Solved

All Users except admins cannot send via smtp - MS Exchange 2010

Posted on 2014-03-10
20
437 Views
Last Modified: 2014-03-18
I am using thunderbird for the smtp mail client. I have it running on the exchange server itself. When i use my admin account i can send mail. If i use any other account i get the error "the mail server responded: 5.7.1 client does not have permissions to send as this sender...."

My exchange connector is set up for anonymous users and exchange users.

Why is this? Thank you.
0
Comment
Question by:redeyeinc
20 Comments
 
LVL 3

Expert Comment

by:Winsoup
ID: 39917606
If you right click on the user in EMC and click "manage send as permissions" does
NT AUTHORITY\SELF have permissions in there?
If not, add it and try it again.
0
 

Author Comment

by:redeyeinc
ID: 39917678
It is there for all users.

Why would only admins be able to send and other users including a newly created one not be able to? And once i created a new user, unless i am mistaken, for about 10 minutes i could send as the new user "test" and then it would not allow me to any more.
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39917694
It has to be a rights issue somewhere.

Check this...

Exchange
If that doesn't work try unchecking "Exchange Users" on your connector and just leave it as "Anon Users" and try it again.

If that doesn't work can you post a screenshot of the rights you have set up on your connectors?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:redeyeinc
ID: 39917791
I unchecked it and clicked apply, It didn't help so i put it back and clicked apply again,
If you uncheck exchange users and only allow anonymous users then when they try to authenticate with there username and password wont it reject that?
Clipboard02.jpg
0
 
LVL 3

Assisted Solution

by:Winsoup
Winsoup earned 250 total points
ID: 39917843
Yeah sorry I was looking at my Internet Connector.

Can you post the authentication tab as well?

Do you have your relay set up and have the Exchange Server listed as the IP address to receive email?

If that's not the issue try running this command for a user and see if that person can send afterwards.

Get-ReceiveConnector "Name of Connector" | Add-ADPermission -user "DOMAIN\myLogin" -ExtendedRights "ms-Exch-SMTP-Submit ms-Exch-SMTP-Accept-Any-Recipient ms-Exch-SMTP-Accept-Any-Sender ms-Exch-SMTP-Accept-Authoritative-Domain-Sender"

Open in new window

0
 

Author Comment

by:redeyeinc
ID: 39917973
Yes the relay is set up and it does indeed work if i use my admin account, so i don't think network settings or encryption are to blame. I tried that command and it didn't work, I mean the command itself failed. What did i do wrong? And, thank you very much for your time so far by the way.
Clipboard03.jpg
Clipboard04.jpg
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918008
Just to make sure were on the same page here. You have outlook set up for a user, with their own account, username and password and that's not working, right?

Or are you trying to send as a domain user from an account other than their own? In the from field is it showing up as the user that is sending the email?

Do you use OWA at all? Does it work from there?
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918108
Also in AD, click view, advanced features.
Search for a user that it's not working for, click the security tab, under SELF make sure they have "Send As" and "Receive As" checked in there.

I know you said NT AUTHORITY\SELF was set up in exchange but if they don't have rights to it themselves it won't work.
0
 

Author Comment

by:redeyeinc
ID: 39918467
Outlook works fine for every user. Its when the user tries to send mail through smtp using mozilla thunderbird that it fails, see the screen shot. there is a program that takes care of there warehouse, called inxsql and it runs on the server and sends mail for users through exchange (through smtp) and thats whats not working. to diagnose that i installed mozilla thunderbird onto the server so i can send via smtp.
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918489
Ahh ok. All of this is installed on the exchange server?
What does your send connector look like under Organization Management>Hub Transport>Network Space
0
 

Author Comment

by:redeyeinc
ID: 39918597
wouldn't it be my receive connector that handles the incoming requests and is denying my users?
Clipboard05.jpg
Clipboard06.jpg
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918632
Yes but if your send connector isn't configured to send to all internet domains that could stop it from sending out.
That error is also seen when an application, printer, server, or computer isn't set up to relay. Do you have a receive connector set up that you use to allow devices to relay email?

That's about all I can think of right now, especially since you said outlook is working fine for everyone.
Double check your settings in thunderbird too and make sure that's all ok.
0
 

Author Comment

by:redeyeinc
ID: 39918797
It does send out (relay) no problem, but only when an admin is the sender in thunderbird, otherwise the server rejects the user. That's alright, I appreciate you trying.
0
 

Author Comment

by:redeyeinc
ID: 39918805
I think i missed one of your comments, where do i find those settings in post ID: 39917694 ?
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918881
It's in ADSI Edit.

I just found this article that could be helpful for you. It also shows where to find this option.

http://help.globalscape.com/help/me3/configuring_authenticated_access_to_exchange.htm
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39920291
Have you tried sending email with an Outlook client?

If you did, did it work?

If it did, your error or problem is not on exchange... but Thunderbird itself.

Make sure your settings on the Thunderbird match those on the mailbox (identities).

As a workaround, try giving permission on the user's mailbox to Send As to themselves.
0
 
LVL 12

Accepted Solution

by:
Gary Coltharp earned 250 total points
ID: 39923238
It sounds like what you need is a new send connector. In my SBS implementations where internal devices need to be able to send mail to both internal and external recipients, I set up an Anonymous Relay connector to get around authentication and relay issues. It is locked down to only accepting from the internal subnet(s) but can send anywhere.

You simply need to bind a second IP to your NIC on your server and use it as the smtp host.
Create a new connector called something like AnonymousRelay. Keep it simple and avoid spaces so you don't have to use quotes in the exchange shell. Then select "Custom" from the drop-down menu. Configure the connector with "Anonymous Users" allowed, then in the "Network" section just add the local subnet. Make sure the top box references your newly bound IP.
Open Exchange Management Shell and enter the following command (note that no quotes are required for your connector name if you don't have spaces in the name):
Get-ReceiveConnector "connector name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Bounce the transport service and it should work.

HTH

Gary
0
 

Assisted Solution

by:redeyeinc
redeyeinc earned 0 total points
ID: 39926606
http://sparesomeexchange.com/unable-to-relay-mail-to-external-recipient-in-exchange/

I ran three of the commands at the bottom, i think i only needed to run thius one CAS-SERVER-01\Anonymous Relay NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Submit}

but running the other two i chose that seemed close couldnt hurt... and, it works! Thank you all for your help!
0
 

Author Comment

by:redeyeinc
ID: 39926615
Thank you!
0
 

Author Closing Comment

by:redeyeinc
ID: 39936359
It didn't like when i tried running the commands how you had them laid out all together for some reason, but when i ran them one at a time it worked.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPOs not applying 9 50
SYSVOL and NETLOGON affected by crypto virus 7 137
IIS 7.5 to 8.0 6 108
SBS Server 2011 does not recognize a PC as being Online 8 48
The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question