Exchange 2016 (Authenticated Mail Relay)

CWT 391 Reputation points
2020-09-09T14:30:04.343+00:00

Good morning,

Just read an article that made me question the answer to the following question, so I wanted to see who else might be able to verify. It's always been my understanding that an authenticated relay (think app or printer that requires username/password for mail relay) can be achieved by the following settings on a receive connector provided the scope is set correctly.

Authentication:
TLS
Basic Authentication
Integrated Windows authenticated

Permission Groups:
Exchange users

The question is does the Exchange users permission group work with an AD account that DOES NOT have a mailbox? The article I came across implied that an Exchange mailbox was required in order to have the ability to allow authenticated mail relay. I always thought as long as it was just an AD account it could be used for authenticated relay provided the Exchange users check box was checked?

In other words to send authenticated relay (username/password) is a mailbox required for the AD account used?

Thanks,

CWT

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
2,898 questions
No comments
{count} votes

Accepted answer
  1. Andy David - MVP 110.1K Reputation points Microsoft MVP
    2020-09-09T17:43:52.083+00:00

    Yes, a mailbox is required if you want to authenticate. Why? So that per mailbox limits ( if any) and any other restrictions ( send as etc..) can be enforced.

    The way around that of course is to send anonymously to port 25.

    This doc is for Exchange Online, but really it applies to on-prem Exchange as well
    https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365

    Note the requirement for a mailbox using authenticated relay

    No comments

1 additional answer

Sort by: Most helpful
  1. CWT 391 Reputation points
    2020-09-09T19:04:23.397+00:00

    Learn something new everyday. Read a Technet article a couple of years back that seemed to indicate the use of the permission group Exchange users covered both mailbox enabled AD accounts as well as standard AD accounts (no mailboxes), so obviously I misread something and have been wrong. Thank you for this.

    Much appreciated Andy!

    CWT

    No comments