Allowing Application Servers To Send Emails Through Exchange 2007…

In any messaging environment, whether it is 2003 or 2007, you will have applications like sharepoint, crm, thrid party apps which needs to send emails to your employees or even to the outside world. These applications can’t send an email as they can’t login to a mailbox and send as an authenticated user. In this scenario, we need to tell exchange to relay the emails that comes from these application servers.

In Exchange 2003, we did this by specifying the internal ip addresses of the application servers in the relay section of the properties of the SMTP Virtual Server.

What if you have a 2007 environment? Things are really different. We need to create a receive connector to allow the application servers ip address to be allowed to relay through exchange 2007. There are two ways in which this can be one, one which is easy to implement but gives more than required permissions and the second, which gives the right permissions but need to run shell commands. Both methods need to have a receive connector in place.

So, let’s create the receive connector. Launch EMC. Go to Server Configuration -> Hub Transport -> New Receive Connector. Give it a proper name like SharePoint Application in my case and click Next.

Give the connector an fqdn like mail.mydomain.com and click Next.

Click on Edit and specify the ip address or range of ips of your sharepoint server.

Click New and Finish to create the connector.

Solution One is to select Exchange Servers in the permissions tab of the properties of the connector and Externally Secured in the authentication tab.

What this means is that we are telling exchange server that we trust these servers. This gives the sharepoint server enough and more permissions to relay through exchange such as bypass antispam, message size limits etc.

Solution Two is to select Anonymous Users in the permissions tab of the properties of the connector and then run the following command to give the connector just enough permission to relay through, without bypassing the internal security.

Get-ReceiveConnector “SharePoint Server” | AddADPermission -User “NT AuthorityAnonymous Logon” –ExtendedRights “ms-exch-smtp-accept-any-recipient”

After creating the connector, if things doesn’t work straightaway, restart the Exchange Transport Service.

For more info, check MSTeamBlog

What if you have load balanced hub servers?

Instead of specifying “all available ip addresses” in the local network settings, Click Edit and put the NLB Cluster IP address. Once this is done, your application servers will be able to relay messages even if one of the hub servers is offline. you will have to edit the Default Connector to use the server’s own ip address, before you make the change on the Application Connector.