Exchange 2010 Disable open-relay

You can easily check if you have an open relay with websites like, and

When you found out that they say that you have an open relay you can double check that with the following command :

Get-ReceiveConnector | Get-ADPermission | where {($_.ExtendedRights -like “*SMTP-Accept-Any-Recipient*”)} | where {$_.User -like ‘*anonymous*’} | ft identity,user,extendedrights

Then use the following command to close the anonymous relay :


Get-ReceiveConnector “YourReceiveConnectorName” | Remove-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

Then re-check using the mentioned websites. 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.