Exchange 2019, 2016, 2013 – Allowing a Host/IP to Relay Mail

KB ID 0000891 

Problem

There a a few more hoops to jump through to allow a host to relay though Exchange 2013. For earlier versions of Exchange see the links below.

Allow Relay from an IP With Office 365 (Exchange Online)

Allow Relay from an IP with Exchange 2010

Allow Relay from an IP with Exchange 2007

Allow Relay from an IP with Exchange 2003

Allow Relay from an IP with Exchange 2000

Solution

How to create a ‘Relay’ Receive Connector

 

1. Connect to the Exchange admin center > Mail flow > receive connectors > Add.

2. Give the connector a name (take note of it, you will need it in a minute) > Select ‘Frontend Transport’ > Custom > Next.

3. Accept the default of TCP Port 25 (SMTP) > Next.

4. REMOVE the 0.0.0.0-255.255.255.255 range. (WARNING: If you do not do this you will become an open relay).

5. Add in the IP address of the host (from which you want to allow relaying) > Save.

6. Open the properties of the connector you just created > Security > Under Authentication select ‘Externally Secured (for example with IPSEC) > Under Permission groups, select ‘Exchange servers’ and ‘Anonymous users’ > Save.

7. At this point, you may find that when you test from the host you get the following error;

421 4.4.1 Connection timed out

I would suggest you change some parameters of the receive connector. Execute the following PowerShell command;

[box]

Get-ReceiveConnector -Identity “Relay-Connector-Name” | Set-ReceiveConnector -TarpitInterval 00:00:00 -ConnectionTimeout 00:30:00 -ConnectionInactivityTimeout 00:20:00 -MaxAcknowledgementDelay 00:00:00 -MaxInboundConnection 10000 -MaxInboundConnectionPercentagePerSource 100 -MaxInboundConnectionPerSource unlimited

[/box]

8. Restart the Microsoft Exchange Transport Service on the Exchange server.

[box]Restart-Service MSExchangeTransport[/box]

Exchange 2013 – Test Email Relaying from your ‘Allowed IP’

1. Go to the machine you have allowed relaying from, and attempt to ‘relay’ mail. In the example below I’m attempting to send an email to test@relay.com. In the first example we cannot relay, so something has been misconfigured.

2. However this time we CAN relay so our connector is configured properly.

 

Related Articles, References, Credits, or External Links

NA