This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
But if I changed the delivery management setting from "Only senders inside my organization" to "Senders inside and outside of my organization" and I was then able to telnet to exchange from the application server in question and send the email to the distribution group in question and I see it went out to all of the recipients in the DG.
Although it is working in this way, it's not ideal, as now anyone from the outside can also send email to that DG.
So what is the better solution to this problem? Adding the Exchange server permission to the SMTP Relay receive connector.
Is there any way to allow DG to receive mail from Application Server (Anonymous Relay) without allowing "Senders inside and outside of my organization"?
Thank You
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 71%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELZ%3C/text%3E%3C/svg%3E)
Except solutions provided by michev, there is another workaround for you.
Do you mean you want to set that DG can only receive messages from internal users and the application server?
If so, we can create a mail flow rule to block external messages sent to this DG, except the sender address used by your application. However, please pay attention that, if an external message sent to this DG and other internal users are added as recipients, other internal users won't receive this message as well.
You can create the rule like this:
Apply this rule if "the sender is outside the organization" and "The message To or Cc box contains DG", reject the message and include an explanation. Except the sender is the application address.
If the response is helpful, please click "Accept Answer" and upvote it.
Based on my knowledge, if you don't want to use "Senders inside and outside of my organization", you have to configure the specific receive connector as externally secured for anonymous relay. It's mentioned by michev, and you can check this for more details: Configure the connections as externally secured.
If the response is helpful, please click "Accept Answer" and upvote it.
Is there any update on this thread?
Does configuring the specific receive connector as externally secured work for you? Please let us know if you would like further assistance.
If the response is helpful, please click "Accept Answer" and upvote it.
Just checking in to see if above information was helpful. If you have solved your problem, could you share with us? Maybe it will help more people with similar problems.
If the response is helpful, please click "Accept Answer" and upvote it.
To be considered "internal", the application either must use an Exchange account, or you can add the externally secured flag, as detailed for example here: https://learn.microsoft.com/en-us/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019
I'm wondering are you by chance hybrid or Cloud Only implementation? I have seen that the hybrid configuration wizard is ran and each environment sees the other as external in hybrid.
Not Hybrid or cloud, Microsoft exchange 2016 in On-premises
@Nur Hossain
Does it work after adding the Exchange servers permission group and the Externally secured authentication mechanism to the specific Receive connector?
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.