Solved

All Users except admins cannot send via smtp - MS Exchange 2010

Posted on 2014-03-10
20
429 Views
Last Modified: 2014-03-18
I am using thunderbird for the smtp mail client. I have it running on the exchange server itself. When i use my admin account i can send mail. If i use any other account i get the error "the mail server responded: 5.7.1 client does not have permissions to send as this sender...."

My exchange connector is set up for anonymous users and exchange users.

Why is this? Thank you.
0
Comment
Question by:redeyeinc
20 Comments
 
LVL 3

Expert Comment

by:Winsoup
ID: 39917606
If you right click on the user in EMC and click "manage send as permissions" does
NT AUTHORITY\SELF have permissions in there?
If not, add it and try it again.
0
 

Author Comment

by:redeyeinc
ID: 39917678
It is there for all users.

Why would only admins be able to send and other users including a newly created one not be able to? And once i created a new user, unless i am mistaken, for about 10 minutes i could send as the new user "test" and then it would not allow me to any more.
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39917694
It has to be a rights issue somewhere.

Check this...

Exchange
If that doesn't work try unchecking "Exchange Users" on your connector and just leave it as "Anon Users" and try it again.

If that doesn't work can you post a screenshot of the rights you have set up on your connectors?
0
 

Author Comment

by:redeyeinc
ID: 39917791
I unchecked it and clicked apply, It didn't help so i put it back and clicked apply again,
If you uncheck exchange users and only allow anonymous users then when they try to authenticate with there username and password wont it reject that?
Clipboard02.jpg
0
 
LVL 3

Assisted Solution

by:Winsoup
Winsoup earned 250 total points
ID: 39917843
Yeah sorry I was looking at my Internet Connector.

Can you post the authentication tab as well?

Do you have your relay set up and have the Exchange Server listed as the IP address to receive email?

If that's not the issue try running this command for a user and see if that person can send afterwards.

Get-ReceiveConnector "Name of Connector" | Add-ADPermission -user "DOMAIN\myLogin" -ExtendedRights "ms-Exch-SMTP-Submit ms-Exch-SMTP-Accept-Any-Recipient ms-Exch-SMTP-Accept-Any-Sender ms-Exch-SMTP-Accept-Authoritative-Domain-Sender"

Open in new window

0
 

Author Comment

by:redeyeinc
ID: 39917973
Yes the relay is set up and it does indeed work if i use my admin account, so i don't think network settings or encryption are to blame. I tried that command and it didn't work, I mean the command itself failed. What did i do wrong? And, thank you very much for your time so far by the way.
Clipboard03.jpg
Clipboard04.jpg
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918008
Just to make sure were on the same page here. You have outlook set up for a user, with their own account, username and password and that's not working, right?

Or are you trying to send as a domain user from an account other than their own? In the from field is it showing up as the user that is sending the email?

Do you use OWA at all? Does it work from there?
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918108
Also in AD, click view, advanced features.
Search for a user that it's not working for, click the security tab, under SELF make sure they have "Send As" and "Receive As" checked in there.

I know you said NT AUTHORITY\SELF was set up in exchange but if they don't have rights to it themselves it won't work.
0
 

Author Comment

by:redeyeinc
ID: 39918467
Outlook works fine for every user. Its when the user tries to send mail through smtp using mozilla thunderbird that it fails, see the screen shot. there is a program that takes care of there warehouse, called inxsql and it runs on the server and sends mail for users through exchange (through smtp) and thats whats not working. to diagnose that i installed mozilla thunderbird onto the server so i can send via smtp.
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918489
Ahh ok. All of this is installed on the exchange server?
What does your send connector look like under Organization Management>Hub Transport>Network Space
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:redeyeinc
ID: 39918597
wouldn't it be my receive connector that handles the incoming requests and is denying my users?
Clipboard05.jpg
Clipboard06.jpg
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918632
Yes but if your send connector isn't configured to send to all internet domains that could stop it from sending out.
That error is also seen when an application, printer, server, or computer isn't set up to relay. Do you have a receive connector set up that you use to allow devices to relay email?

That's about all I can think of right now, especially since you said outlook is working fine for everyone.
Double check your settings in thunderbird too and make sure that's all ok.
0
 

Author Comment

by:redeyeinc
ID: 39918797
It does send out (relay) no problem, but only when an admin is the sender in thunderbird, otherwise the server rejects the user. That's alright, I appreciate you trying.
0
 

Author Comment

by:redeyeinc
ID: 39918805
I think i missed one of your comments, where do i find those settings in post ID: 39917694 ?
0
 
LVL 3

Expert Comment

by:Winsoup
ID: 39918881
It's in ADSI Edit.

I just found this article that could be helpful for you. It also shows where to find this option.

http://help.globalscape.com/help/me3/configuring_authenticated_access_to_exchange.htm
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39920291
Have you tried sending email with an Outlook client?

If you did, did it work?

If it did, your error or problem is not on exchange... but Thunderbird itself.

Make sure your settings on the Thunderbird match those on the mailbox (identities).

As a workaround, try giving permission on the user's mailbox to Send As to themselves.
0
 
LVL 12

Accepted Solution

by:
Gary Coltharp earned 250 total points
ID: 39923238
It sounds like what you need is a new send connector. In my SBS implementations where internal devices need to be able to send mail to both internal and external recipients, I set up an Anonymous Relay connector to get around authentication and relay issues. It is locked down to only accepting from the internal subnet(s) but can send anywhere.

You simply need to bind a second IP to your NIC on your server and use it as the smtp host.
Create a new connector called something like AnonymousRelay. Keep it simple and avoid spaces so you don't have to use quotes in the exchange shell. Then select "Custom" from the drop-down menu. Configure the connector with "Anonymous Users" allowed, then in the "Network" section just add the local subnet. Make sure the top box references your newly bound IP.
Open Exchange Management Shell and enter the following command (note that no quotes are required for your connector name if you don't have spaces in the name):
Get-ReceiveConnector "connector name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Bounce the transport service and it should work.

HTH

Gary
0
 

Assisted Solution

by:redeyeinc
redeyeinc earned 0 total points
ID: 39926606
http://sparesomeexchange.com/unable-to-relay-mail-to-external-recipient-in-exchange/

I ran three of the commands at the bottom, i think i only needed to run thius one CAS-SERVER-01\Anonymous Relay NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Submit}

but running the other two i chose that seemed close couldnt hurt... and, it works! Thank you all for your help!
0
 

Author Comment

by:redeyeinc
ID: 39926615
Thank you!
0
 

Author Closing Comment

by:redeyeinc
ID: 39936359
It didn't like when i tried running the commands how you had them laid out all together for some reason, but when i ran them one at a time it worked.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now