To configure Exchange relay mail from something that is not another Exchange server, you will need to create an additional Receive Connector. The best approach is probably to create and named them based on authentication or Permission Groups. That way, if you need to add another later, it will easy to identity where you need to be and what you need to do. For example, you might name one “Anonymous No Auth” or “Anonymous TLS”.

To create a new Receive Connector, open the EMC (Exchange Management Console) and under “Server Configuration”, select “Hub Transport.” Select the Exchange server under in “Hub Transport” window in the top of the screen. This is show you all of your current Receive Connectors. In the Actions (right side of the screen), select “New Receive Connector …”

Name: Anoymous TLS
Select the intended use for this Receive connetor: Custom

Local Network settings:

Remote Network settings:
Select and hit the red X to remove it. Then, add the IP or IP Range for which you want the connector to apply.


Then, in the bottom window pane, you will the newly created Receive Connector. Right mouse click on it and go to Properties. Click on the “Authentication” tab. TLS should be selected by default. If you want no authentication for this connector (not recommended of course), you would uncheck TLS leaving nothing checked here.

On the “Permission Groups”, check “Anonymous users”.

If you are still getting a “5.7.1 Unable to relay” even after configuring the connector, you may need to modify the “ms-Exch-SMTP-Accept-Any-Recipient” attribute:

Get-ReceiveConnector “Non-Exchange Relay Support” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

In Exchange 2013, Receive Connectors are under “Mail Flow” in the ECP.