Users cannot send emails anymore.....only domain admins can !!

Posted on 2007-11-20
Last Modified: 2012-08-14
Hi all, well we have 2 exchange 2003 servers (back end/front end) and a mail filter appliance from ISS, everything was working fine till 3 days back, users cannot send any message, they can receive though.....whenever they try to send any message they get a bounced email saying the following:

The following recipient(s) cannot be reached:

      <mailbox name> on 11/21/2007 9:14 AM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            MSEXCH:MSExchangeIS:/DC=xxx/DC=xxx/DC=xxxxx:<Back end server name>

Tried to add any user who faces this issue to the domain admins group, guess what? he can send email without any problems and that bounced email doesn't exist!!!
Last thing happened before that issue occured, was deploying a WSUS server that updated the exchange server with latest updates ( few security updates and exchange updates ) were added....If it is a microsoft patch that caused that problem, which one is it??? if it is something else that has to do with permissions and security, what can it be???

Please assist as soon as possible since its a very sensitive issue.

Question by:AMFOP
LVL 13

Expert Comment

ID: 20326334
Can you name us the patches were installed by WSUS on Exchange servers. According to me it must be similiar to "Send As" patch which was released in June 2006.

Author Comment

ID: 20326583
ok last patches were:
as Exchange patches:

as Win2k3 server patches:

Whats that send as patch ? what happens when it is applied ???

Expert Comment

ID: 20326603
Did you check Authentication on your Default SMTP vitual server? You should allow mail relay to all authenticated users.

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 104

Expert Comment

ID: 20326794
I am not aware of any patches that would cause this problem, unless your security settings were mangled before and have now been corrected.

If you create a new user, does the problem continue?
Is this all email - internal between users and external? Does the problem follow to OWA?

LVL 13

Expert Comment

ID: 20326825
One of the installed Exchange Pack is - KB 926666 (Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2)

This update requires following patches to keep version of store.exe @ certain level.

KB 916803 - MS06-019: Vulnerability in Microsoft Exchange Server could allow remote code execution
KB912442 - MS06-029: Vulnerability in Microsoft Exchange Server could allow script injection when Exchange Server runs Outlook Web Access

Kinldy check for same.


Author Comment

ID: 20330706
ok , kbitguru the relay to all authenticated users is set and everything was working properly....Sembee, i created a new user in AD and gave him access right to a certain mailbox (full access) but same action occurred, and yes its NOT sending emails neither internally (between users) nor externally, but when on OWA i can send emails normally when i use the mailbox itself as login (

well vishal_breed, i've reed that article and what i understood from it that if the user intending to send an email on behalf of a certain mailbox and he had full access permission on it, after installing that patch on exchange 2003 SP2, will have to be given EXPLICITLY the send as permission too....please correct me if am mistaking......Anyhow,  will try that and see if it works and come back to you.....Thank you all for your responses.
LVL 13

Accepted Solution

vishal_breed earned 500 total points
ID: 20333286
Q. After installing that patch on exchange 2003 SP2, will have to be given EXPLICITLY the send as permission too!!

Ans. Correct.

This patch was released by MS in June 2006 as most of the customers raised the issue; when full mailbox permission is assigned; Administrators can access any mailbox & can send email as CEO or as any person in the organization (considered as security threats).

But after installing this patch - BlackBerry kind of services hampered as BlackBerry account has Send As permission assigned on mailboxes of BlackBerry Users.

You can use script mentioned in

Or follow (Check the comments posted by various users after reading the articles. Follow any suitable method mentioned in Comments)

Author Comment

ID: 20333391
Well Vishal_breed, you answered my question and guided me very well to solve the issue that i had no clue about and was a hectic one for the past 4 days :):) deserve all the points so bon appetite :):):)......thanks to everyone else who contributed and tried to help.

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Find out what you should include to make the best professional email signature for your organization.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question