SBS 2011 Devices or Users cannot relay even after setting anonymous to the connector in Exchange Management

After spending hours trying to rectify our send connector to allow our accounting program to send invoices out, we stumble across an article from Mark Berry at http://www.mcbsys.com.

We had run the Fix My Network Wizard in SBS 2011 and after that Exchange 2010 would not accept email from non authenticated users even if the anonymous was selected.

Can’t Anonymously Send External Email

Once I had made those changes, the accounting system wouldn’t send email external, only internally to our domain/network.

When the application tried to send an email to a recipient outside the network, it failed with a 5.7.1 error:

sterling-it-mail-relay

 

 

 

 

The Persits knowledge base has a helpful article identifying the problem:  it means that “the SMTP server you are using is configured to reject messages sent to outside email addresses and originating from unauthorized IP addresses or users.”

So it’s a separate setting to be able to send mail outside the organization?

Yup, and for some reason it can only be enabled from the Exchange Management Shell, not from the Console. Once I found and executed the command at the bottom of this Petri article, sending mail to external recipients worked as well:

Get-ReceiveConnector "Default SBS" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Never in a million years would I have figured that one out. Thanks Mr. Petri! (no, thank you Mark Berry for reposting in a clean easy format)

NOTE:  If you need to re-run the Internet connection wizard, it will overwrite most of the above settings, and my mail wasn’t going out. So either don’t run that wizard, or make a note of your Exchange Hub Transport settings first.

Leave a Reply