Exchange 2019, 2016, 2013 – Allowing a Host/IP to Relay Mail

KB ID 0000891 

Problem

There a a few more hoops to jump through to allow a host to relay though Exchange 2013. For earlier versions of Exchange see the links below.

Allow Relay from an IP With Office 365 (Exchange Online)

Allow Relay from an IP with Exchange 2010

Allow Relay from an IP with Exchange 2007

Allow Relay from an IP with Exchange 2003

Allow Relay from an IP with Exchange 2000

Solution

How to create a ‘Relay’ Receive Connector

 

1. Connect to the Exchange admin center > Mail flow > receive connectors > Add.

Exchange Admin Center

2. Give the connector a name (take note of it, you will need it in a minute) > Select ‘Frontend Transport’ > Custom > Next.

Relay connector

3. Accept the default of TCP Port 25 (SMTP) > Next.

receive connector port number

4. REMOVE the 0.0.0.0-255.255.255.255 range. (WARNING: If you do not do this you will become an open relay).

Relay Subnet

5. Add in the IP address of the host (from which you want to allow relaying) > Save.

Allow Relaying for one Host

6. Open the properties of the connector you just created > Security > Under Authentication select ‘Externally Secured (for example with IPSEC) > Under Permission groups, select ‘Exchange servers’ and ‘Anonymous users’ > Save.

Relay Permissions 2013

7. At this point, you may find that when you test from the host you get the following error;

421 4.4.1 Connection timed out

I would suggest you change some parameters of the receive connector. Execute the following PowerShell command;

Get-ReceiveConnector -Identity “Relay-Connector-Name” | Set-ReceiveConnector -TarpitInterval 00:00:00 -ConnectionTimeout 00:30:00 -ConnectionInactivityTimeout 00:20:00 -MaxAcknowledgementDelay 00:00:00 -MaxInboundConnection 10000 -MaxInboundConnectionPercentagePerSource 100 -MaxInboundConnectionPerSource unlimited

2013 Change Connector Timeout

8. Restart the Microsoft Exchange Transport Service on the Exchange server.

Restart-Service MSExchangeTransport

Powershell Restart Transport service

Exchange 2013 – Test Email Relaying from your ‘Allowed IP’

1. Go to the machine you have allowed relaying from, and attempt to ‘relay’ mail. In the example below I’m attempting to send an email to test@relay.com. In the first example we cannot relay, so something has been misconfigured.

Exchange 2013 Relaying Blocked

2. However this time we CAN relay so our connector is configured properly.

Exchange 2013 Relaying Allowed

 

Related Articles, References, Credits, or External Links

NA

Author: Migrated

Share This Post On