Thursday, 7 June 2018

Exchange 2013+: Set Up a Receive Connector for MFP/Copier/Device Relay

The following are the two steps required to enable an internal anonymous relay in Exchange 2013/2016/20*.

Step 1: Create the Receive Connector

New-ReceiveConnector –Name MFP-APP-AnonRelay –Usage Custom –Bindings 0.0.0.0:25 –RemoteIPRanges 192.168.25.1-192.168.25.10,192.168.25.225-192.168.25.254 –Comment “Allows anonymous relay” –TransportRole FrontEndTransport –AuthMechanism None –PermissionGroups AnonymousUsers

Variables:

  • -Name: Change this if needed but must match for both steps
  • -RemoteIPRanges: Only put trusted device IP addresses in this section

Once the receive connector is set up it can be managed via EAC.

Step 2: Allow Anonymous Rights

Get-ReceiveConnector “MFP-APP-AnonRelay” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

Variable:

  • The Receive Connector name must match the one set in Step 1

Conclusion

Once the above steps are set up there is no need to set a username and password on any device that has an allowed IP.

For obvious reasons one should never put an Internet IP address in this rule! But, that being said, one always denies all SMTP 25/587 inbound traffic to a third party sanitation provider's subnets right (we use ExchangeDefender for our own and our client's needs)?

Also, this setup is for on-premises Exchange.

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Our Web Site
Our Cloud Service

No comments:

Post a Comment

NOTE: All comments are moderated.