Often it’s a good idea to have a receive connector allowing certain devices to send mail through you exchange server without having to authenticate.
One example from where I currently work is printers.
We never set up the printers ourselves, that job is done by the provider. And do we want to give them a username and password allowing for mail relay through our servers? No, we don’t.
It’s a better practice to have them only input the name/ip-address of one exchange server with the cas role. Then all we have to do is add the ip-address of the printer to the list of allowed ip’s on our receive connector. Here’s a short guide on how to do it:
- Open up the EMC on a exchange server with the cas role and navigate to Server Configuration–>Hub transport.
- On the right side, click New Receive Connector…
- Give the new receive connector a suitable name, for example Anonymous, and choose Custom as the intended use.
- On the next page you are prompted to choose which local ip-addresses the receive connector should receive mail on and what fqdn the server should respond with. I usually leave the default settings here, but if your server has multiple ip-addresses connecting to different secured/unsecured networks it is a good idea to not accept mail on all ip-addresses.
- Next you will choose what ip-addresses are allowed to send mail to the receive connector, the default is all ip-addresses (baad idea in our case). Here you would, in our example, remove the default setting and input the ip-address of our printer.
- Click New on the next page and the connector is created, but we still have to do some configuring.
- When back at EMC, hit properties on the newly created receive connector.
- On the Permissions tab you can remove everything but Anonymous users and click OK.
Then you are good to go. If you want to allow more ip-addresses to relay, you can always enter more of them on the Properties–>Network for the receive connector.
And, as always, here’s the nerdy way of doing it in powershell:
New-ReceiveConnector -Name "Anonymous" -Usage Custom -PermissionGroups AnonymousUsers -Bindings 0.0.0.0:25 -RemoteIpRanges <ip of printer> -server <name of your server>