Exchange 2003 - Relay Permissions and Domain Admins
Hi All, Wonder if you can help... Its not so much as a problem now as I believe I found the answer, it just has a confusing twist to it which I dont understand! We have several users who wish to send email from their alternate smtp address. We have configured pop3 access to the exchange server and setup a new pop3 account on each users outlook client. It uses our exchange server as its outbound smtp server and we use their domain username / password to authenticate. We then configure the pop3 account to send only as it will receive in the usual way via their exchange account as its their second smtp address. When first testing under my username it worked ok (domain admin) - however when I tested with the user it failed with an unable to relay message. Went to ESM - Administrative Groups - <Admin Group> - Servers - <Servername> - Protocols - SMTP - Default SMTP Virt Server Within the "Access" tab I went to users where the only group added was "authenticated users" They only had the allow permission to Submit. When adding the users and giving them relay permissions - I could send email ok. My question is.. why was I allowed to relay, I have worked out that if your in our domain admins group you can always relay. Regardless if the domain admins group is defined in the "Relay Restrictions" in the Default SMTP Server or not. Is this by default, It seems its inheriting permissions from somewhere but were not sure where as the domain admin group isnt showing. Just "authenticated users". Can anyone help and shed some light on this? Kind Regards, Craig
January 15th, 2009 4:39pm

Hi,Of course not, for the users in Domain Admins group also need to meet the relevant requirements so that can send the outbound email. If there has relay restriction on Domain Admins Goup, it will not send the email.Did you check "Allow all computers which successfully authenticate to relay, regardless of the list above" option? Please understand this option has the same function with checking "Relay Permission".The Exchange can relay the email from the users who successful pass the authentication.Now I suggest we perform telnet command to check whether we can succeed in authenticating to relay the email. The below article you can view:http://www.computerperformance.co.uk/exchange2003/exchange2003_SMTP_Auth_Login.htmThanksAllen
Free Windows Admin Tool Kit Click here and download it now
January 16th, 2009 8:48am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics