Posted by: Anthony Drewery | August 16, 2006

Configuring an Exchange 2007 Hub Transport server to accept anonymous SMTP connections

Our initial lab deployment of Exchange 2007 doesn’t contain an Edge Transport server yet so I wanted to be able to route inbound SMTP email directly to a Hub Transport server from our MIMEsweeper servers. I had expected this to work ‘out of the box’ but found the connection kept failing as it was an anonymous source.

The Hub Transport server has 2 Receive Connectors that are created by default:


The Default RC accepts inbound connections on port 25 and the Client RC accepts connections from remote clients on port 587. Whilst I understand the purpose of the Default RC I’ll need to do some more research into when and how the Client RC is used.

I looked at the properties of on the Default RC but couldn’t see anything that might help me. There are various options available for authentication but none that seemed to allow anonymous access.


A little more digging led me to the Exchange Management Shell and a Cmdlet called set-ReceiveConnector.

With the following command line I managed to get my Default RC to accept email from non-authenticated sources. 

set-ReceiveConnector -identity "Default LABCRWEXHT1" -PermissionsGroups AnonymousUsers

The moral of the story? Get used to the Exchange Management Shell as there’s no avoiding it!

[tags]Exchange 2007[/tags] 


  1. The Client Receive Connector has permissions groups set of ExchangeUsers (among others), which is set up by default to allow authenticated clients to relay mail (POP3 & IMAP clients that use SMTP to send). You just have to remember to change the client settings to use port 587 instead of 25.

    Gotta admit, though, Exchange 2007 is pretty interesting compared to previous versions!

  2. Thanks for the explanation. We have our first couple of boxes up and running now (1 mailbox and 1 hub transport\client access) and should have an edge transport server in place by the end of the week. We’re then going to expand to servers in another AD site. So far I like what I see!

  3. Hi,

    just for your info. The cmdlet does have a typing error. It sould be:
    set-ReceiveConnector -identity “Default LABCRWEXHT1” -PermissionGroups AnonymousUsers
    (PermissonGroups without the “s” behind Permisson)
    Furthermore if you set up an new receive connector in custom mode you are able to change the security settings in the GUI 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: