Exchange 2016 Authenticated Relay

David W 1 Reputation point
2020-10-14T09:52:06.467+00:00

I am using an old Exchange 2016 Server as an internal SMTP relay for things on-prem that don't play well with O365.
I am trying to configure a connector so that it requires authentication but acts like an anonymous relay.

Example, upon connecting from anywhere, you do the usual SMTP auth but at the point where you enter the from email address you can put anything.

At the moment it requires the from address to be the one that is listed on the authenticated users AD account.

I have already tried adding the ms-Exch-SMTP-Accept-Any-Sender permission manually to the connector but still no joy.

Can anyone suggest anything?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,209 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Andy David - MVP 138K Reputation points MVP
    2020-10-14T11:44:49.227+00:00

    You can't have an anonymous relay and require auth on the same connector. Those are two opposing concepts.


  2. Andy David - MVP 138K Reputation points MVP
    2020-10-14T13:00:21.597+00:00

    If you could focus on the sender or message header ( The app may generate a message ID or something similar that has the same partial data in each message),
    then you could create a transport rule and allow anonymous relay - Dropping messages from that Citrix Farm Sever IPs unless it matches those patterns
    Example

    32336-image.png

    or

    32160-image.png

    0 comments No comments

  3. Lucas Liu-MSFT 6,156 Reputation points
    2020-10-15T06:06:14.987+00:00

    Hi @David W ,
    I agree with what Andy said.
    You could follow what Andy said above to restrict senders by creating a transport rule. Mail sent by users other than the specified sender will be deleted. Regarding the restriction by message id, according to my test, usually the message id of the mail is a string of random GUID plus the format of @yourdomain.com. If you choose to use this method for restriction, please send a test mail in advance and check the message header. Screenshot below is how to create a transport rule to restriction by message id. Please pay attention to the "-" in the format of message id.
    32562-1111.png

    ----------

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.