skip to Main Content

Configure anonymous SMTP relay in Exchange Server

Most of the time, you get asked if it’s possible to send an email to external recipients from an application or server in the organization. Well, it is possible if we configure a dedicated anonymous SMTP relay Exchange receive connector. Now how do we set it up? In this article, we will create an anonymous Exchange SMTP relay connector.

Internal SMTP relay

To relay email internal, you don’t have to configure an SMTP receive connector. It’s already set up with the default Exchange Server configuration. Let’s say you have an application and you want to send an email to internal mailboxes. You set up a email address, and it will send the email successfully to the internal mailbox users.

Create new receive connector

We have to create a dedicated receive connector for SMTP relay in Exchange Server. We can create the receive connector in:

  • Exchange Admin Center
  • Exchange Management Shell (PowerShell)

Create the same receive connector on all Exchange Servers.

Create receive connector in Exchange Admin Center

Sign in to Exchange Admin Center. Click in the feature pane on mail flow and follow with receive connectors in the tabs. Select the Exchange Server if you have multiple Exchange Servers. Click on + in the toolbar to create a new receive connector.

Configure anonymous SMTP relay in Exchange Server add receive connector

Fill in a name for the receive connector. For example, SMTP relay. Select the role Frontend Transport and type Custom. Click Next.

Configure anonymous SMTP relay in Exchange Server new receive connector step 1

Keep the network adapter bindings as default and click Next.

Configure anonymous SMTP relay in Exchange Server new receive connector step 2

Add the server or servers that will make use of the SMTP relay in the Remote network settings. You can make use of IP addresses and IP ranges. In our example, IP address is an application server that sends emails to internal and external recipients. Click Finish.

Remove the default IP range

Do not add any Exchange Servers in the SMTP relay receive connector. It will cause issues with communication between Exchange Servers, and mail flow will not work correctly. Read more in the article Exchange 2016 internal mail flow not working.

The SMTP relay receive connector is successfully created.

Configure anonymous SMTP relay in Exchange Server smtp relay receive connector created

Create receive connector with PowerShell

Do you want to create an SMTP relay receive connector with PowerShell? Run Exchange Management Shell as administrator. Make use of the New-ReceiveConnector cmdlet.

[PS] C:\>New-ReceiveConnector -Server "EX01-2016" -Name "SMTP relay" -TransportRole FrontendTransport -Custom -Bindings -RemoteIpRanges

Identity             Bindings     Enabled
--------             --------     -------
EX01-2016\SMTP relay {} True

Configure connection as anonymous

Run both the commands to grant the minimum required permissions to allow anonymous relay.

[PS] C:\>Set-ReceiveConnector "EX01-2016\SMTP relay" -PermissionGroups AnonymousUsers

[PS] C:\>Get-ReceiveConnector "EX01-2016\SMTP relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Identity             User                 Deny  Inherited
--------             ----                 ----  ---------
EX01-2016\SMTP relay NT AUTHORITY\ANON... False False

Create SMTP relay DNS record

In the internal DNS, create an A record and point it to the load balancer or the Exchange Server(s). In my example, the load balancer.

Point internal devices or applications to a DNS record instead of an IP address. It’s quicker to change one entry in DNS than it is to change an IP on every single device and application.

Ping the FQDN, and it needs to resolve to the IP address. If it doesn’t, run ipconfig /flushdns and try again. If that doesn’t work, give it some time or troubleshoot further.


Pinging [] with 32 bytes of data:
Reply from bytes=32 time<1ms TTL=64
Reply from bytes=32 time<1ms TTL=64
Reply from bytes=32 time<1ms TTL=64
Reply from bytes=32 time<1ms TTL=64

Ping statistics for
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

In the next article, we will test the Exchange Server anonymous SMTP relay.

Other articles that you may be interested in:


In this article, you learned how to configure anonymous SMTP relay in Exchange Server. Create a dedicated receive connector and add the IP addresses or IP ranges that need to relay through the Exchange Server.

Did you enjoy this article? You may also like Send Out of Office reply every day with PowerShell. Don’t forget to follow us and share this article.



ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *