I've created a relay receive connector that allows anonymous users, scoped it to my application server IP's and even ran the powershell command to allow the ANONYMOUS logon the ms-Exch-SMTP-Accept-Any-Recipient permission.
All is working well except when the application is configured to send to distribution groups that are set to only accept mail from internal senders, in this case the email is rejected.. as it should be. We have literally hundreds of nested distribution groups and we would rather not change them to allow email from unauthenticated senders so that leaves me with figuring out how to change my receive connector to deliver these messages as if they are from an authenticated sender.
I know that I can just enable the "Externally Secured" mechanism and add Exchange Server to the permissions groups but I read that this is not a good practice. Is it possible to assign only the specific permission needed to the connector via powershell
much I like I did with the ms-Exch-SMTP-Accept-Any-Recipient permission?