Windows

Configuring Exchange Server 2016/2019 SMTP Relay

In many organizations, there is a need to configure an SMTP relay on Microsoft Exchange Server to allow devices or applications (such as printers, scanners, or third-party software) to send emails. This guide will walk you through the steps to configure an SMTP relay on Exchange Server 2016/2019 using PowerShell and the Exchange Admin Center (EAC).

Prerequisites

Before proceeding, ensure the following:

  1. You have administrative access to the Exchange Server.
  2. The device or application that needs to relay emails has a static IP address or is part of a trusted IP range.
  3. A valid SSL certificate is installed on the Exchange Server (recommended for secure communication).

Step 1. Create a Receive Connector for SMTP Relay

Using Exchange Admin Center (EAC)

  1. Open the Exchange Admin Center (EAC).
  2. Navigate to Mail Flow > Receive Connectors.
  3. Click the + (Add) button to create a new receive connector.
  4. Provide a name for the connector (e.g., "SMTP Relay Connector").
  5. Set the Role to Frontend Transport and Type to Custom.
  6. Assign the connector to the appropriate server(s).
  7. Configure the Network Adapter Bindings to use the IP address and port (e.g., 0.0.0.0:25).
  8. Under Remote Network Settings, add the IP address or range of the devices/applications that will use the SMTP relay.

Using PowerShell

You can also create the receive connector using PowerShell:

Receive connector using PowerShel

Explanation

  • -Name: Name of the receive connector.
  • -Usage: Set to Custom for SMTP relay.
  • -Bindings: Specifies the IP address and port (e.g., 0.0.0.0:25).
  • -RemoteIPRanges: IP addresses or ranges allowed to relay emails.
  • -Server: The Exchange server where the connector is created.
  • -PermissionGroups: Set to AnonymousUsers to allow relay.

Step 2. Configure Authentication and Permissions

By default, the receive connector will not allow anonymous relay. To enable it:

  1. Open Exchange Management Shell.
  2. Run the following command to grant relay permissions:
    Grant relay Permission

Explanation

  • This command allows anonymous users to relay emails through the connector.

Step 3. Test the SMTP Relay

To ensure the SMTP relay is working, you can test it using a device or application. For example, configure a printer or scanner to use the Exchange Server as the SMTP server with the following settings:

  • SMTP Server: IP address or hostname of the Exchange Server.
  • Port: 25 (or the port configured in the receive connector).
  • Authentication: None (if using anonymous relay).

Alternatively, you can use PowerShell to test the relay:

Test the SMTP Relay

 

Step 4. Secure the SMTP Relay (Optional)

To enhance security, consider the following:

  1. Restrict IP Ranges: Limit the -RemoteIPRanges to only the necessary IP addresses.
  2. Enable TLS: Configure the receive connector to require TLS encryption.
  3. Use Authentication: If possible, configure the device/application to use authenticated SMTP.

Step 5. Monitor and Troubleshoot

If emails are not being relayed, check the following:

  1. Event Viewer: Look for errors related to the SMTP service.
  2. Exchange Logs: Review the protocol logs for the receive connector.
  3. Firewall Rules: Ensure port 25 (or the configured port) is open on the Exchange Server.

Conclusion

Configuring an SMTP relay on Exchange Server 2016/2019 is a straightforward process when using PowerShell or the Exchange Admin Center. By following the steps outlined above, you can ensure that your devices and applications can send emails securely and efficiently.

Up Next
    Ebook Download
    View all
    Learn
    View all
    Membership not found