Authenticating to Exchange 2010 smarthost

emailexchangeexchange-2010postfixsmarthost

I have a postfix mail server that should relay all outgoing mail to an Exchange 2010 server (the Exchange box is my smarthost). I have administrator access to the Exchange 2010 system, but I'm not very familiar with it. How should I set up authentication on the Exchange 2010 system?

I guess I could add a standard user with a mailbox on the Exchange box, then configure my postfix box to log in to port 587 to relay mail. That option doesn't feel right — it seems like there should be way to do server to server authentication, not just client to server authentication. Is there? If so, how would I set it up?

Edit:

  • the postfix mail server is at a remote site with a dynamic IP address, so authenticating by IP address won't work
  • I would like the email traffic between the two to be encrypted
  • I would like mutual authentication (the Postfix box knows it's talking to the Exchange box and not a man in the middle; Exchange knows that it is talking to the Postfix box)
  • setting up an IPsec tunnel seems overly complicated for what should be a trivial Exchange configuration
  • Exchange must allow the Postfix box to send messages to any destination
  • the messages submitted by the Postfix box must not be rejected as spam even if they look like spam

Best Answer

I usually don't have my Linux and internal servers authenticate to the Exchange server if they're on the same network. Same for other devices that may need to relay (copiers, monitoring systems, etc.). I still may need the smarthost funcationality, though.

The approach I take to enable a dumb server/device-to-server relay like what you're looking for is to enable the smarthost on the Postfix or Sendmail system. It seems as though you know that part. For Sendmail, it's a matter of uncommenting the "dnl" line related to the SMARTHOST entry in /etc/mail/sendmail.mc, and defining an address. For Postfix, it's defining relayhost in /etc/postfix/main.cf. (restart both daemons after the change)

On the Exchange 2010 side, you need to create a new Receive Connector:

Exchange System Manager -> Server Configuration -> Hub Transport -> Receive Connector

Add a new one by right-clicking the frame and selecting "New Receive Connector".

Name it something descriptive, like the FQDN of the Linux server you wish to send from (e.g. postfix.abc.com).

enter image description here

Specify the address/mask of the relaying server; 172.16.2.30/32 in this example.

enter image description here

Continue through the prompts and add the receive connector.

Open the Exchange Management Shell command line window.

You'll want to grant your new receive connector Anonymous privileges.

Execute:

Get-ReceiveConnector RelayConnector | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

...where "RelayConnector" is postfix.abc.com in my example.

Immediately select the newly-created entry in the Management GUI and select "Properties".

In the "Authentication" tab, deselect all entries. In the "Permission Groups" tab, ensure "Anonymous users" is checked. That's all!

enter image description here enter image description here

Related Topic