Allow Network Applications to Relay Email using Recieve Connectors

In this article I'm going to show you how to setup your exchange 2007 server to relay email for network applications. I will show you the steps you need to do this, but I really want you to understand the process behind Exchange 2007 recieve connectors. I found this great article by Anderson Patricio from msexchange.org community that is in four parts that is well worth reading, here are the parts:

Part 1
Part 2
Part 3
Part 4

Now for the steps to allow a network application to relay while keeping your exchange server locked down.

Create a new recieve connector

Open exchange management console, under server configuration, hub transport click create a new recieve connector. Choose custom and provide the recieve connector with a name unique to identify it.



Configure the Local Network Settings

These settings specify what network adapters or IP's the recieve connector is to listen on as well as its FQDN to be used by the recieve connector.



Remote Network Settings

The remote network settings are the IP address, or addrsses that the network application is sending the mail from. This can be an IP range if you wish.



Create the New Connector

Hit new to create the new connector.



Set the Authentication

Next, continue to the authentication mechanisms page and add the "Externally secured" mechanism. What this means is that you have complete trust that the previously designated IP addresses will be trusted by your organization.



Set the Permissions

Set it up so only Exchange Servers have ACL permissions to read this recieve connector. These permissions are stored on the object container in the AD schema and are viewable by using ADSI Edit or powershell. Refer to the msexchange articles above for more information.