Hello, I use exchange 2007 and I have removed anonymous user from Hubcas and Edge. I ran the below command on the Hubcas first: Get-ReceiveConnector | Get-ADPermission -User "AUTORITE NT\ANONYMOUS LOGON" | where {$_.E xtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission Of course, before running the command we informed the users that if they were using out Hubcas server as SMTP gateway, they should change it for our company's SMTP gatway. No complains, so I did the same thing on the Edge and things was ok until one of our main application started not to be able to send email. The SMTP gatway was an idependant one and the return message said: #< #5.7.1 smtp;530 5.7.1 Client was not authenticated> #SMTP# I do not understand why I received those error messages as the application is not using neither the Hubcas or Edge IPs. Is that something to do with blocked IPs? Shall I do something to authorize the application to send email? Thanks to all in advance for you help /input. GRaig

From my understanding, your smtp gateway sends email to your internal recipients. It does an mx lookup or has connector and sends through the edge. You basically removed anonymous submission on your edge so your gateway can not send to your recipients or possibly an external relay. Actually when you removed this from the edge were you still able to receive email from the internet?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Thanks James! Just to avoid confusion and to explain better the situation. Users in my company should use a SMTP gateway the we have set up some time ago. It allows users (applications only) in our company to send mails using that gatway (ports 25 open in all our agencies). Also only one application is using a seperate SMTP gateway (and I added the IPs to our green list on our egde severs). After I removed anonymous submission on our edge, applications were able to send mails but only that seperate SMTP gateway weren't. So to answer your question: Yes I was able to reveive email from the internet. I still don't get the error message: #< #5.7.1 smtp;530 5.7.1 Client was not authenticated> #SMTP# :-( Graig

hummm I did the change only on one edge and in the end it seems like I could not receive email from Internet... Thanks for your help

Yeah you need to keep the anonymous submission :) remember anonymous submission is not the same as relaying.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Mannnn Many Thanks James!! Would you know any online document for me to get more familiar with that please?? Graig

Here's the reference page for receive connectors. The second article shows you how to allow apps to relay using a receive connector but it does a good job of explaining the different authentication mechanisms. Understanding Receive Connectors http://technet.microsoft.com/en-us/library/aa996395.aspx Allowing application servers to relay off Exchange Server 2007 http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspxJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com