How to Setup an Unauthenticated Relay in Exchange 2007 or 2010
You likely have a server or application which needs to send email but cannot authenticate (sign in as a user) against your Exchange mail server for one reason or another. It is actually quite a painless process to configure your Exchange server to NOT need to authenticate SMTP traffic from a particular IP address:
On the Remote Network Settings screen double click the 0.0.0.0-255.255.255.255 entry and put in the address range of the server which you want to exempt from authenticating… ya know… the one you want to allow to relay. In my case I had three servers so I put that range in, but you could use the same IP for the Start and the END, if you only had one server you wanted to allow to relay.
Now that you have your spanky new connector, all you have to do is tell Exchange that the server(s) you want to allows relays from (i.e. the ones in the IP Range you specified above) do not have to authenticate. This is pretty easy:
Double click on your new connector and select the PERMISSIONS tab. Then click ONLY the EXCHANGE SERVERS option. I know, I know, you are thinking you should click the ANONYMOUS option, but you should not. The EXCHANGE SERVERS option is telling your Exchange to treat the servers specified in the IP Range as if they were Exchange servers (i.e. let them anything… including relay!)
Now click the AUTHENTICATION tab and select only the TRANSPORT LAYER SECURITY and EXTERNALLY SECURED check boxes. This tells your Exchange server that there is no need to force and authentication, because the server(s) which will be connecting are trusted and secured through some other means (i.e. you think your LAN is secure!)
Note: You MUST set the PERMISSIONS tab BEFORE, you EXTERNALLY SECURED
You should probably restart your MICROSOFT EXCHANGE TRANSPORT service as a last step and then you are done!
In my case, I needed to get a PHPBB v3 Forum I run (www.commodore.ca/forum) to send email to new registrants. I was getting one of two errors in the PHPBB’s MAINTENANCE, ERROR LOG:
/forum/ucp.phpNo supported authentication methods.BacktraceConnecting to mail.commodore.com:25
LINE: 926 <- 220 server08.web2008.local Microsoft ESMTP MAIL Service ready at Sat, 23 Jan 2010 03:37:39 -0700
Ran into problems sending e-mail at Line 962. Response: 550 5.7.1 Unable to relay
<[email protected]>possibly an invalid e-mail address?
Connecting to mail.commodore.com:25
LINE: 926 <- 220 server08.web2008.local Microsoft ESMTP MAIL Service ready at Tue, 26 Jan 2010 20:49:23 -0700
I had the configuration set in the phpbb Email SMTP Configuration in the Administrators Control Panel (ACP) that you see in the screen shot to the left.
NOTE: That originally, I was using the mail server NAME (mail.commodore.ca) which was a mistake because that address resolves to a public IP and my Exchange “relay” connector was setup for 10.1.4.14. Because the did not match, I could not relay.
Now my PHPBB v3 forum can send (relay) email through my Exchange server without any problem. If you are worried about security, I think you can sleep easily, because you configured your Exchange server to allow relays only from the IP address of the server in question.