7,920 questions
As far as I know, that is not set when Hybrid Wizard is run. That is set when this is run.
Sure it wasnt set accidently by an admin?
I would remove that permission and test.
How does anonymous sending work?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 60%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Андрей Михалевский
3,451
Reputation points
Hello. We have an Edge server.
I found that anonymous sending works through it:
[PS] C:\Windows\system32>Get-ReceiveConnector | fl *
AuthMechanism : Tls, ExchangeServer
Banner : 220 rl-edge.resoleasing.com
BinaryMimeEnabled : True
Bindings : {0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
SmtpUtf8Enabled : True
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : True
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
ProxyEnabled : False
AdvertiseClientSettings : False
Fqdn : resoleasing.com
ServiceDiscoveryFqdn :
TlsCertificateName :
Comment :
Enabled : True
ConnectionTimeout : 00:05:00
ConnectionInactivityTimeout : 00:01:00
MessageRateLimit : 600
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 256 KB (262,144 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 36 MB (37,748,736 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, ExchangeServers, Partners
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {mail.protection.outlook.com:AcceptOorgProtocol}
Server : dattum-edge-01
TransportRole : HubTransport
RejectReservedTopLevelRecipientDomains : False
RejectReservedSecondLevelRecipientDomains : False
RejectSingleLabelRecipientDomains : False
AcceptConsumerMail : False
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AuthTarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default internal receive connector DATTUM-EDGE-01
DistinguishedName : CN=Default internal receive connector DATTUM-EDGE-01,CN=SMTP Receive Connec
tors,CN=Protocols,CN=dattum-edge-01,CN=Servers,CN=Exchange Administrative G
roup (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Mi
crosoft Exchange,CN=Services,CN=Configuration,CN={77FDE148-6448-474F-96D0-0
4B0B936D54F}
Identity : dattum-edge-01\Default internal receive connector DATTUM-EDGE-01
Guid : 25f17bc1-9cdd-4e9b-827c-ec8418752139
ObjectCategory : CN=ms-Exch-Smtp-Receive-Connector,CN=Schema,CN=Configuration,CN={77FDE148-6
448-474F-96D0-04B0B936D54F}
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 28.12.2021 19:44:20
WhenCreated : 27.12.2021 10:52:58
WhenChangedUTC : 28.12.2021 16:44:20
WhenCreatedUTC : 27.12.2021 7:52:58
OrganizationId :
Id : dattum-edge-01\Default internal receive connector DATTUM-EDGE-01
OriginatingServer : localhost
IsValid : True
ObjectState : Unchanged
For the high availability group, we added a second server and anonymous sending doesn't work there:
[PS] C:\Windows\system32>Get-ReceiveConnector | fl *
AuthMechanism : Tls, ExchangeServer
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
SmtpUtf8Enabled : True
BareLinefeedRejectionEnabled : False
DomainSecureEnabled : True
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
ProxyEnabled : False
AdvertiseClientSettings : False
Fqdn : dattum-edge-02.resoleasing.com
ServiceDiscoveryFqdn :
TlsCertificateName :
Comment :
Enabled : True
ConnectionTimeout : 00:05:00
ConnectionInactivityTimeout : 00:01:00
MessageRateLimit : 600
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 256 KB (262,144 bytes)
MaxHopCount : 60
MaxLocalHopCount : 12
MaxLogonFailures : 3
MaxMessageSize : 36 MB (37,748,736 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers, ExchangeServers, Partners
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
ExtendedProtectionPolicy : None
LiveCredentialEnabled : False
TlsDomainCapabilities : {}
Server : dattum-edge-02
TransportRole : HubTransport
RejectReservedTopLevelRecipientDomains : False
RejectReservedSecondLevelRecipientDomains : False
RejectSingleLabelRecipientDomains : False
AcceptConsumerMail : False
SizeEnabled : Enabled
TarpitInterval : 00:00:05
AuthTarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default internal receive connector DATTUM-EDGE-02
DistinguishedName : CN=Default internal receive connector DATTUM-EDGE-02,CN=SMTP Receive Connec
tors,CN=Protocols,CN=dattum-edge-02,CN=Servers,CN=Exchange Administrative G
roup (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Mi
crosoft Exchange,CN=Services,CN=Configuration,CN={37AC5A4B-1527-4FFC-B15B-9
9E41FDD2611}
Identity : dattum-edge-02\Default internal receive connector DATTUM-EDGE-02
Guid : 08265dc0-eed9-4636-ae56-afd320b6fe1a
ObjectCategory : CN=ms-Exch-Smtp-Receive-Connector,CN=Schema,CN=Configuration,CN={37AC5A4B-1
527-4FFC-B15B-99E41FDD2611}
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 11.01.2022 11:51:48
WhenCreated : 11.01.2022 11:51:48
WhenChangedUTC : 11.01.2022 8:51:48
WhenCreatedUTC : 11.01.2022 8:51:48
OrganizationId :
Id : dattum-edge-02\Default internal receive connector DATTUM-EDGE-02
OriginatingServer : localhost
IsValid : True
ObjectState : Unchanged
The only difference is that a hybrid configuration is set up through the first server. It allows for anonymous sending ? Is this normal ?
Exchange Exchange Server Management
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Joyce Shen - MSFT 16,701 Reputation points2022-01-17T09:10:25.223+00:00 Does the reply below help? Do you have any other concern about your question?
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Sign in to comment
Accepted answer
-
Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator2022-01-11T17:35:39.08+00:00
1 additional answer
Sort by: Most helpful
-
Андрей Михалевский 3,451 Reputation points
2022-01-17T11:04:34.53+00:00 Hi.
DATTUM-EDGE-01:
[PS] C:\Windows\system32>Get-ReceiveConnector | Get-ADPermission | Format-Table User,ExtendedRights
User ExtendedRights
NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Accept-Authoritative-Domain-Sender}
NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Submit}
NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Accept-Any-Sender}
NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-Accept-Headers-Routing}
MS Exchange\Partner Servers {ms-Exch-Accept-Headers-Routing}
MS Exchange\Partner Servers {ms-Exch-SMTP-Submit}DATTUM-EDGE-02:
[PS] C:\Windows\system32>Get-ReceiveConnector | Get-ADPermission | Format-Table User,ExtendedRights
User ExtendedRights
NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Accept-Authoritative-Domain-Sender}
NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Submit}
NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Accept-Any-Sender}
NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-Accept-Headers-Routing}
MS Exchange\Partner Servers {ms-Exch-Accept-Headers-Routing}
MS Exchange\Partner Servers {ms-Exch-SMTP-Submit}On the second server, anonymous sending does not work. How is it possible ? The settings are the same.
-
Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator
2022-01-17T13:15:48.677+00:00 Is that your internal domain?
resoleasing.comIf so, then its not a relay issue, its not seeing it as an accepted domain on Edge-02
-
Андрей Михалевский 3,451 Reputation points
2022-01-17T14:50:06.06+00:00 Yes, this is my domain. I don't understand you. This is the second server I want to implement. I haven't done a subscription yet. Is that what this is about?
-
Андрей Михалевский 3,451 Reputation points
2022-01-17T14:52:02.023+00:00 My mistake. Thanks for your help !
Sign in to comment -