550 5.7.1 Unable to relay

Sometimes there is the necessity of applications sending unauthenticated e-mails to external users. An example of this might be a Call Logging system such as one used by the Help Desk to log IT service calls for users that accepts e-mails from external addresses (students or workers that haven’t joined the organization yet or are having problems with their e-mail account, for example). In these scenarios, the Call Logging system might be configured to send an automatic reply once a call is logged, but if it only supports unauthenticated SMTP, Exchange will automatically blocked it as this is seen as Relaying.

To overcome this, you should create a new Receive Connector just for the servers hosting that application(s) and allow for anonymous users to use it (from the Permissions Groups tab in the Exchange Management Console). This will grant permissions to the anonymous account but it still doesn’t give you relay permission. If you try to relay using this send connector, you will get the following SMTP error message: 550 5.7.1 Unable to relay

The ACL that controls relay is the ms-Exch-SMTP-Accept-Any-Recipient. To add this ACL to this receive connector, we have to use Exchange Management Shell:

Get-ReceiveConnector "" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Now your application will be able to establish an unauthenticated connection to Exchange and send e-mails to external addresses.

Please, don’t forget to keep Relaying as restricted as possible!

2 thoughts on “550 5.7.1 Unable to relay”

  1. Configuring a Relay Connector in Exchange Server 2013 for an application to send notifications emails

    When i test it using the telnet command it works for for internal users but when i send to gmail it gives the error Unable to relay

    helo mail.mcs.gov.qa
    250 MCS-EXCMAIN-01.mc.gov.in Hello [172.20.200.18]
    mail from: [email protected] 2.1.0 Sender OK
    rcpt to: [email protected] 5.7.1 Unable to relay

    i created a separate receive connector and checked the check box anonymous user and also ran the command but still i get the error unable to relay

    Get-ReceiveConnector “MsWebsite” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

    1. Hi Nazir,

      Adding anonymous permissions and the Accept-Any-Recipient permissions is all you need to do. Have you checked that the permissions were applied correctly? Also, make sure you add the IP where you are sending emails from to that particular receive connector. Have you checked your Message Tracking Logs to see which receive connector is being used? You can also enable logging for that receive connector as well.

      Regards,
      Nuno

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top