locked
Outbound relay failing RRS feed

  • Question

  • I have a sql app trying to use Exchange 2016 server for mail relay.  I created the receive connector but when I run either of the commands I get these errors:

    "get-receiveconnector "server\receiveconnector" | Add-Adpermission -user 'NT Authority\anonymoususers' -extendedrights ms-exch-smtp-accept-any-receipient"

    Error: User or Group "NT Authority\anonymousUsers" wasn't found

    Then I tried this command:

    Set-receiveconnector "server\receiveconnector" -permissiongroups anonymoususers

    Error: You must the value for the PermissionsGroups parameter to ExchangeServers when you set the AuthMechanism parameter to a value of ExternalAuthoritative.

    But I already did set the permissiongroups to ExchangeServers before running the above command.

    Any idea on how I can get the the outbound relay working?


    ms

    Saturday, September 1, 2018 3:16 AM

All replies

  • Follow below steps to setup email relay in Exchange 2016 without authentication:

    1. In the Exchange Admin Center navigate to mail flow and then receive connectors. Select the server that you want to create the new receive connector on, and click the “+” button to start the wizard.

    - Give the new connector a name. Set the Role to “Frontend Transport”, and the Type to “Custom”.

    - The default Network adapter bindings are fine. 

    - Remove the default IP range from the Remote network settings, and then add in the IP address of SQL Application server to allow anonymous SMTP relay from.

    - Click Finish to complete the wizard.

    2. Open the new connector, under the security tab - select only "Externally secured (For example IPSec)" and "Exchange Servers"

    Done. To test, use telnet commands to send a test mail from the SQL App Server.

    Hope this helps.


    ee

    • Proposed as answer by Nelson Thomas Sunday, September 2, 2018 1:07 PM
    Saturday, September 1, 2018 5:10 AM
  • Hi,

    I thinks an incorrect command parameter is the issue, there is not a user called "anonymoususers", it should be "ANONYMOUS LOGON".

    The general steps to create a relay receive connector are as follows:

    1. Create a dedicated Receive connector for anonymous relay.

    New-ReceiveConnector -Name <ConnectorName> -TransportRole FrontendTransport -Custom -Bindings <LocalIPAddresses>:25 -RemoteIpRanges <RemoteIPAddresses>


    2. Configure the permissions for anonymous relay on the dedicated Receive connector, one option is to configure the connections as anonymous.

    Set-ReceiveConnector <ConnectorName> -PermissionGroups AnonymousUsers
    Get-ReceiveConnector <ConnectorName> | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

    For more details, see Allow anonymous relay on Exchange servers.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, September 3, 2018 7:19 AM
  • I tried this and I'm still getting the same error.

    ms

    Tuesday, September 4, 2018 12:50 PM
  • The first command failed for me with error message: "You must set the value for the PermissionGroups to parameter to ExchangeServers when you set the Authmechanism parameter to a value of ExternalAuthoritative."

    But I already have the permission group set to ExchangeServers.  The second worked but I'm still seeing the same error.

    

    ms

    Tuesday, September 4, 2018 12:54 PM
  • The first command failed for me with error message: "You must set the value for the PermissionGroups to parameter to ExchangeServers when you set the Authmechanism parameter to a value of ExternalAuthoritative."

    But I already have the permission group set to ExchangeServers.  The second worked but I'm still seeing the same error.

    

    ms

    We should set the permission group to AnonymousUsers rather than ExchangeServers if we configure the connections as anonymous.    

    Regards, 

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, September 4, 2018 1:06 PM
  • It does not allow me to set Externally Secured without having the ExchangeServers selected. Then I tried deselecting both of them but same error.

    ms

    Tuesday, September 4, 2018 1:19 PM
  • It does not allow me to set Externally Secured without having the ExchangeServers selected. Then I tried deselecting both of them but same error.

    ms

    Oh, dear...

    Uncheck Externally Secured and ExchangeServers, and check AnonymousUsers.

    Then run the command below:

    Get-ReceiveConnector <ConnectorName> | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"


    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, September 4, 2018 1:27 PM
  • Yes that's what I tried as well and same error: "You must set the value for the PermissionGroups to parameter to ExchangeServers when you set the Authmechanism parameter to a value of ExternalAuthoritative."

    ms

    Tuesday, September 4, 2018 1:38 PM
  • Did you tried:

    1. choose only "Externally secured (For example IPSec)" and "Exchange Servers" in connector properties > Security

    2. add SQL server ip in Scoping.




    Tuesday, September 4, 2018 1:51 PM
  • Yes I did to both 1 and 2. 

    ms

    Tuesday, September 4, 2018 1:56 PM
  • Can you add some screenshots of current configuration?



    Tuesday, September 4, 2018 1:58 PM