I am struggling with creating a receive connector that does authentication but does not allow emails to be relayed outside.
I choose only permission group "Exchange users" while creating connector and remove below permissions,
Get-ReceiveConnector relay | Remove-ADPermission -User "NT AUTHORITY\Authenticated Users" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
Still when I test out, I am able to relay to outside of exchange as well using this connector. I want to block that outside part. Only emails going inside should be allowed.
I suspect many inherited permissions are there that I am unable to get rid of?
Any pointers?
Shahid Roofi