Sometimes there is the necessity of applications sending unauthenticated e-mails to external users. An example of this might be a Call Logging system such as one used by the Help Desk to log IT service calls for users that accepts e-mails from external addresses (students or workers that haven’t joined the organization yet or are having problems with their e-mail account, for example). In these scenarios, the Call Logging system might be configured to send an automatic reply once a call is logged, but if it only supports unauthenticated SMTP, Exchange will automatically blocked it as this is seen as Relaying.
To overcome this, you should create a new Receive Connector just for the servers hosting that application(s) and allow for anonymous users to use it (from the Permissions Groups tab in the Exchange Management Console). This will grant permissions to the anonymous account but it still doesn’t give you relay permission. If you try to relay using this send connector, you will get the following SMTP error message: 550 5.7.1 Unable to relay
The ACL that controls relay is the ms-Exch-SMTP-Accept-Any-Recipient. To add this ACL to this receive connector, we have to use Exchange Management Shell:
Get-ReceiveConnector "" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
Now your application will be able to establish an unauthenticated connection to Exchange and send e-mails to external addresses.
Please, don’t forget to keep Relaying as restricted as possible!