Setup mail relay in Exchange 2003/2007/2010

Setup mail relay in Exchange 2003/2007/2010

At some point in your IT lives you will find yourself in the position to configure mail relay, for a device or a server in your local network. Here’s how it’s done :

Exchange 2003 :

Exchange Console -> Administrative Groups -> first administrative group -> Servers -> Servername -> Protocols -> SMTP -> Right click Properties on the Default SMTP Virtual Server -> Access tab – Relay. Click Add and insert the IP address of the device you that want to relay through your Exchange.

relay 2003

Exchange 2007/2010:

Not easy to guess if you don’t know – It is done through the use of a Receive Connector.

Go to Exchange Management Console – > Hub Transport -> Receive Connectors. Right Click and choose New Receive Connector.

Choose an appropriate name for it. For intended use choose Custom.

For Local Network Settings, leave it as it is. on Specify the FQDN type in your Fully Qualified Domain Name of your server. Example . Exchangeserver.contoso.local

On the Remote Network Settings, delete the entry and add on your own. Input the IP address of the device that you want to relay through the Exchange server.

Click New. This will create the Connector but our job is not yet done. Right click the Connector and go to Properties. On the Authentication tab choose Externally Secured. On the permissions tab leave blank.

Open Exchange Shell. Type the following command:

The only change in the command you need to make is to put the real Connector’s name in the brackets.

Get-ReceiveConnector -Identity “Connector’s Name” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

Depending on specifics around the relay you may need to specify Exchange Users as Permissions group.

Exchange 2007/2010 Anti-Spam Tools

Exchange 2007/2010


Exchange 2007 – Most of the features the same as the ones in 2003 and some are new and some are just with a different name.


Exchange Management Console – > Organization Configuration -> Hub Transport -> Anti-Spam


Content FilteringThe same as 2003


IP Allow List – Specify IP addresses that are always allowed to connect and transmit email messages to the server. It can be a single IP or a Range. You can only Enable/Disable the feature from here. To actually add/remove addresses is done from Server Configuration – > Hub Transport -> Anti-Spam.


IP Block List – Disallow IP addresses or ranges from connecting to the server. Same as IP Allow List.


IP Allow List Providers – Here you can specify an external whitelist with approved senders. One such is The Spamhaus Whitelist.


IP Block List Providers – This is the same as Connection Filtering in 2003. Here you can provide and external blacklist like Zen Spamhaus which is free. For more info check Connection Filtering.


Recipient Filtering – Purpose is the same as in 2003. However you need to execute the following command to turn on the Blocked Recipients list – Set-RecipientFilterConfig -BlockListEnabled $true

To see if the entries are valid – Get-RecipientFilterConfig | Format-List BlockedRecipients.


Sender Filtering – Same purpose as in 2003 but more developed. You can block email addresses, domains and domain hierarchies. Block blank senders should be ticked. In 2007 you can also specify how the server will react if the Blocked Senders list is met – Reject or Stamp.


Sender ID – The same as 2003 but with fewer options. Just Enable/Disable and Action.


Sender Reputation – New feature. Server determines Sendeer Reputation Level and based on a set treshold it adds the sender to the IP Block list for a specific amount of hours. Reputation is deteremined by:

HELO/EHLO analysis, Reverse DNS lookup, Analysis of SCL ratings on messages from a particular sender, Sender open proxy test. Full info on here.


There is another option called Aggregation of Outlook Junk E-mail Filter Lists. This feature helps reduce false positives in anti-spam filtering by propagating Outlook 2003 and Outlook 2007 Junk E-mail Filter Lists to Mailbox servers and to Edge Transport servers. For more information, see Safelist Aggregation.


Exchange 2010 –  Same funtionality and features but it needs to be turned on as by default it is not. Open Exchange Management Shell. Type Set-TransportServer –identity “SERVERNAME” -AntispamAgentsEnabled $true. Restart the Microsoft Exchange Transport service. Close and re-open the Exchange Management Console and the Anti-Spam tabs will be there in the same place as in 2007.


Other possible reasons for SPAM are infected server or workstations which will be sending spam OUT or to other internal recipients. Best way to fight with it is to scan and clean the machines.

Import and Export a pst file from a mailbox in Exchange 2010 Shell

Import and Export a pst file from a mailbox in Exchange 2010 Shell

Sometimes you will have to import or export mailboxes or portions of them without any user interaction. This can be achieved from the Exchange Management Shell. Here are 3 videos that show how it’s done. The first one shows how to prepare  the folder that you want to export to and the second video shows how to export only certain folders within the mailbox. Remember Shell is smart and can do it on a folder level! The third video shows how to import a pst to a mailbox.

Import and Export a pst file from a mailbox in Exchange 2010 Shell

Cannot find at least one global catalog server running Windows Server 2003

Cannot find at least one global catalog server running Windows Server 2003

Have you ever tried installing Exchange 2007 from the usual CD on R2 ? Then you know that it doesn’t work. You receive a paradox message that the installation cannot find at least one global catalog server 2003, when you are on a clean installation and haven’t touched 2003.

2007 install error on R2

Well, it is a known issue and a problem when it comes to Exchange 2007 and Windows Server 2008 R2 and Microsoft advise that the way to do it is to download Exchange 2007 SP3 and use it to install your Exchange instead of using the CD. Here is a link to download it.

Here is a video of the process