Allow relaying on Exchange 2007 & Exchange 2010 in 4 easy steps

I have this application/website that needs to send emails, I have it configured to use our exchange server as SMTP. It can send emails to internal users however external ones are failing with a "550 5.7.1 Unable to relay" error

I have been answering this question, under different forms, so often on Experts Exchange lately that I have it copied on a notepad and end up by pasting it again every now and then.

First a mail server should be configure to unconditionally (not talking about spam/viruses here) accept emails sent to users in the smtp domains it serves. However it should be careful about who gets to send emails to other smtp domains using its services, that's what is called relaying.

This should explain why, in the above scenario, emails sent to internal users are received but not to external one. So for your application to be able to send external emails you should allow it (or its IP address) to relay emails through your exchange server and here is how to do it in Exchange 2007 and Exchange 2010.

1. Add another internal IP to your exchange server, say 1.1.1.1
2. Create a new receive connector listening only to the newly added IP address & allow only the application IP to connect to it by running

   New-ReceiveConnector -Name AllowRelay -usage Custom -Bindings '1.1.1.1:25' -fqdn server.domain.com -RemoteIPRanges WebServerIpAddress -server MYEXCHANGESERVER -permissiongroups AnonymousUsers

3. Allow relaying on the just created connector by running

   Get-ReceiveConnector AllowRelay | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

4. Configure your webserver to use the new ip 1.1.1.1 as SMTP

N.B.:Make sure to change the 1.1.1.1 by the additional IP you added to your exchange server, WebServerIpAddress with the IP of your Webserver/application, MYEXCHANGESERVER by the name of your exchange 2007/2010 and server.domain.com by the FQDN of your exchange server.

For your convenience I have created a slide out of this post...

About Antoine Khater

I have been working in IT consultancy and solution integration since 1998 and I consider myself lucky to be, one in a few, making a living out of my passion. I am also member of the famous Experts Exchange (profile here) online community where I try my best to share what I have learned along the road.