Allow anonymous forwarding on Exchange Server Relay

An open relay is a very bad thing for messaging servers on the Internet.

SMTP relays that have been accidentally or intentionally configured as open relays allow you to transparently route e-mail from any source through the open relay server.

This behavior masks the original source of the messages and makes them look as if the email originated from the open relay server.

Open relay servers are eagerly searched and used by spammers.

550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain

On the other hand, anonymous relay is a common requirement for many organizations that have internal Web servers, database servers. Monitoring equipment, or other network devices that generate e-mail messages but cannot actually send and deliver those messages.

Exchange 2019 Set up SMTP external relay in the Powershell

Exchange Servers can use a FrontEndTransport service on a Mailbox server to provide a dedicated receive connector that allows anonymous forwarding from a specific list of internal network hosts.

To do this, run the following command in the Exchange management shell for the appropriate dedicated receive connector:

PS C:> Set-ReceiveConnector "EXCH19-Frontend Anonymous Relay" -AuthMechanism ExternalAuthoritative -PermissionGroups ExchangeServers

In this example, the Exchange 2019 Server EXCH19 with the Frontend Anonymous Relay as the Receive Connector.

Check that the anonymous Exchange SMTP relay is successfully configured with the following command:

PS C:> Get-ReceiveConnector "EXCH19-Frontend Anonymous Relay" | Format-List Enabled,TransportRole,Bindings,RemoteIPRanges