Why can’t Cerberus send email to external users when configured to use Exchange as an SMTP Server (How to anonymously Relay in Exchange Server)?

If you are having issue sending email outside of your email domain, your Exchange server may not be setup to relay email. There are some simple steps outlined below that you can follow to add a connector that can relay email outside of your organization:

1. Create a new Receive Connector, name it whatever you want (we use the name TEST in the example below), and then select “Custom” for the intended use for the receive connector.
2. On the Local Network settings, leave it as is. It will listen on all local IP’s on port 25.
3. On the Remote Network Settings, clear 0.0.0.0-255.255.255.255, and then add the IP Address of the remote server that requires relaying permissions.
4. Once the new Custom Receive Connector is created, go into the properties of this connector, go to the Permission Groups Tab and Add “Anonymous Users”.

Issue the following cmdlet to allow anonymous users to relay via this connector :
Get-ReceiveConnector “TEST” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

This command retrieves the receive connector that you created, adds a permission into Active Directory for the Anonymous Logon group, and assigns that group the Ms-Exch-SMTP-Accept-Any-Recipient permission for that group on that connector.

Why should you create this new connector? Exchange will always look to see how specific you are on a connector. For example, if you have a SharePoint Server at 192.168.10.125. We would create a relay connector and allow ONLY 192.168.10.125 to relay. When Exchange receives SMTP from an address of 192.168.10.125, it will see there are a few connectors. One being the Default Receive Connector and one being the Relay Connector.

The Default Receive Connector allows connections from any IP Address while the Relay Connector only allows connections from 192.168.10.125. Because you explicitly set the address on your Relay Connector, that is given higher preference in serving that SMTP connection from SharePoint, and your SharePoint Server will now be able to relay off of Exchange.