Setting up anonymous relay on Exchange servers 2016 and Testing of the mail relay using telnet utility.

Anonymous Mail Relay on Exchange 2016

In this post we are going to configure Anonymous Mail relay on Exchange Server 2016.

anonymous relay is a common requirement, all most all organization need an SMTP relay service, multiple application like printers, web servers, database servers, monitoring applications, network devices etc. needs to send messages and need an SMTP relay server for that.

So let’s see how we can setup receive connecter for mail relay in Exchange Server 2016, note this is not advised to editing default receive connecters which were created by installations.

We will setup a new receive connecter in the front end transport service.
Note: it is not advised to keep the exchange as an open relay so we will create a receive connecter which will allow mail relay based on allowed network hosts.

First of all I will setup a 'A' type DNS record which will be pointing to my mailbox server mailrelay.letsexchange.in

to test the DNS records you use the below cmd

Resolve-DnsName mailrelay.letsexchagne.in



Once we have DNS record setup, next I will create new receive connector which is going to accept message on port 25 from the allowed IP address hosts.

Give connector a meaning full name
Select Frontend transport in role and custom in Type



Next if you have multiple network adapter and you wants to use one of specific adapter then mention the same network card IP here.


Next add the IPs you want relay to be allowed from.


<

And then click Save.

Now open the Receive connector,
on security tab select “Externally Secured” under authentication:
and check “exchange Server” under “permission groups:” 
and uncheck everything else to make the receive connector externally secure.




After that you need to add AD permission for Anonymous logon on receive Connector

Run the below cmd for the same

Get-ReceiveConnector –Identity "mailrelay-letsexchange.in” | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

You can also use Exchange PowerShell to setup receive connecter.

Create a new Receive connector using powrshell

New-ReceiveConnector -Identity "mailrelay-letsexchange.in" -TransportRole FrontendTransport -Custom -Bindings 0.0.0.0:25 -RemoteIpRanges 192.168.100.30

Set permission group to Anonymous Users

Set-ReceiveConnector –Identity "mailrelay-letsexchange.in” -PermissionGroups AnonymousUsers

Adding permission

Get-ReceiveConnector –Identity "mailrelay-letsexchange.in” | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Configuring the connections as Externally Secured

Set-ReceiveConnector –Identity "mailrelay-letsexchange.in” -AuthMechanism ExternalAuthoritative -PermissionGroups ExchangeServers

Mail Relay Testing using Telnet client tool.

After we are finished with all the above steps now its time to test of the relay is working.

Note: you need to have telnet client installed on your machine before you can test using telnet. If you do not have telnet client installed, you can install telnet client using the following command.

pkgmgr /iu: "TelnetClient"

telnet client will be installed after running this command, it may sometime take a couple of minutes.

Now to test the SMTP relay open CMD and run then below Commands:

Telnet mailrelay.letsExchange.in 25
Ehlo
Mail From:SenderEmail@domain.com
RCPT TO:Recipient@domain.com
Data
Subject: This is testing
This is test email
.

Note: “.” Signifies the end of the message.

You can refer to the screenshot below for the commands, In the screenshot I have demonstrated a successful message submission from a desktop machine.




Below is the screenshot from the mailbox that our message reached successfully to the recipient mailbox.




Summary: In this post we learned how to configure Exchange Server 2016 Receive connector to allow message relay using GUI and PowerShell, we also learned how to test if the mail relay is working as expected using Telnet.


Comments