Setup Anonymous Relay on Exchange 2010 Receive Connector
I’ve come across several situations were granting anonymous relay on a Exchange 2010 receive connector can be beneficial. In my environment we use a connector of this type for our multi-function printers/scanners that scan to email. This way we don’t have to setup mailboxes just for printers/scanners.
Create your connector:
New-ReceiveConnector -Name "Anon Relay" -Usage Custom -PermissionGroups AnonymousUsers -Bindings your.exchange.ip.address:25 -RemoteIpRanges allow.from.ip.address
Grant anonymous relay on the new connector:
Get-ReceiveConnector "Anon Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
Add single additional IP to connector:
$rec = Get-ReceiveConnector "Anon Relay" $rec.RemoteIPRanges += "new.ip.address" Set-ReceiveConnector "Anon Relay" -RemoteIPRanges $rec.RemoteIPRanges
Add multiple IP addresses to the connector:
$rec = Get-ReceiveConnector "Anon Relay" $rec.RemoteIPRanges += "ip.address", "ip.address", "ip.address" Set-ReceiveConnector "Anon Relay" -RemoteIPRanges $rec.RemoteIPRanges
Add multiple IP addresses from a text file (one per line) to the connector:
$rec = Get-ReceiveConnector "Anon Relay" Get-Content .\ip.txt | foreach { $rec.RemoteIPRanges += "$_" } Set-ReceiveConnector "Anon Relay" -RemoteIPRanges $rec.RemoteIPRanges
You can add additional IP addresses via the Exchange Management Console. The console accepts CIDR addresses, so a single IP would be /32 eg: 192.168.1.25/32. If you are using this for Printers, you won’t need to specify SMTP credentials, however you still need to specify a “send from” address otherwise Exchange will deny the relay.