Due to a change in our Call Logging system (the application the Help Desk uses to log IT service calls for users), we had to allow it to send e-mails as coming from the Help Desk mailbox to external users.
So, I created a new receive connector just for the servers hosting that application and allowed for anonymous users to use it as the application doesn’t support authenticated SMTP...
This grants permissions to the anonymous account but it still doesn’t give the application relay permissions. If you try to relay using this receive connector, you will get the following SMTP error message:
550 5.7.1 Unable to relay
The ACL that controls relay is the ms-Exch-SMTP-Accept-Any-Recipient. To add this ACL to this receive connector, we have to use Exchange Management Shell:
Get-ReceiveConnector "Infra" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
Please, don’t forget to keep relay as restricted as possible, as your domain might get black-listed!