Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

All Users except admins cannot send via smtp - MS Exchange 2010

Posted on 2014-03-10
20
Medium Priority
?
481 Views
Last Modified: 2014-03-18
I am using thunderbird for the smtp mail client. I have it running on the exchange server itself. When i use my admin account i can send mail. If i use any other account i get the error "the mail server responded: 5.7.1 client does not have permissions to send as this sender...."

My exchange connector is set up for anonymous users and exchange users.

Why is this? Thank you.
0
Comment
Question by:IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
20 Comments
 
LVL 3

Expert Comment

by:Winsoup
ID: 39917606
If you right click on the user in EMC and click "manage send as permissions" does
NT AUTHORITY\SELF have permissions in there?
If not, add it and try it again.
0
 

Author Comment

by:IT
ID: 39917678
It is there for all users.

Why would only admins be able to send and other users including a newly created one not be able to? And once i created a new user, unless i am mistaken, for about 10 minutes i could send as the new user "test" and then it would not allow me to any more.
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39917694
It has to be a rights issue somewhere.

Check this...

Exchange
If that doesn't work try unchecking "Exchange Users" on your connector and just leave it as "Anon Users" and try it again.

If that doesn't work can you post a screenshot of the rights you have set up on your connectors?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:IT
ID: 39917791
I unchecked it and clicked apply, It didn't help so i put it back and clicked apply again,
If you uncheck exchange users and only allow anonymous users then when they try to authenticate with there username and password wont it reject that?
Clipboard02.jpg
0
 
LVL 3

Assisted Solution

by:Winsoup
Winsoup earned 1000 total points
ID: 39917843
Yeah sorry I was looking at my Internet Connector.

Can you post the authentication tab as well?

Do you have your relay set up and have the Exchange Server listed as the IP address to receive email?

If that's not the issue try running this command for a user and see if that person can send afterwards.

Get-ReceiveConnector "Name of Connector" | Add-ADPermission -user "DOMAIN\myLogin" -ExtendedRights "ms-Exch-SMTP-Submit ms-Exch-SMTP-Accept-Any-Recipient ms-Exch-SMTP-Accept-Any-Sender ms-Exch-SMTP-Accept-Authoritative-Domain-Sender"

Open in new window

0
 

Author Comment

by:IT
ID: 39917973
Yes the relay is set up and it does indeed work if i use my admin account, so i don't think network settings or encryption are to blame. I tried that command and it didn't work, I mean the command itself failed. What did i do wrong? And, thank you very much for your time so far by the way.
Clipboard03.jpg
Clipboard04.jpg
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918008
Just to make sure were on the same page here. You have outlook set up for a user, with their own account, username and password and that's not working, right?

Or are you trying to send as a domain user from an account other than their own? In the from field is it showing up as the user that is sending the email?

Do you use OWA at all? Does it work from there?
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918108
Also in AD, click view, advanced features.
Search for a user that it's not working for, click the security tab, under SELF make sure they have "Send As" and "Receive As" checked in there.

I know you said NT AUTHORITY\SELF was set up in exchange but if they don't have rights to it themselves it won't work.
0
 

Author Comment

by:IT
ID: 39918467
Outlook works fine for every user. Its when the user tries to send mail through smtp using mozilla thunderbird that it fails, see the screen shot. there is a program that takes care of there warehouse, called inxsql and it runs on the server and sends mail for users through exchange (through smtp) and thats whats not working. to diagnose that i installed mozilla thunderbird onto the server so i can send via smtp.
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918489
Ahh ok. All of this is installed on the exchange server?
What does your send connector look like under Organization Management>Hub Transport>Network Space
0
 

Author Comment

by:IT
ID: 39918597
wouldn't it be my receive connector that handles the incoming requests and is denying my users?
Clipboard05.jpg
Clipboard06.jpg
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918632
Yes but if your send connector isn't configured to send to all internet domains that could stop it from sending out.
That error is also seen when an application, printer, server, or computer isn't set up to relay. Do you have a receive connector set up that you use to allow devices to relay email?

That's about all I can think of right now, especially since you said outlook is working fine for everyone.
Double check your settings in thunderbird too and make sure that's all ok.
0
 

Author Comment

by:IT
ID: 39918797
It does send out (relay) no problem, but only when an admin is the sender in thunderbird, otherwise the server rejects the user. That's alright, I appreciate you trying.
0
 

Author Comment

by:IT
ID: 39918805
I think i missed one of your comments, where do i find those settings in post ID: 39917694 ?
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918881
It's in ADSI Edit.

I just found this article that could be helpful for you. It also shows where to find this option.

http://help.globalscape.com/help/me3/configuring_authenticated_access_to_exchange.htm
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39920291
Have you tried sending email with an Outlook client?

If you did, did it work?

If it did, your error or problem is not on exchange... but Thunderbird itself.

Make sure your settings on the Thunderbird match those on the mailbox (identities).

As a workaround, try giving permission on the user's mailbox to Send As to themselves.
0
 
LVL 12

Accepted Solution

by:
Gary Coltharp earned 1000 total points
ID: 39923238
It sounds like what you need is a new send connector. In my SBS implementations where internal devices need to be able to send mail to both internal and external recipients, I set up an Anonymous Relay connector to get around authentication and relay issues. It is locked down to only accepting from the internal subnet(s) but can send anywhere.

You simply need to bind a second IP to your NIC on your server and use it as the smtp host.
Create a new connector called something like AnonymousRelay. Keep it simple and avoid spaces so you don't have to use quotes in the exchange shell. Then select "Custom" from the drop-down menu. Configure the connector with "Anonymous Users" allowed, then in the "Network" section just add the local subnet. Make sure the top box references your newly bound IP.
Open Exchange Management Shell and enter the following command (note that no quotes are required for your connector name if you don't have spaces in the name):
Get-ReceiveConnector "connector name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Bounce the transport service and it should work.

HTH

Gary
0
 

Assisted Solution

by:IT
IT earned 0 total points
ID: 39926606
http://sparesomeexchange.com/unable-to-relay-mail-to-external-recipient-in-exchange/

I ran three of the commands at the bottom, i think i only needed to run thius one CAS-SERVER-01\Anonymous Relay NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Submit}

but running the other two i chose that seemed close couldnt hurt... and, it works! Thank you all for your help!
0
 

Author Comment

by:IT
ID: 39926615
Thank you!
0
 

Author Closing Comment

by:IT
ID: 39936359
It didn't like when i tried running the commands how you had them laid out all together for some reason, but when i ran them one at a time it worked.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question