• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 942
  • Last Modified:

Users cannot send emails anymore.....only domain admins can !!

Hi all, well we have 2 exchange 2003 servers (back end/front end) and a mail filter appliance from ISS, everything was working fine till 3 days back, users cannot send any message, they can receive though.....whenever they try to send any message they get a bounced email saying the following:

The following recipient(s) cannot be reached:

      <mailbox name> on 11/21/2007 9:14 AM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            MSEXCH:MSExchangeIS:/DC=xxx/DC=xxx/DC=xxxxx:<Back end server name>

Tried to add any user who faces this issue to the domain admins group, guess what? he can send email without any problems and that bounced email doesn't exist!!!
Last thing happened before that issue occured, was deploying a WSUS server that updated the exchange server with latest updates ( few security updates and exchange updates ) were added....If it is a microsoft patch that caused that problem, which one is it??? if it is something else that has to do with permissions and security, what can it be???

Please assist as soon as possible since its a very sensitive issue.



 
0
AMFOP
Asked:
AMFOP
1 Solution
 
Vishal BreedProgram ManagerCommented:
Can you name us the patches were installed by WSUS on Exchange servers. According to me it must be similiar to "Send As" patch which was released in June 2006.
0
 
AMFOPAuthor Commented:
ok last patches were:
as Exchange patches:
KB924334
KB926666
KB916803
KB931832
KB912442

as Win2k3 server patches:
KB933729
KB933360
KB941202
KB925876

Whats that send as patch ? what happens when it is applied ???
0
 
kbitguruCommented:
Hi AMFOP,
Did you check Authentication on your Default SMTP vitual server? You should allow mail relay to all authenticated users.

-kbITguru
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
SembeeCommented:
I am not aware of any patches that would cause this problem, unless your security settings were mangled before and have now been corrected.

If you create a new user, does the problem continue?
Is this all email - internal between users and external? Does the problem follow to OWA?

Simon.
0
 
Vishal BreedProgram ManagerCommented:
One of the installed Exchange Pack is - KB 926666 (Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2)

This update requires following patches to keep version of store.exe @ certain level.

KB 916803 - MS06-019: Vulnerability in Microsoft Exchange Server could allow remote code execution
KB912442 - MS06-029: Vulnerability in Microsoft Exchange Server could allow script injection when Exchange Server runs Outlook Web Access

Kinldy check http://support.microsoft.com/kb/912918/ for same.




0
 
AMFOPAuthor Commented:
ok , kbitguru the relay to all authenticated users is set and everything was working properly....Sembee, i created a new user in AD and gave him access right to a certain mailbox (full access) but same action occurred, and yes its NOT sending emails neither internally (between users) nor externally, but when on OWA i can send emails normally when i use the mailbox itself as login ( abc@xyz.org).....

well vishal_breed, i've reed that article and what i understood from it that if the user intending to send an email on behalf of a certain mailbox and he had full access permission on it, after installing that patch on exchange 2003 SP2, will have to be given EXPLICITLY the send as permission too....please correct me if am mistaking......Anyhow,  will try that and see if it works and come back to you.....Thank you all for your responses.
0
 
Vishal BreedProgram ManagerCommented:
Q. After installing that patch on exchange 2003 SP2, will have to be given EXPLICITLY the send as permission too!!

Ans. Correct.

Explaination:
This patch was released by MS in June 2006 as most of the customers raised the issue; when full mailbox permission is assigned; Administrators can access any mailbox & can send email as CEO or as any person in the organization (considered as security threats).

But after installing this patch - BlackBerry kind of services hampered as BlackBerry account has Send As permission assigned on mailboxes of BlackBerry Users.

You can use script mentioned in
http://support.microsoft.com/kb/912918

Or follow
http://msexchangeteam.com/archive/2006/04/28/426707.aspx (Check the comments posted by various users after reading the articles. Follow any suitable method mentioned in Comments)
0
 
AMFOPAuthor Commented:
Well Vishal_breed, you answered my question and guided me very well to solve the issue that i had no clue about and was a hectic one for the past 4 days :):)....you deserve all the points so bon appetite :):):)......thanks to everyone else who contributed and tried to help.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now