All Users except admins cannot send via smtp - MS Exchange 2010

I am using thunderbird for the smtp mail client. I have it running on the exchange server itself. When i use my admin account i can send mail. If i use any other account i get the error "the mail server responded: 5.7.1 client does not have permissions to send as this sender...."

My exchange connector is set up for anonymous users and exchange users.

Why is this? Thank you.
ITAsked:
Who is Participating?
 
Gary ColtharpConnect With a Mentor Sr. Systems EngineerCommented:
It sounds like what you need is a new send connector. In my SBS implementations where internal devices need to be able to send mail to both internal and external recipients, I set up an Anonymous Relay connector to get around authentication and relay issues. It is locked down to only accepting from the internal subnet(s) but can send anywhere.

You simply need to bind a second IP to your NIC on your server and use it as the smtp host.
Create a new connector called something like AnonymousRelay. Keep it simple and avoid spaces so you don't have to use quotes in the exchange shell. Then select "Custom" from the drop-down menu. Configure the connector with "Anonymous Users" allowed, then in the "Network" section just add the local subnet. Make sure the top box references your newly bound IP.
Open Exchange Management Shell and enter the following command (note that no quotes are required for your connector name if you don't have spaces in the name):
Get-ReceiveConnector "connector name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Bounce the transport service and it should work.

HTH

Gary
0
 
WinsoupCommented:
If you right click on the user in EMC and click "manage send as permissions" does
NT AUTHORITY\SELF have permissions in there?
If not, add it and try it again.
0
 
ITAuthor Commented:
It is there for all users.

Why would only admins be able to send and other users including a newly created one not be able to? And once i created a new user, unless i am mistaken, for about 10 minutes i could send as the new user "test" and then it would not allow me to any more.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
WinsoupCommented:
It has to be a rights issue somewhere.

Check this...

Exchange
If that doesn't work try unchecking "Exchange Users" on your connector and just leave it as "Anon Users" and try it again.

If that doesn't work can you post a screenshot of the rights you have set up on your connectors?
0
 
ITAuthor Commented:
I unchecked it and clicked apply, It didn't help so i put it back and clicked apply again,
If you uncheck exchange users and only allow anonymous users then when they try to authenticate with there username and password wont it reject that?
Clipboard02.jpg
0
 
WinsoupConnect With a Mentor Commented:
Yeah sorry I was looking at my Internet Connector.

Can you post the authentication tab as well?

Do you have your relay set up and have the Exchange Server listed as the IP address to receive email?

If that's not the issue try running this command for a user and see if that person can send afterwards.

Get-ReceiveConnector "Name of Connector" | Add-ADPermission -user "DOMAIN\myLogin" -ExtendedRights "ms-Exch-SMTP-Submit ms-Exch-SMTP-Accept-Any-Recipient ms-Exch-SMTP-Accept-Any-Sender ms-Exch-SMTP-Accept-Authoritative-Domain-Sender"

Open in new window

0
 
ITAuthor Commented:
Yes the relay is set up and it does indeed work if i use my admin account, so i don't think network settings or encryption are to blame. I tried that command and it didn't work, I mean the command itself failed. What did i do wrong? And, thank you very much for your time so far by the way.
Clipboard03.jpg
Clipboard04.jpg
0
 
WinsoupCommented:
Just to make sure were on the same page here. You have outlook set up for a user, with their own account, username and password and that's not working, right?

Or are you trying to send as a domain user from an account other than their own? In the from field is it showing up as the user that is sending the email?

Do you use OWA at all? Does it work from there?
0
 
WinsoupCommented:
Also in AD, click view, advanced features.
Search for a user that it's not working for, click the security tab, under SELF make sure they have "Send As" and "Receive As" checked in there.

I know you said NT AUTHORITY\SELF was set up in exchange but if they don't have rights to it themselves it won't work.
0
 
ITAuthor Commented:
Outlook works fine for every user. Its when the user tries to send mail through smtp using mozilla thunderbird that it fails, see the screen shot. there is a program that takes care of there warehouse, called inxsql and it runs on the server and sends mail for users through exchange (through smtp) and thats whats not working. to diagnose that i installed mozilla thunderbird onto the server so i can send via smtp.
0
 
WinsoupCommented:
Ahh ok. All of this is installed on the exchange server?
What does your send connector look like under Organization Management>Hub Transport>Network Space
0
 
ITAuthor Commented:
wouldn't it be my receive connector that handles the incoming requests and is denying my users?
Clipboard05.jpg
Clipboard06.jpg
0
 
WinsoupCommented:
Yes but if your send connector isn't configured to send to all internet domains that could stop it from sending out.
That error is also seen when an application, printer, server, or computer isn't set up to relay. Do you have a receive connector set up that you use to allow devices to relay email?

That's about all I can think of right now, especially since you said outlook is working fine for everyone.
Double check your settings in thunderbird too and make sure that's all ok.
0
 
ITAuthor Commented:
It does send out (relay) no problem, but only when an admin is the sender in thunderbird, otherwise the server rejects the user. That's alright, I appreciate you trying.
0
 
ITAuthor Commented:
I think i missed one of your comments, where do i find those settings in post ID: 39917694 ?
0
 
WinsoupCommented:
It's in ADSI Edit.

I just found this article that could be helpful for you. It also shows where to find this option.

http://help.globalscape.com/help/me3/configuring_authenticated_access_to_exchange.htm
0
 
hecgomrecCommented:
Have you tried sending email with an Outlook client?

If you did, did it work?

If it did, your error or problem is not on exchange... but Thunderbird itself.

Make sure your settings on the Thunderbird match those on the mailbox (identities).

As a workaround, try giving permission on the user's mailbox to Send As to themselves.
0
 
ITConnect With a Mentor Author Commented:
http://sparesomeexchange.com/unable-to-relay-mail-to-external-recipient-in-exchange/

I ran three of the commands at the bottom, i think i only needed to run thius one CAS-SERVER-01\Anonymous Relay NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Submit}

but running the other two i chose that seemed close couldnt hurt... and, it works! Thank you all for your help!
0
 
ITAuthor Commented:
Thank you!
0
 
ITAuthor Commented:
It didn't like when i tried running the commands how you had them laid out all together for some reason, but when i ran them one at a time it worked.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.