Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Users cannot send emails anymore.....only domain admins can !!

Posted on 2007-11-20
Medium Priority
Last Modified: 2012-08-14
Hi all, well we have 2 exchange 2003 servers (back end/front end) and a mail filter appliance from ISS, everything was working fine till 3 days back, users cannot send any message, they can receive though.....whenever they try to send any message they get a bounced email saying the following:

The following recipient(s) cannot be reached:

      <mailbox name> on 11/21/2007 9:14 AM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            MSEXCH:MSExchangeIS:/DC=xxx/DC=xxx/DC=xxxxx:<Back end server name>

Tried to add any user who faces this issue to the domain admins group, guess what? he can send email without any problems and that bounced email doesn't exist!!!
Last thing happened before that issue occured, was deploying a WSUS server that updated the exchange server with latest updates ( few security updates and exchange updates ) were added....If it is a microsoft patch that caused that problem, which one is it??? if it is something else that has to do with permissions and security, what can it be???

Please assist as soon as possible since its a very sensitive issue.

Question by:AMFOP
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 13

Expert Comment

ID: 20326334
Can you name us the patches were installed by WSUS on Exchange servers. According to me it must be similiar to "Send As" patch which was released in June 2006.

Author Comment

ID: 20326583
ok last patches were:
as Exchange patches:

as Win2k3 server patches:

Whats that send as patch ? what happens when it is applied ???

Expert Comment

ID: 20326603
Did you check Authentication on your Default SMTP vitual server? You should allow mail relay to all authenticated users.

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 104

Expert Comment

ID: 20326794
I am not aware of any patches that would cause this problem, unless your security settings were mangled before and have now been corrected.

If you create a new user, does the problem continue?
Is this all email - internal between users and external? Does the problem follow to OWA?

LVL 13

Expert Comment

ID: 20326825
One of the installed Exchange Pack is - KB 926666 (Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2)

This update requires following patches to keep version of store.exe @ certain level.

KB 916803 - MS06-019: Vulnerability in Microsoft Exchange Server could allow remote code execution
KB912442 - MS06-029: Vulnerability in Microsoft Exchange Server could allow script injection when Exchange Server runs Outlook Web Access

Kinldy check http://support.microsoft.com/kb/912918/ for same.


Author Comment

ID: 20330706
ok , kbitguru the relay to all authenticated users is set and everything was working properly....Sembee, i created a new user in AD and gave him access right to a certain mailbox (full access) but same action occurred, and yes its NOT sending emails neither internally (between users) nor externally, but when on OWA i can send emails normally when i use the mailbox itself as login ( abc@xyz.org).....

well vishal_breed, i've reed that article and what i understood from it that if the user intending to send an email on behalf of a certain mailbox and he had full access permission on it, after installing that patch on exchange 2003 SP2, will have to be given EXPLICITLY the send as permission too....please correct me if am mistaking......Anyhow,  will try that and see if it works and come back to you.....Thank you all for your responses.
LVL 13

Accepted Solution

vishal_breed earned 2000 total points
ID: 20333286
Q. After installing that patch on exchange 2003 SP2, will have to be given EXPLICITLY the send as permission too!!

Ans. Correct.

This patch was released by MS in June 2006 as most of the customers raised the issue; when full mailbox permission is assigned; Administrators can access any mailbox & can send email as CEO or as any person in the organization (considered as security threats).

But after installing this patch - BlackBerry kind of services hampered as BlackBerry account has Send As permission assigned on mailboxes of BlackBerry Users.

You can use script mentioned in

Or follow
http://msexchangeteam.com/archive/2006/04/28/426707.aspx (Check the comments posted by various users after reading the articles. Follow any suitable method mentioned in Comments)

Author Comment

ID: 20333391
Well Vishal_breed, you answered my question and guided me very well to solve the issue that i had no clue about and was a hectic one for the past 4 days :):)....you deserve all the points so bon appetite :):):)......thanks to everyone else who contributed and tried to help.

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question