This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Good morning,
Just read an article that made me question the answer to the following question, so I wanted to see who else might be able to verify. It's always been my understanding that an authenticated relay (think app or printer that requires username/password for mail relay) can be achieved by the following settings on a receive connector provided the scope is set correctly.
Authentication:
TLS
Basic Authentication
Integrated Windows authenticated
Permission Groups:
Exchange users
The question is does the Exchange users permission group work with an AD account that DOES NOT have a mailbox? The article I came across implied that an Exchange mailbox was required in order to have the ability to allow authenticated mail relay. I always thought as long as it was just an AD account it could be used for authenticated relay provided the Exchange users check box was checked?
In other words to send authenticated relay (username/password) is a mailbox required for the AD account used?
Thanks,
CWT
Yes, a mailbox is required if you want to authenticate. Why? So that per mailbox limits ( if any) and any other restrictions ( send as etc..) can be enforced.
The way around that of course is to send anonymously to port 25.
This doc is for Exchange Online, but really it applies to on-prem Exchange as well
https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365
Note the requirement for a mailbox using authenticated relay
Learn something new everyday. Read a Technet article a couple of years back that seemed to indicate the use of the permission group Exchange users covered both mailbox enabled AD accounts as well as standard AD accounts (no mailboxes), so obviously I misread something and have been wrong. Thank you for this.
Much appreciated Andy!
CWT