Monday, March 28, 2011

550 5.7.1 Unable to relay

Due to a change in our Call Logging system (the application the Help Desk uses to log IT service calls for users), I had to allow it to send e-mails as coming from the Help Desk mailbox to external users (similar to Send-As permissions).

So, I create a new receive connector, called Infra, just for the servers hosting that application and allowed for anonymous users to use it as the application doesn’t support authenticated SMTP...

This grants permissions to the anonymous account but it still doesn’t give you the relay permission. If you try to relay using this send connector, you will get the following SMTP error message:

550 5.7.1 Unable to relay

The ACL that controls relay is the ms-Exch-SMTP-Accept-Any-Recipient. To add this ACL to this receive connector, we have to use Exchange Management Shell:

Get-ReceiveConnector "Infra"
Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Please, don’t forget to keep relay as restricted as possible, as your domain might get black-listed!

No comments:

Post a Comment