Home > Exchange Server > Creating a Receive Connector to Use for Sending Email from PowerShell

Creating a Receive Connector to Use for Sending Email from PowerShell

Some of the PowerShell scripts I use and/or write send email to either users or myself. In order for that to work, a Hub Transport server has to allow the SMTP traffic from the script. So, we need a receive connector that will allow the email to be sent under the right conditions. Here’s how we can easily accomplish that.

I find it best to run scripts that send email right from a Hub Transport server. So we’ll create a new receive connector called “Internal Relay” using the New-ReceiveConnector cmdlet, and set it to allow mail from itself. This is done with the -RemoteIPRanges parameter. We’ll set it to 127.0.0.1, the loopback address for the server.

Since we don’t need to authenticate, we’ll set -AuthMechanism to ‘none’, and set the -PermissionsGroups to ‘AnonymousUsers’.

Last, we’ll set it to enabled, and configure which server it should be on. Remember, it needs to be on a server holding the Hub Transport role.

New-ReceiveConnector -Name "Internal Relay" -Bindings 0.0.0.0:25 -RemoteIPRanges 127.0.0.1 -AuthMechanism Tls -Enabled $true -Fqdn "myserver.mydomain.com" -PermissionGroups AnonymousUsers -Server mysever

Change the highlighted info to suit your needs. I use 127.0.0.1 if I’ll be running the scripts on the local Exchange server.

We allow anonymous users to actually relay by granting the ‘ms-Exch-SMTP-Accept-Any-Recipient’ extended right to the Anonymous Logon account using Add-AdPermission. This is done using:

Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

We can also grant NT Authority\Anonymous Logon the right to bypass anti-spam agents using:

Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-exch-bypass-anti-spam"

We can pipe all of the commands together into a one-liner. The finished script looks like this:

New-ReceiveConnector -Name "Internal Relay" -Bindings 0.0.0.0:25 -RemoteIPRanges 127.0.0.1 -AuthMechanism Tls -Enabled $true -Fqdn "myserver.mydomain.com" -PermissionGroups AnonymousUsers -Server mysever | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient, ms-exch-bypass-anti-spam"

This gives us a connector that we can use to send email from PowerShell. Verify it by using

Get-ReceiveConnector -Name "Internal Relay" | Get-ADPermission | ft User, ExtendedRights

In the coming posts, we’ll use this to our advantage.

  1. October 30th, 2012 at 08:26 | #1

    First you say to configure the authmechanism with None, but write in your cmds Tls..
    Second, you have an typo with -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient, ms-exch-bypass-anti-spam”. Since this is not a STRING, you have to use it without “”.

  2. February 20th, 2013 at 09:52 | #2

    Could you please help me with the following. I read your posts of powershell scheduled task, new-passwordreminder.ps1 script and this one. I have 1 problem and I just can’t figure it out. I try to run the script in a EMS prompt. However, it acts like it executes something but it doesn’t do anything. Once I fire up an elavated cmd prompt for the domain admin ( the account which was used to configure Exchange ) it does launch of the script. Do you perhaps know what I am doing wrong under my default account? I gues it is an access issue… Already search in the receive connect for permission mismatch but I realy am on a dead end.

    • February 20th, 2013 at 09:54 | #3

      Sorry, to be complete:
      – I have 1 server which holds all roles without an edge role
      – The script I am talking about is the script: new-passwordreminder.ps1 which I downloaded from you other forum.
      Everything works as I am already live for 1 year.

    • Pat Richard
      February 23rd, 2013 at 20:10 | #4

      On the scheduled task, is the checkbox for run with highest privileges checked? It should be.

      • February 25th, 2013 at 03:58 | #5

        Hi Pat,
        Thanks for the reply.
        First I was pretty scepticle when I read your comment as I thought that I wouldn’t be so stupid to forget that option.. but it turns out I did hahaha. Okay I enabled it, set the scheduled task to run every 3 days so I will confirm when everything works out.

  3. Andre Bm
    February 28th, 2013 at 03:32 | #6

    Hi Pat,
    Still no luck…
    I am a domain admin at my domain so I think I should have the required rights, right?
    Do you know how I can find out if I have the requested access?
    If I run the script manually, open it in EMS it also doesn’t work with my account.
    It does however work on another admin account ( the domain admin account which was used to set up exchange ).

    I also manually followed your script and it received the following error why trying the send-mailmessage command from my domain admin account ( not the account originally used ):
    Send-MailMessage : Mail cannot be sent because no SMTP server was specified.

    Could you please help me out on this one.
    I don’t mind creating a new account and set it up with the correct access rights if you now which access rights I require then I will add them.

    Your help will be much appreciated.

  4. Andre Bm
    February 28th, 2013 at 03:38 | #7

    Sorry to double post but i made a mistake in my last post, forgot the option -smtpserver X.X.X.X and I included it and it now says:
    Send-MailMessage : Mailbox unavailable. The server response was: 5.7.1 Client d
    oes not have permissions to send as this sender

    Any idea how to get the required rights?

    • Andre Bm
      February 28th, 2013 at 04:24 | #8

      Already added the connector rights so I am able to send mail to people now. Only, I still can’t run the scheduled job with my account. It runs but it doesn’t send of any mail.
      But we made progress 😀 I now can run it manually and the emails are being delivered 😀 when I do the following:
      Start –> Run
      c:\windows\system32\windowspowershell\v1.0\powershell.exe -psconsolefile “C:\Program Files\Microsoft\Exchange Server\V14\Bin\exshell.psc1”

      Once loaded I do:
      e:\website\new-passwordreminder.ps1

      And that works.
      I also have this in the schedules jobs, but that one doesn’t work.
      Action: Start a program:
      Program/Script: c:\windows\system32\windowspowershell\v1.0\powershell.exe

      Add arguments(optional): -psconsolefile “C:\Program Files\Microsoft\Exchange Server\V14\Bin\exshell.psc1” -command “New-PasswordReminder.ps1”

      Start in: E:\website

      I copy past it so if I am missing quotes, please let me know.

      Any ideas?

  1. May 5th, 2014 at 18:42 | #1