I have inherited an Exchange 2003 Enterprise Edition, with no SP1 or SP2, that has started causing groups of users to not be able to send out from "shared/group" mailboxes. These shared/group mailboxes, function as departmental/team resources, and its imperative that the recipient only see the shared mailbox, not the actual end-users SMTP address, but instead, firstname.lastname@example.org
We have several of these that are working correctly, but one mailbox in particular recently has started causing members in that group to receive bounce-backs w/ no NDR code, just this message:
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
This is what I know:
- Users have been added to "Send-on behalf" in Delivery Options, under Exchange General, for the mailbox in question
- Accept Messages from "Everyone" is selected under "Delivery Restrictions" under Exchange General for the mailbox in question
- have also added the users to the "Mailbox Rights" under Exchange Advanced (although this seems to create in the from field "jane doe on behalf of 'shared-mailbox-Display-Name" -- which we dont want.. we have to hide the sender SMTP, and only allow the shared-mailbox SMTP to be visible)
- I'm not seeing anything in the logs on the Exchange system
- Doing a message trace just shows the message immediately bouncing
- Ran SMTPDiag w/ the shared mailbox as the sender, and chose a recipient from one of the bounce backs --- all the SMTPDiag tests were successful.
- nothing has changed in terms of MX records in our DNS zone.
What I haven't done:
Under the Default SMTP Virtual Server Properties > Access > Relay.. currently there are (3) subnets listed, but the checkbox is selected for "Allow all computers which successfully authenticate to relay, regardless of the list above". I've read on other sites, that this should be de-selected, and then "Users" should be clicked, and then "Authenticated Users" get the "Allow" permission for Submit and Relay.
I don't know why only this shared resource is experiencing this issue, but I'd really like to resolve this before it potentially starts spreading to the other addresses we have setup
ideas? thoughts? suggestions?