How to allow the internal application servers to relay SMTP Messages thru Exchange Server 2010 and 2007
if you are getting the SMTP error message “550 5.7.1 Unable to relay” when you try to relay smtp messages thru your exchange server, you have to configure a new receive connector by following the steps below
SMTP applications that can authenticate to relay messages does not have this problem so this configuration is strictly for those applications that cannot authenticate with Exchange 2010..
First step is to create a new custom receive connector to be able to scope remote IP Addresses of the application servers that we will allow.
Start your Exchange Management Console -> Expand the Server Configuration and click on Hub Transport-> Click on the “New Receive Connector”
Enter an approtiate name and Click NEXT
In the “Remote Network settings” window, remove the existing range that is already suggested in the window,
Click “Add” to enter the IP Adresses/ranges of the application servers that will be allowed to relay SMTP messages, Click OK and Next
Click New and Finish
Check Properties of the new connector
Click on the Authentication Tab, clear all the check boxes and choose the Exchange server authentication check box
Click on the Permissions Group Tab and check the Anonymous users box
The next step is to create the connector, and open the properties. Now you have two options, which I will present. The first option will probably be the most common.
Option 1: Make your new scoped connector an Externally Secured connector
This option is the most common option, and preferred in most situations where the application that is submitting will be submitting email to your internal users as well as relaying to the outside world.
Before you can perform this step, it is required that you enable the Exchange Servers permission group. Once in the properties, go to the Permissions Groups tab and select Exchange servers.
Next, continue to the authentication mechanisms page and add the “Externally secured” mechanism. What this means is that you have complete trust that the previously designated IP addresses will be trusted by your organization.
How to Grant the relay permission to Anonymous users on the new connector?
Check the “Anonymous users” box
This will grant permissions for the anonymous account, but not the permission to relay. This should be done thru the Exchange shell:
Get-ReceiveConnector “Haruns Application Relay” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”