7.19. Controlling Mail Relaying
Problem
You need to configure which systems are allowed to relay mail through your Exchange server.
Solution
Using a graphical user interface
You can control relay access at the virtual server level or at the SMTP connector level. This is how you do it at the virtual server:
Open the Exchange System Manager (Exchange System Manager.msc).
Expand the organization→ Administrative Groups→ target administrative group→ Servers→ target server→ Protocols→ SMTP.
Right-click the desired virtual server and click Properties. Click the Access tab. Click Relay.
Unless you need to permit authenticated SMTP users to relay through your server, uncheck the Allow all computers which successfully authenticate to relay, regardless of the list above checkbox. Leaving this checked can provide an avenue for stealth relay and password-discovery attacks.
If you wish to restrict a small group of computers from relaying through your virtual server (this is usually only suitable for a server on your internal network), select All except the list below. Otherwise, select Only the list below to permit relay only to the systems listed.
Click the Add button and add a single IP address, a group of IP addresses, or a domain name. Click OK.
When you have the correct entries in the list, click OK.
Here is how you control relay access at the SMTP connector:
Open the Exchange System Manager.
Expand the organization, Administrative Group, administrative group, Routing Groups, routing group, and Connectors ...