Create Anonymous Relay for Exchange 2007

Setting up relay for Exchange 2007 is done on the Receive connector. It can be locked down to certain IP addresses & Users. Here’s an example, to setup a receive connector which allows connections from a list of specific IP addresses, on the Edge Transport server or Hub Transport server run the following command:

New-ReceiveConnector –Name "Anonymous Relay" -Usage Custom -PermissionGroups AnonymousUsers, ExchangeServers -Bindings –AuthMechanism Tls, ExternalAuthoritative -RemoteIpRanges,,,,,,,,,,

PermissionGroups – AnonymousUsers, ExchangeUsers, ExchangeServers, LegacyExchangeServers, Partners

Bindings –

AuthMechanism – Tls, ExternalAuthoritative



From the image above, ticking the Anonymous Users box grants the following permissions to the Anonymous Logon security principal on the Receive connector:

  • Ms-Exch-Accept-Headers-Routing
  • Ms-Exch-SMTP-Accept-Any-Sender
  • Ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
  • Ms-Exch-SMTP-Submit

However, to allow anonymous relay on this Receive connector, you have to also grant the following permission to the Anonymous Logon security principal on the Receive connector:

  • Ms-Exchange-SMTP-Accept-Any-Recipient

This is done by running the following command:

Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s