Allowing application servers to relay on Exchange 2007 Hub Transport servers
I finally decided to switch off my Exchange 2003 Servers which handled relay requests from application servers. The Exchange Server 2007 hub transport servers would be entrusted with this task. I modified the DNS record so that all SMTP relaying will be directed to my Hub transport server.
However, once I did this, I found that most of my application servers could not relay messages that were destined for recipients outside the organization. A closer examination revealed that the hub transport servers were closing connections by returning a "550 5.7.1 Unable to Relay" error message.
Here’s what I did to workaround the problem.
I created a new SMTP Connector with the following properties:
The important bit is where you specify the remote servers that should be allowed to send mail via this connector. Although it’s tempting to add all IP addresses, make sure you add only your application server IP addresses here. Otherwise you’re gonna have a major email security problem!
In the authentication options, enable only TLS and Externally Secured. This is a method of re-assuring Exchange that email sent is externally secured and its okay to take it easy and accept email and that you totally trust these IP addresses.
Under Permission Groups, make sure you select Exchange Servers and Anonymous.
And you’re all set. The IP addresses that you specified on this connector will use this receive connector to relay messages internally and outside your organization.
Shijaz Abdulla is a Partner Technology Advisor at Microsoft, helping their top tier partners build on their Microsoft practice. He is also a trusted advisor to medium enterprise customers in Qatar. He is a blogger, tech enthusiast, and a Microsoft evangelist.