Unfortunately, there are still applications or devices that can only send mails without authentication. This is not possible in the Exchange Server default setting. However, a new receive connector can be set up which allows anonymous relay for certain IP addresses.
On a server with an English-language operating system, the following commands can be used to create a corresponding connector:
New-ReceiveConnector -Name "Anonymous Relay" -TransportRole FrontendTransport -Custom -Bindings 0.0.0.0:25 -RemoteIpRanges 192.168.100.50, 192.168.100.51
Set-ReceiveConnector "Anonymous Relay" -PermissionGroups AnonymousUsers
Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
Die Befehle erstellen einen neuen Sendeconnector mit dem Namen „“Anonymous Relay“ und schränken den Connector auf die IPs 192.168.100.50 und 192.168.100.51 ein. Nur diese beiden IPs dürfen also den Connector nutzen und Mails ohne Authentifizierung versenden. Bei der Angabe der IPs muss vorsichtig vorgegangen werden. Hier sollten nur interne IPs und keine Netzbereiche verwendet werden, sonst baut man sich möglicherweise schnell ein Open Relay welches von Spammern missbraucht wird.
On your server with a German-language operating system, a command is slightly different, so here are the commands for a German-language server:
New-ReceiveConnector -Name "Anonymous Relay" -TransportRole FrontendTransport -Custom -Bindings 0.0.0.0:25 -RemoteIpRanges 192.168.100.50, 192.168.100.51
Set-ReceiveConnector "Anonymous Relay" -PermissionGroups AnonymousUsers
Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT-Autorität\Anonymous-Anmeldung" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
The new connector can be tested with the following command:
Send-MailMessage -SmtpServer <EXCHANGEIPORFQDN> -From relay@domain.de -To recicpient@domain.de -Subject "TEST RELAY"
The test only works if the IP has been explicitly allowed. Additional permitted IPs can also be conveniently added via the Exchange Admin Center:
If you operate several Exchange servers, you should add the host name of the server to the name of the connector (as is the case with the other connectors).