Posted by on May 14, 2009 in General | 4 comments

There are some nice additions to Exchange 2007, and one of the items is the ability to have it easily accept emails from in-network machines (like MFPs, Copier/Scanners) so you can scan to email without having to set up a separate user.  The problem is that it will only accept emails that are addressed to accounts within the same domain (eg,  However, with a little work, you can set up another SMTP Receive Connector to allow emails sent to out of domain addresses (eg,

Thanks to the fine folks at Petri for pointing me in the right direction.

  • Open the Exchange Management Console and go to Server Configuration/Hub Transport
  • Click “New Receive Connector”
  • Give the new connector a meaningful name (“scanner”), select Custom as the type, and a port other than 25 or 587 (which are used by the default connectors).  Obviously if you have changed the default ports then you need to pick something other than those.
  • Right-click the new connector, go to Properties make the following settings:  Permission Groups Tab; Anonymous Users only.  Network Tab; remove the default IP address range and add the IP address(es) of the appropriate device(s).  Authentication Tab; Transport Layer Security (TLS) only.
  • Open the Exchange Management Shell and run the following command:  Get-ReceiveConnector scanner | Add-ADPermission -User “NT AUTHORITYANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”. Note that the “scanner” name is what was used in this example, and you should change the command to match waht you named the new receive connector.
  • Restart the MS Exchange Transport service.
  • Use your favorite MX Record checker (like MXRecordToolbox) to ensure you haven’t created an open relay.
  • Configure the Scanner/Copier/MFP to use the SMTP connector, including the port number you set up.

Now, go forth and scan some more!