Allowing internal services to relay through exchange

We all get those requests where there is a certain service that requires to send mails by using your company email server. Whilst an open relay is generally a way to get your domain blacklisted forever, allowing an internal relay is usually a necessity. By default Exchange is setup to deny relaying from any IP address, including your internal network. In this section I will show you how to allow relaying from your internal network.

Exchange 2003:

1. Open the Exchange system manager

2. Expand the organization object, servers, server name and then expand the protocols node

3. Expand the SMTP node and right click the virtual SMTP server on which you want to allow relaying and click properties

4. Click relay

5. In the relay restriction dialog box you will see that the default is the “Only the list below”.

6. Click add and enter the IP address of the service you want to allow to relay

7. Click OK, Apply and OK

Your Exchange server will now allow that IP address to relay.

Exchange 2007/2010:

1. Open the Exchange management console.

2. Expand the server configuration, down to the Hub transport.

3. Select the hub transport you want to configure for relaying.

4. From the actions pane, select “new receive connector”.

5. Name the SMTP connector in the new dialog that pops up (I recommend “Allow Relay” for simplicity sake) and select Custom as the intended use for this receive connector.

6. Choose next.

7. On the local network settings page click the add button and click on the add button.

8. You can specify an IP address of your server here, leave the port on its default.

9. On the remote network settings window click add to add in the IP address of the service you want to grant relaying rights.

10. Click next, New and the connector will be created.

11. Right click the new connector and choose properties.

12. Go to the permissions tab and check the “exchange servers” box.

13. On the authentication tab check the externally secured box.

14. Choose OK.

That is it and you should not be able to relay through the Exchange 2007/2010 server.

Technorati Tags: ,,,,,,,,,,,,,


No comments posted yet.