Configuring Anonymous Access to Exchange

By default, Exchange installs a “default” SMTP module that listens on port 25. The instructions below describe how to create additional modules that meet the specific needs of Mail Express. However, it is not necessary to create multiple modules. A single module can be configured to meet multiple requirements simultaneously.

In Exchange 2007, 2010, and 2013 these modules are called “Receive Connectors.” In the example below, they are called "modules."

Port 24 is reserved for “any private mail system.” Demonstrated below is anonymous access using a module listening on this port named “Restricted Relay.” The most important qualities of this module are that it registers port 24 and allows anonymous access. (See also Configuring Authenticated Access to Exchange.)

Configuring Exchange in Mail Express

After you have configured anonymous access in Exchange as described below, depending on the version of Exchange used, configure Mail Express to access the receive connector/module. 

1. On the Mail Express Mail Server Configuration page, set the Host box to the Exchange Server hostname, and the Port box to 25 (or whichever port you set in Exchange). 

2. If you enabled encryption in Exchange, select the Connect using SSL check box, then do one of the following: 

   • Select the Always trust certificates from Exchange Server check box and don’t upload a file. This option is useful for testing, but is less secure that the next option.

   • Clear the Always trust certificates from Exchange Server and then click Choose File to upload the Public Certificate of the of the Certificate Authority that signed the Exchange Server’s Public Certificate (typically this is the Public Certificate for the Active Directory server).

3. Because “Restricted Relay” accepts anonymous users, ensure that the Use Exchange authentication check box (under Authentication Settings) is not selected. With this configuration, the From address and Reply to address will only be used in messages generated by the Mail Express system and so can be set to whomever the administrator wants to monitor those messages.

See also Testing the Mail Server Configuration.

(Mail Express has not been tested on Exchange 2016.)

In Exchange 2013

1. In the Exchange admin center, in the left menu, click mail flow.

2. Next to Select server, specify the exchange server to configure (if there is more than one), then in the top menu, click receive connectors.

3. On the receive connectors page, click the plus sign + to add a new connector. The new receive connector dialog box appears.

   

4. Provide the following information, then click next:

   • Name: Name for the receive connector

   • Server: Specify your Exchange server (if there is more than one)

   • Role: Hub Transport

   • Type: Internet

5. Under Network adapter bindings, click the plus sign + to specify the IP addresses and port that Mail Express is to use, then click finish. (For non-SSL connections, the default is port 25.)

   

6. After the receive connector is created, double-click it in the list.

7. The receive connector's properties appear. Click security.

   

8. Ensure the Transport Layer Security (TLS) and Anonymous users check boxes are selected, then click save.

In Exchange 2007 and 2010

1. In the Exchange Management Console, under Server Configuration > Hub Transport, create a new module. (Select the server on which you want to create the connector, and then click the Receive Connectors tab. In the action pane, click New Receive Connector. Follow the prompts in the New SMTP Receive Connector wizard.)
   
   You can name it anything; "Restricted Relay" is used in the example below.

2. Right-click the new module, then click Properties. The Properties dialog box appears.

3. Click the Network tab.

   

4. Under Use the local IP addresses to receive mail, the Local IP address(es) and Port appear. If necessary, click Add or Edit to add or change the port number that Mail Express is to use. The actual port is not important as long as it is noted so that you can configure Mail Express to use the same port number. Click the Permission Groups tab.

   

5. Select the Anonymous users check box, then click the Network tab. Clear the other check boxes.

   

6. Secure the module by locking down the IP address that clients can use to connect. On the Network tab, under Receive mail from remote servers that have these IP addresses, click Add or Edit to add or change the IP address that Mail Express Server is using. With its IP address listed here, Exchange is not acting as an open relay. 

7. Optionally, you can further secure the module by enabling encryption. On the Authentication tab, select the Transport Layer Security (TLS) check box, then configure Mail Express to use encryption to protect communication between Mail Express and Exchange.