Network Scanners and Exchange 2007

There are some nice additions to Exchange 2007, and one of the items is the ability to have it easily accept emails from in-network machines (like MFPs, Copier/Scanners) so you can scan to email without having to set up a separate user.  The problem is that it will only accept emails that are addressed to accounts within the same domain (eg, user@company.com).  However, with a little work, you can set up another SMTP Receive Connector to allow emails sent to out of domain addresses (eg, user@homeaddress.com).

Thanks to the fine folks at Petri for pointing me in the right direction.

• Open the Exchange Management Console and go to Server Configuration/Hub Transport
• Click “New Receive Connector”
• Give the new connector a meaningful name (“scanner”), select Custom as the type, and a port other than 25 or 587 (which are used by the default connectors).  Obviously if you have changed the default ports then you need to pick something other than those.
• Right-click the new connector, go to Properties make the following settings:  Permission Groups Tab; Anonymous Users only.  Network Tab; remove the default IP address range and add the IP address(es) of the appropriate device(s).  Authentication Tab; Transport Layer Security (TLS) only.
• Open the Exchange Management Shell and run the following command:  Get-ReceiveConnector “scanner“ | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”. Note that the “scanner” name is what was used in this example, and you should change the command to match waht you named the new receive connector.
• Restart the MS Exchange Transport service.
• Use your favorite MX Record checker (like MXRecordToolbox) to ensure you haven’t created an open relay.
• Configure the Scanner/Copier/MFP to use the SMTP connector, including the port number you set up.

Now, go forth and scan some more!