允许应用程序open relay exchange 服务器.docx

Allowing application servers to relay off Exchange Server 2007 From time to time, you need to allow an application server to relay off of your Exchange server. You might need to do this if you have a SharePoint, a CRM application like Dynamics, or a web site that sends emails to your employees or customers. You might need to do this if you are getting the SMTP error message 550 5.7.1 Unable to relay The top rule is that you want to keep relay restricted as tightly as possible, even on servers that are not connected to the Internet. Usually this is done with authentication and/or restricting by IP address. Exchange 2003 provides the following relay restrictions on the SMTP VS: Here are the equivalent options for how to configure this in Exchange 2007. Allow all computers which successfully authenticate to relay, regardless of the list above Like its predecessor, Exchange 2007 is configured to accept and relay email from hosts that authenticate by default. Both the Default and Client receive connectors are configured this way out of the box. Authenticating is the simplest method to submit messages, and preferred in many cases. The Permissions Group that allows authenticated users to submit and relay is the ExchangeUsers group. The permissions that are granted with this permissions group are: NT AUTHORITY\Authenticated Users {ms-Exch-SMTP-Submit}NT AUTHORITY\Authenticated Users {ms-Exch-Accept-Headers-Routing}NT AUTHORITY\Authenticated Users {ms-Exch-Bypass-Anti-Spam}NT AUTHORITY\Authenticated Users {ms-Exch-SMTP-Accept-Any-Recipient} The specific ACL that controls relay is the ms-Exch-SMTP-Accept-Any-Recipient. Only the list below (specify IP address) This option is for those who cannot authenticate with Exchange. The most common example of this is an application server that needs to be able to relay messages through Exchange. First, start with a new custom receive connector. You can think of receive connectors as protocol listeners. The closest equ