Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Users cannot send emails anymore.....only domain admins can !!

Posted on 2007-11-20
Last Modified: 2012-08-14
Hi all, well we have 2 exchange 2003 servers (back end/front end) and a mail filter appliance from ISS, everything was working fine till 3 days back, users cannot send any message, they can receive though.....whenever they try to send any message they get a bounced email saying the following:

The following recipient(s) cannot be reached:

      <mailbox name> on 11/21/2007 9:14 AM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            MSEXCH:MSExchangeIS:/DC=xxx/DC=xxx/DC=xxxxx:<Back end server name>

Tried to add any user who faces this issue to the domain admins group, guess what? he can send email without any problems and that bounced email doesn't exist!!!
Last thing happened before that issue occured, was deploying a WSUS server that updated the exchange server with latest updates ( few security updates and exchange updates ) were added....If it is a microsoft patch that caused that problem, which one is it??? if it is something else that has to do with permissions and security, what can it be???

Please assist as soon as possible since its a very sensitive issue.

Question by:AMFOP
LVL 13

Expert Comment

ID: 20326334
Can you name us the patches were installed by WSUS on Exchange servers. According to me it must be similiar to "Send As" patch which was released in June 2006.

Author Comment

ID: 20326583
ok last patches were:
as Exchange patches:

as Win2k3 server patches:

Whats that send as patch ? what happens when it is applied ???

Expert Comment

ID: 20326603
Did you check Authentication on your Default SMTP vitual server? You should allow mail relay to all authenticated users.

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

LVL 104

Expert Comment

ID: 20326794
I am not aware of any patches that would cause this problem, unless your security settings were mangled before and have now been corrected.

If you create a new user, does the problem continue?
Is this all email - internal between users and external? Does the problem follow to OWA?

LVL 13

Expert Comment

ID: 20326825
One of the installed Exchange Pack is - KB 926666 (Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2)

This update requires following patches to keep version of store.exe @ certain level.

KB 916803 - MS06-019: Vulnerability in Microsoft Exchange Server could allow remote code execution
KB912442 - MS06-029: Vulnerability in Microsoft Exchange Server could allow script injection when Exchange Server runs Outlook Web Access

Kinldy check http://support.microsoft.com/kb/912918/ for same.


Author Comment

ID: 20330706
ok , kbitguru the relay to all authenticated users is set and everything was working properly....Sembee, i created a new user in AD and gave him access right to a certain mailbox (full access) but same action occurred, and yes its NOT sending emails neither internally (between users) nor externally, but when on OWA i can send emails normally when i use the mailbox itself as login ( abc@xyz.org).....

well vishal_breed, i've reed that article and what i understood from it that if the user intending to send an email on behalf of a certain mailbox and he had full access permission on it, after installing that patch on exchange 2003 SP2, will have to be given EXPLICITLY the send as permission too....please correct me if am mistaking......Anyhow,  will try that and see if it works and come back to you.....Thank you all for your responses.
LVL 13

Accepted Solution

vishal_breed earned 500 total points
ID: 20333286
Q. After installing that patch on exchange 2003 SP2, will have to be given EXPLICITLY the send as permission too!!

Ans. Correct.

This patch was released by MS in June 2006 as most of the customers raised the issue; when full mailbox permission is assigned; Administrators can access any mailbox & can send email as CEO or as any person in the organization (considered as security threats).

But after installing this patch - BlackBerry kind of services hampered as BlackBerry account has Send As permission assigned on mailboxes of BlackBerry Users.

You can use script mentioned in

Or follow
http://msexchangeteam.com/archive/2006/04/28/426707.aspx (Check the comments posted by various users after reading the articles. Follow any suitable method mentioned in Comments)

Author Comment

ID: 20333391
Well Vishal_breed, you answered my question and guided me very well to solve the issue that i had no clue about and was a hectic one for the past 4 days :):)....you deserve all the points so bon appetite :):):)......thanks to everyone else who contributed and tried to help.

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question