Tuesday, 3 August 2010

Scan to Email - Exchange 2007

I find it amazing really that this is the first encounter I've had with this issue especially since SBS 2008 has been out so long but here we are. We had an issue where a network copier/scanner wouldn't scan to email (internally). Even using credentials to try and authenticate wouldn't work, it turns out that Exchange 2007 is now a lot more secure than 2003 was and so you have to run through the config below to allow relaying from a specific device.

■Open the Exchange Management Console and go to Server Configuration/Hub Transport

■Click “New Receive Connector”

■Give the new connector a meaningful name (“Copier Relay”), select Custom as the type, and you can leave the port as 25 or try a different port it depends how complicated you want your network. Any other free port will be ok though. Follow this through leaving internal network as is and then in the second window you want to setup your copiers IP so that only this can relay using this connector.

■Right-click the new connector, go to Properties make the following settings: Permission Groups Tab; Anonymous Users only. Authentication Tab; Transport Layer Security (TLS) only.

■Open the Exchange Management Shell and run the following command: Get-ReceiveConnector “Copier Relay“ | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”. Note that the “Copier Relay” name is what was used in this example and you should change the command to match what you named the new connector.

■Restart the MS Exchange Transport service.(Important)

■Configure the Scanner/Copier/MFP to use the SMTP connector, including the port number you set up.

...and hey-presto it should all work fine.

Did I solve your problem? Buy me a virtual beer by clicking on a Google ad :). Thanks!


  1. Thank you for this information. My problem is sending external mail? Internal mail work fine, based on SMTP anonymous connections. Also your command run in the Exchange Management Shell, can you please define if possible? Again thank you.

  2. No problem, the command for EMS is to allow the anonymous user to relay through the new connector you have made. The only variable you need to note is your connector's name. Where I used Copier Relay.

  3. The FQDN should be the name of the server, i found this the deal breaker for me, thanks for your help.

  4. Thank you so much for posting this - I was beating my head against it and nowhere else could I find a clear and concise explanation for making it go. I am linking to your post in my blog at http://darnitol.blogspot.com

    Thanks again!


  5. Hello,

    We would like that scanners can send email only internal email addresses. How should we achieve this?


  6. Thanku for the great helpful this is very necessary for my future.