550 5.7.1 RESOLVER.RST.AuthRequired; authentication required for Exchange 2007 distribution groups
Hi
I have an issue where users receive 550 5.7.1 RESOLVER.RST.AuthRequired; authentication required when they try to send to one of my distribtuion groups. I can remove the error by unselecting the Require that all senders are authenticated setting on the distribution group. But I do not understand why this should be necessary. The users that are receiveing the errors are all sending from Outlook, so they should all be authenticated. I do not want to "relax" the security of my distribution groups just to make this work. Anyone know the answer?
Thx
Morgan
December 5th, 2007 2:18pm
This options requires that the sender must not be anonymous in order to post message to the distribution group. As there's a lot of mail systems around the world and many of them don't share a single authentication database they treat senders that cannot be authenticated by themselves as anonymous one (as anyone can easily forge from: field inside smtpheader).
So the most likely cause is that even the users that tries to send to this group might be authenticated somewhere, this information is out of reach for the exchange organization.
Hint: If you have 3rd party MTA that you trust to be relaying mail only from autheticated users then you can set "Externally Secured (for example, with IPSec)." option for the Recieve connector that accepts the mail from this MTA.
Free Windows Admin Tool Kit Click here and download it now
December 5th, 2007 4:45pm
Hi
I do not understand your reply. You seem to be talking about senders external to my organization that send mail to my internal distribution group. That is not the issue here, let me elaborate.
I have a user on my internal network that tries to send a message to one of my internal distribution groups using Outlook. The distribution group contains only internal recipients.
In my mind the user is authenticated, as a result of using Outlook which automatically authenticates the user to Exchange, and should therefore be able to send to any of my internal distribution groups, even if they require authentication.
When I say 'internal distribution group' I mean a DG defined in my Active Directory.
Thanks
Morgan
December 5th, 2007 4:53pm
Can you disable "Requires Authentication ... " checkbox, send there an email and post the headers of message back here?
Free Windows Admin Tool Kit Click here and download it now
December 5th, 2007 5:25pm
Hi - Did anyone find a solution for this? I have the same issue and I do not want to uncheck the "authenticate users" checkbox for the DG either. This opens up the DG so that spammers can email it and the people on the DG, which is not good.Morgan has the right idea by not wanting to uncheck that setting. I have also used that setting on DG's on Exch03 for years with out any problems or spam coming through on my DGs.
Thanks.
January 9th, 2008 5:06am
Hi guys
A little update from me.
It seems I have been misinformed. In my case, this error does not appear when users send from Outlook, but rather when they create an action in a SharePoint 2007 site and try to send that action to a distribution group. This is obviously uauthenticated messaging and thus produces the error. I apologize to anyone of you who have spent time on this, although it seems that some of you really get this error when submitting from an authenticated user. I received the clarification only yesterday from my customer who is experiencing the problem. I guess that's what you get for trusing people.
I solved this particular problem by creating a new receive connector whose source address is the SharePoint Server, meaning it will only accept connections from that IP address. Then I set the authentication settings on the connector to Externally secured. All messages received are thus masked as authenticated and trusted when received by the Exchange servers. All users can now successfully send actions from SharePoint.
Best regards,
Morgan
Free Windows Admin Tool Kit Click here and download it now
January 9th, 2008 12:31pm
I pretty sure it does not open to spammers.
Please read following post.
<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss;
mso-font-pitch:variable; mso-font-signature:-520082689 -1073717157 41 0 66047 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt;
mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;} @page Section1
{size:612.0pt 792.0pt; margin:72.0pt 72.0pt 72.0pt 72.0pt; mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:0;} div.Section1 {page:Section1;} -->
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22791887.html
It worked for me.
December 17th, 2010 4:48am
Sorry to awaken an old thread but in case anyone else is looking for a solution to this, what worked for me was disabling the "Require that all senders are authenticated" option from the distribution group. In Exchange Mgt Console, Select the properties
for the specific dist group, Mail Flow tab, Select Message Delivery Restrictions and click Properties, Uncheck Require that all senders are auth option. Of course take into consideration your environment and any application security precautions.RJ
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2011 9:47pm
Thanks Dude,
It worked fine, but I have small concern will this affect any security?
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.Or please vote as helpful.
July 29th, 2011 8:04am