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Assisted Solution

by:Jason Crawford
Jason Crawford earned 500 total points
ID: 41873352
I can think of two ways:

Method 1
Enable verbose logging on all Receive Connectors:

Get-ReceiveConnector | Set-ReceiveConnector -ProtocolLoggingLevel verbose

Open in new window


Once you do that, relay an email through your Exchange servers and look for the connection in the SMTPReceive Protocol Logs.  The name of the connector will be included in the log.

Method 2
Look for the Ms-Exch-SMTP-Accept-Any-Recipient extended right:

Get-ReceiveConnector | Get-ADPermission | Format-List

Open in new window

0
 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 41873366
You can go into ADSIEdit, Connect to the configuration partition, then navigate to Services>Microsoft Exchange><Org Name> >Administrative Groups > Exchange Administrative Group > Servers > <Server name> > Protocols > SMTP > SMTP Receive Connectors from there, you can see the permissions on the connectors by right clicking them and going to properties, then the security tab. Any of them that show "Anonymous" will likely be your Open Relay.

For the future, though, an easy way to set an open relay if you need one is to set the connector to  Externally Secured on the Authentication tab. You have to have Exchange servers selected on the Permission groups tab before doing so, though. Setting Externally Secured authentication will set the connector to allow anonymous relaying. It's also a lot easier to spot.
0
 
LVL 49

Accepted Solution

by:
Akhater earned 1000 total points
ID: 41873942
This should do it for you

Get-ReceiveConnector | Get-ADPermission | where {$_.ExtendedRights -like "*Ms-Exch-SMTP-Accept-Any-Recipient*" -and $_.User -eq "NT AUTHORITY\ANONYMOUS LOGON"}

Open in new window

0
 

Author Comment

by:Castlewood
ID: 41874311
Adam,
You have to have Exchange servers selected on the Permission groups tab
Would it accept only Exchange Server to relay messages? I need a backup computer to send alerting email via this Exchange. If it only allows Exchange sever to connect and relay, then could be an issue. Please advise.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 41877057
No it will allow for any user not only exchange, it is just that the "Externally secured" option cannot be selected unless "Exchange servers" is selected but since in the permission group you have anonymous it will be allowed for anyone listed in the remote IP range
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question