SOLVED: How to Create An Open Relay For A Particular Server

How to Setup an Unauthenticated Relay in Exchange 2007 or 2010

You likely have a server or application which needs to send email but cannot authenticate (sign in as a user) against your Exchange mail server for one reason or another.   It is actually quite a painless process to configure your Exchange server  to NOT need to authenticate SMTP traffic from a particular IP address:

exchange-2007-2010-new-receive-connector-anonymous-relayGo to your Exchange Management Console, and drill into SERVER CONFIGURATION, HUB TRANSPORT, RECEIVE CONNECTORS.  Then Right click and select NEW RECEIVE CONNECTOR

 

 

 

exchange-2007-2010-new-receive-connector-relay-customType in a Name that means something to you in the NEW SMTP RECEIVE CONNECTOR field and make sure the SELECT THE INTENDED USE drop down is on CUSTOM.

 

 

 

 

exchange-2007-2010-receive-connector-local-network-settingsLeave the Local Network Settings at their defaults and click NEXT.  You can complete the FQDN field if you wish but it is not required.

 

 

 

 

new-exchange-2007-2010-new-receive-connector-relay-remote-network-settingsOn the Remote Network Settings screen double click the 0.0.0.0-255.255.255.255 entry and put in the address range of the server which you want to exempt from authenticating… ya know… the one you want to allow to relay.  In my case I had three servers so I put that range in, but you could use the same IP for the Start and the END, if you only had one server you wanted to allow to relay.

 

 

new-exchange-2007-2010-new-receive-connector-relay-remote-network-settings-newClick the NEW button to make it happen.

 

 

 

 

 

Now that you have your spanky new connector, all you have to do is tell Exchange that the server(s) you want to allows relays from (i.e. the ones in the IP Range you specified above) do not have to authenticate.  This is pretty easy:

exchange-2007-2010-new-receive-connector-relay-permission-groups-tabDouble click on your new connector and select the PERMISSIONS tab.  Then click ONLY the EXCHANGE SERVERS option.  I know, I know, you are thinking you should click the ANONYMOUS option, but you should not.  The EXCHANGE SERVERS option is telling your Exchange to treat the servers specified in the IP Range as if they were Exchange servers (i.e. let them anything… including relay!)

 

 

exchange-2007-2010-new-receive-connector-relay-authentication-tabNow click the AUTHENTICATION tab and select only the TRANSPORT LAYER SECURITY and EXTERNALLY SECURED check boxes.  This tells your Exchange server that there is no need to force and authentication, because the server(s) which will be connecting are trusted and secured through some other means (i.e. you think your LAN is secure!)

Note: You MUST set the PERMISSIONS tab BEFORE, you EXTERNALLY SECURED

 

You should probably restart your MICROSOFT EXCHANGE TRANSPORT service as a last step and then you are done!

___________________________________

In my case, I needed to get a PHPBB v3 Forum I run (www.commodore.ca/forum) to send email to new registrants.  I was getting one of two errors in the PHPBB’s MAINTENANCE, ERROR LOG:

E-mail error
» EMAIL/SMTP
/forum/ucp.phpNo supported authentication methods.BacktraceConnecting to mail.commodore.com:25
LINE: 926 <- 220 server08.web2008.local Microsoft ESMTP MAIL Service ready at Sat, 23 Jan 2010 03:37:39 -0700

___________________________________

E-mail error
» EMAIL/SMTP
/forum/ucp.php

Ran into problems sending e-mail at Line 962. Response: 550 5.7.1 Unable to relay

<calgrych@yahoo.com>possibly an invalid e-mail address?

Backtrace

Connecting to mail.commodore.com:25
LINE: 926 <- 220 server08.web2008.local Microsoft ESMTP MAIL Service ready at Tue, 26 Jan 2010 20:49:23 -0700

I had the configuration set in the phpbb Email SMTP Configuration in the Administrators Control Panel (ACP) that you see in the screen shot to the left.

phpbb-email-smtp-configurationNOTE: That originally, I was using the mail server NAME (mail.commodore.ca) which was a mistake because that address resolves to a public IP and my Exchange “relay” connector was setup for 10.1.4.14.  Because the did not match, I could not relay.

Now my PHPBB v3 forum can send (relay) email through my Exchange server without any problem.  If you are worried about security, I think you can sleep easily, because you configured your Exchange server to allow relays only from the IP address of the server in question.

Note that in addition to using the PHPBB support forum, you might find THIS page and THIS Microsoft article to be helpful, if you continue to have problems.

Comments

  1. Avatar
    vendara@puertolimpio.com May 18, 2015 at 4:35 pm

    Thanks,

    Excelent article!!!

Questions or Comments?