MS Exchange 2007 Inbound SMTP

So I was playing with Exchange 2007....

All I can say is "wow"... M$ has done a lot of work and made turned out a very slick offering. Can be Very complicated and very flexable, but does well to help the admin along the way.

Everything was pretty straight forward in setup; even for a guy who is no windows pro by any stretch...

The one issue I did hit was getting an SMTP Recieve connector to accept incoming mail.

I had setup the hub transport on the primary server to accept SMTP on port 25 etc, etc, from all addresses etc, etc... (After failing to setup a locked down version, I delete it all and started over with a wide open setup -- which still failed...ugh)

I turned on protocol logging for the connector, and was watching the log file as I sent mail... I was always getting:

550 5.7.1 Unable to relay,

Then I found a post by Wilbert De Graaf at
http://forums.microsoft.com/technet/showpost.aspx?postid=742464&siteid=17&sb=0&d=1&at=7&ft=11&tf=0&pageid=2

Which discribed my issue and point to http://technet.microsoft.com/en-us/library/aa997170.aspx to solve it...

Short Version:

Each incoming SMTP connection (From untrusted servers...) connects as "ANONYMOUS LOGON" and this user has to have permission to accept incoming mail ie the permission to "SMTPAcceptAnyRecipient"...

to do this go to to Exchange Management Shell and run

Get-AdPermission -Identity "SMTP RECIVEVE Connector Name" format-table -view Identity

Look at the "NT AUTHORITY\ANONYMOUS LOGON" user and its rights.

Make sure it has 'ms-Exch-SMTP-Accept-Any-Recipient' not denied.

But I am guessing, since you have this issue that it is either denied or not there at all....

To add the correct permissions run:

Add-AdPermission -Identity "SMTP RECIVEVE Connector Name" -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights ms-Exch-SMTP-Submit,ms-Exch-SMTP-Accept-Any-Recipient

it might tell you that it has one or more of these rights already... oh well... it adds the missing ones and you should be good to go.