Cry Exchange 2010 How To...
How to allow relaying from a specific IP address
In general you should not allow relaying of messages via your exchange server. To do so allows spammers to take advantage of your server to deliver their emails.
So, why might you want to allow a specific IP address to relay via your exchange server? In my case I have a development server and I wanted to allow it to generate and send out emails via my exchange server.
To allow your exchange server to relay from a specific IP address:
- Start Exchange Management Console
- Navigate to:
Microsoft Exchange → Microsoft Exchange On-Premises (server) → Server Configuration → Hub Transport
- You will need to create a new receive connector (do not modify your default receive connector because you do not want to allow others to relay via that): On the right hand side click the option for "New Receive Connector ..." This will start the "New Receive Connector" dialog.
- Give the connector a suitable name. I suggest something like "Relay for ip.address (computer-name)", where "ip.address" is the IP address you want to relay for and "computer-name" the name of the computer. You don't need to use the IP address (or the computer's name) in the name, it is just to make it clearer what the role of the receive connector is.
- Leave the intended use as "Custom", then click [Next >]
- On "Local Network Settings", leave as is and click [Next >]
- On "Remote Network Settings":
- Delete the existing entry for "0.0.0.0-255.255.255.255". If you leave this entry then you will be turning your Exchange server into an open relay. So you MUST delete this entry. (It is fine on your default connector because your default connector requires authentication, but we won't be for this new connector.)
- Add the IP address that you want the server to relay from. (If you are relaying for more than one server then you can add more than one IP address.)
Then click [Next >]
- You should then see a configuration summary. Click [New] and then when it has finished being created click [Finish]
- Using Exchange Management Console, open the properties for your new receive connector ("Relay for ip.address").
- On the "Permission Groups" tab check "Exchange servers" and check "Anonymous users".
- On the "Authentication" tab check "Externally Secured". (You can leave the default of "Transport Layer Security" checked - but I don't think it matters.)
- Click [OK]
That should be it. The specified IP address should now be able to relay (i.e. deliver email) via your Exchange server.
These notes have been tested with Exchange Server 2010, but are believed to apply to Exchange Server 2007 as well.
About the author: Brian Cryer is a dedicated software developer and webmaster. For his day job he develops websites and desktop applications as well as providing IT services. He moonlights as a technical author and consultant.