KB10104 - Exchange: Anonymous Relay Connector
This describes how to create an anonymous relay connector in Exchange 2010++
- The Exchange server that gets the connector has the IP: 192.168.41.10 in the example
- The client with relay permission will be IP: 192.168.41.1
When the connector is created you can use the GUI to add additional clients to the connector.
Script code:
# Name of the new connector
$RCName = "RC-Relay"
# Name of the Exchange Server
$ExchangeServerName = "exchange.lab.local"
# Create the new connector
New-ReceiveConnector -Name $RCName -Server $ExchangeServerName -Usage Custom -PermissionGroups AnonymousUsers -Bindings 192.168.41.10:25 -RemoteIpRanges 192.168.41.1 -ProtocolLogging verbose
# Set SMTP banner so you can determine if you reached
# the correct connector
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Set-ReceiveConnector -Banner "220 welcome to the relay connector"
# Set the anonymous send right for any recipient
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
# Set the anonymous send right for any sender
# this one is only required if you want to send
# mails from non existing interal domains
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"
# If you want to bypass spam filtering (Exchange
# Anti Spam agent) run the following command in
# addition
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-Bypass-Anti-Spam"
# Finally to bypass message size limits use the
# following command:
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-Bypass-Message-Size-Limit"
# To view those extended rigths use the following command
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Get-ADPermission | Where-Object {$_.User -like "*ANONYMOUS LOGON*"} | Select-Object -Property extendedrights