Before you go ahead and start making changes to your relay configuration \u2013 have a good think about if it\u2019s definitely required, and how you can keep it to a minimal set of IPs. If you end up allowing relay from all IP addresses you\u2019ll quickly find that your server is sending out spam to most of the world!<\/p>\n
To start with, in the image below, we can see a connection being made from 192.168.101.62 to our Exchange server. Once we specify that we\u2019re sending to an address outside of our Exchange organization, we receive the error 5.7.1 \u201cUnable to relay\u201d. You may also see them same error code with a user unauthenticated message.<\/p>\n
![\"Error](\"https:\/\/4sysops.com\/wp-content\/uploads\/2013\/04\/Error-5.7.1-Unable-to-relay_thumb.png\" "\\"Error")
<\/p>\n
Error 5.7.1 Unable to relay<\/em><\/p>\n This basically means that mail coming from our IP will not currently be relayed by the Exchange server. To fix this we will create a receive connector that will listen out for traffic coming from our trusted IP and allow anonymous relay. Other traffic should still arrive on the pre-existing receive connectors and remain subject to your original relay rules.<\/p>\n We can create the new receive connector by opening the Exchange Management Console, then navigating to: EMC > Server Configuration > Hub Transport<\/b><\/p>\n Select the Hub Transport Server from the top section, then click \u2018New receive connector\u2019 from the actions pane on right to start the wizard.<\/p>\n Name your new receive connector something obvious \u2013 I choose \u201cRelay: Printers\u201d (It\u2019s then easy and obvious where to add more printer IP\u2019s at a later date if required). For the type select custom, and enter the FQDN of your server, then adjust the IP bindings if required. The new receive connector will listen on all IPs, on port 25 by default.<\/p>\n The next screen is very important! By default the wizard will try and create a connector that is listening out for ALL IP addresses, we certainly don\u2019t want to give relay access to all, so remove the default remote network, and then add just the IP address that we want to grant relay access to. So in my case I\u2019m going to add 192.168.101.62.<\/p>\n New Receive Connector<\/em><\/p>\n Once you\u2019ve finished the wizard, you should see your new receive connector in the bottom section of the management console. We now need to change a couple of settings to tell it to permit anonymous relay:<\/p>\n Right click the new receive connector, and select properties. From the permissions groups tab, tick \u201cAnonymous\u201d and \u201cExchange Server\u201d. From the authentication tab, select the \u201cExternally Secured\u201d checkbox, before clicking OK to save your changes.<\/p>\n We should now try another test email to confirm that our changes worked.<\/p>\n 2.1.5 Recipient OK<\/em><\/p>\n As we can see from the above SMTP conversation, we\u2019re now getting a \u2018Recipient OK\u2019 message when we try and relay, so our changes have worked.<\/p>\n Once you\u2019ve finished, it\u2019s probably a good idea to test from some other IP addresses to double check you haven\u2019t accidentally opened up relay access for more than you intended!<\/p>\n","protected":false},"excerpt":{"rendered":" In general, we always try and keep our mail servers as secure as possible, and only allow relaying to trusted\/authenticated users. This is in order to avoid our servers being used for spamming and subsequently blacklisted, which can cause delivery issues and headaches if it happens. However, there are occasional scenarios, where we may need […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,22],"tags":[],"class_list":["post-1736","post","type-post","status-publish","format-standard","hentry","category-exchange-2007","category-exchange-2010"],"_links":{"self":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/1736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1736"}],"version-history":[{"count":2,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/1736\/revisions"}],"predecessor-version":[{"id":1738,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/1736\/revisions\/1738"}],"wp:attachment":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"New-Recieve-Connector\"](\"https:\/\/4sysops.com\/wp-content\/uploads\/2013\/04\/New-Recieve-Connector_thumb.png\" "\\"New-Recieve-Connector\\"")
<\/p>\n![\"2.1.5](\"https:\/\/4sysops.com\/wp-content\/uploads\/2013\/04\/2.1.5-Recipient-OK_thumb.png\" "\\"2.1.5")
<\/p>\n