Receive Connector Integrated Windows Authentication User Account
My scenario is I have Exchange 2010 and created a custom Receive Connector with Integrated Windows Authentication only. I have the connector configured correctly 100%. I also have a Windows 2008 Server with smtp installed. On the outbound securities button
I have a domain admin account configured for Integrated Authentication and everything works fine. However I want to change that account to some kind of service user account. However when I change the account I receive smtp;550 5.7.1 Client does not have permissions
to send as this sender. Any help would be greatly appreciated.
Thanks.
February 6th, 2013 9:13am
Hi,
When you have ndr 5.7.1 its permission issue, check the following settings:
On Exchange 2010 smtp receive add or check if the other server ip is added.
Check the permission on authentication & security tab.
How the other smtp try to send email? did you check the log file of the other smtp?
Eli. Unified Communication , https://www.facebook.com/groups/mucugi/
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2013 3:11pm
My apologies for the late response. The Exchange Receive Connector is configured correctly to receive from my Windows 2008 smtp relay server, it has to do with account permissions. What ever account I use on my Windows 2008 SMTP relay--properties--delivery--outbound
security--integrated windows has to have specific permissions and I do not know what they are supposed to be. As I said, the domain admin account works, I want to use a domain user account. What permissions would a domain user account need to send mail from
the smtp relay to an exchange internal receive connector that allows 'send as this sender' for every sender in the company. the domain admin account has it, but as I said, I do not know specifically what it is.
Thanks.
February 13th, 2013 8:28am
On Wed, 6 Feb 2013 14:08:04 +0000, LT757 wrote:
>
>
>My scenario is I have Exchange 2010 and created a custom Receive Connector with Integrated Windows Authentication only. I have the connector configured correctly 100%. I also have a Windows 2008 Server with smtp installed. On the outbound securities button
I have a domain admin account configured for Integrated Authentication and everything works fine. However I want to change that account to some kind of service user account. However when I change the account I receive smtp;550 5.7.1 Client does not have permissions
to send as this sender. Any help would be greatly appreciated.
If the credentials you use for authentication aren't those of the
address in the MAIL FROM then the receive connector is going to regard
that situation as address spoofing.
E.g. You authenticate as domain\user1 (and that user has a a SMTP
address of user1@domain.com) but you send a message using "MAIL
FROM:<differentuser@domain.com>". That's a "spoofed" address. It
doesn't belong to the account that was authenticated.
You need to assign the "ms-Exch-SMTP-Accept-Any-Sender" extended right
to the domain\user1 user (using the example below) on the Receive
Connector.
Get-ReceiveConnector "ConnectorName" | Add-ADPermission User
"domain\account" ExtendedRights ms-Exch-SMTP-Accept-Any-Sender
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
February 13th, 2013 5:42pm
On Wed, 6 Feb 2013 14:08:04 +0000, LT757 wrote:
>
>
>My scenario is I have Exchange 2010 and created a custom Receive Connector with Integrated Windows Authentication only. I have the connector configured correctly 100%. I also have a Windows 2008 Server with smtp installed. On the outbound securities button
I have a domain admin account configured for Integrated Authentication and everything works fine. However I want to change that account to some kind of service user account. However when I change the account I receive smtp;550 5.7.1 Client does not have permissions
to send as this sender. Any help would be greatly appreciated.
If the credentials you use for authentication aren't those of the
address in the MAIL FROM then the receive connector is going to regard
that situation as address spoofing.
E.g. You authenticate as domain\user1 (and that user has a a SMTP
address of user1@domain.com) but you send a message using "MAIL
FROM:<differentuser@domain.com>". That's a "spoofed" address. It
doesn't belong to the account that was authenticated.
You need to assign the "ms-Exch-SMTP-Accept-Any-Sender" extended right
to the domain\user1 user (using the example below) on the Receive
Connector.
Get-ReceiveConnector "ConnectorName" | Add-ADPermission User
"domain\account" ExtendedRights ms-Exch-SMTP-Accept-Any-Sender
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
February 14th, 2013 1:37am
Thank you Rich, that sounds logical and correct to me. I will try that, and post results in a few days.
Free Windows Admin Tool Kit Click here and download it now
February 14th, 2013 8:46am