Configure on-premises email server Receive Connector to relay email

By default, Exchange 2010 does not allow clients to use the SMTP service for anonymous relay, so we need to configure a Receive Connector for this purpose

  1. Logon to on-premises exchange server.
  2. Open the Exchange Management Console.
  3. In the console tree, expand Server Configuration, select Hub Transport, and then in the work pane, click the Receive Connectors tab.
  4. In the action pane, click New Receive Connector. The New Receive Connector wizard starts.
  5. On the Introduction page, type name in the Name field and then select Custom in the Select the intended use for this connector field, click Next.

6. the Local Network settings page, click Next.

7. the Remote Network settings page, Select the existing – entry, and then click .

8. Click Add, and add all Exchange Online Protection IP addresses, click Next.

Americas EMEA APAC






9. On the New Connector page, review the configuration summary for the connector, click New.

10. On the Completion page, click Finish.

11. On the work pane, select the Receive connector that you created.

12. Under the name of the Receive connector in the action pane, click Properties to open the Properties page.

13. Click the Authentication tab, select Transport Layer Security (TLS).

14. Click the Permission Groups tab, select Anonymous users.

15. Click OK to save your changes and exit the Properties page.

16. Open Exchange Management Shell, enter follow command.

Get-ReceiveConnector "Inbound from Office 365" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Change MX record to redirect mail flow from the Internet to Office 365

To redirect email flow to Office 365, change the MX (mail exchange) record for your domain.


If you want to do pilot test before cut over, please keep your MX record and autodiscover settings direct to on-premises Exchange server, but you need to add spf TXT recode as follow format:

v=spf1 mx ~all =Exchange Server external FQDN

Hope you enjoy this post.

Cary Sun