KB10104 - Exchange: Anonymous Relay Connector

This describes how to create an anonymous relay connector in Exchange 2010++

  • The Exchange server that gets the connector has the IP: 192.168.41.10 in the example
  • The client with relay permission will be IP: 192.168.41.1

When the connector is created you can use the GUI to add additional clients to the connector.

KB10104-Exchange: Create Relay Connector GUI


Script code:

	
# Name of the new connector
$RCName = "RC-Relay"
# Name of the Exchange Server
$ExchangeServerName = "exchange.lab.local"

# Create the new connector
New-ReceiveConnector -Name $RCName -Server $ExchangeServerName -Usage Custom -PermissionGroups AnonymousUsers -Bindings 192.168.41.10:25 -RemoteIpRanges 192.168.41.1 -ProtocolLogging verbose

# Set SMTP banner so you can determine if you reached 
#  the correct connector 
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Set-ReceiveConnector -Banner "220 welcome to the relay connector"

# Set the anonymous send right for any recipient
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

# Set the anonymous send right for any sender
#  this one is only required if you want to send 
#  mails from non existing interal domains
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Sender"

# If you want to bypass spam filtering (Exchange 
#  Anti Spam agent) run the following command in 
#  addition
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-Bypass-Anti-Spam"

# Finally to bypass message size limits use the
#  following command:
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-Bypass-Message-Size-Limit"

# To view those extended rigths use the following command
Get-ReceiveConnector -Server $ExchangeServerName | Where-Object {$_.Name -eq "$RCName"} | Get-ADPermission | Where-Object {$_.User -like "*ANONYMOUS LOGON*"} | Select-Object -Property extendedrights
	

>> syntax highlighting powered by highlight.js