I have set a mail enabled universal group to only allow certain users to email to the distribution list and have setup to require that they are authenticated. This works internally, but anyone from the outside can email to this list!! Am I missing something? This is for Exchange 2007...

Hi, This should work normally, have you tried another group to test it ? Regards, Johan blog: www.johanveldhuis.nl

of course.i created a new mail enabled universal group and tested...still goes throughi had an old mail non-universal group and converted it to universal...still goes through

Hi, Please run following command to get the distribution group setting and post here Get-distributiongroup groupname |fl Please also let me know your Exchange 2007 version. In addition, please check whether you have restart the System Attendant Service to refresh DSAccess cache. Mike

we are running exchange 2007 with no service pack. below is the output you wanted. i'm not sure how to check if we restarted the system attendant service though. this hasn't been working on all our distribution lists or newly created ones.GroupType : UniversalSamAccountName : DistribTestExpansionServer : ReportToManagerEnabled : FalseReportToOriginatorEnabled : TrueSendOofMessageToOriginatorEnabled : FalseManagedBy : AcceptMessagesOnlyFrom : {Simpson, Homer}AcceptMessagesOnlyFromDLMembers : {}AddressListMembership : {Default Global Address List, All Groups1, All Groups}Alias : DistribTestOrganizationalUnit : foo.lan/UsersCustomAttribute1 : CustomAttribute10 : CustomAttribute11 : CustomAttribute12 : CustomAttribute13 : CustomAttribute14 : CustomAttribute15 : CustomAttribute2 : CustomAttribute3 : CustomAttribute4 : CustomAttribute5 : CustomAttribute6 : CustomAttribute7 : CustomAttribute8 : CustomAttribute9 : DisplayName : DistribTestEmailAddresses : {smtp: distribTest@foo.lan, smtp: distribTest @alumni.foo.org, X400:C=us;A= ;P=foo;O =Exchange;S=DistribTest;, SMTP: distribTest @foo.org}GrantSendOnBehalfTo : {}HiddenFromAddressListsEnabled : FalseLegacyExchangeDN : /o=foo/ou=First Administrative Group/cn= Recipients/cn=DistribTestMaxSendSize : unlimitedMaxReceiveSize : unlimitedPoliciesIncluded : {{9BB0886C-7D56-4094-9834-7CEC72A56388},{2 6491CFC-9E50-4857-861B-0CB8DF22B5D7}}PoliciesExcluded : {}EmailAddressPolicyEnabled : TruePrimarySmtpAddress : DistribTest@foo.orgRecipientType : MailUniversalDistributionGroupRecipientTypeDetails : MailUniversalDistributionGroupRejectMessagesFrom : {}RejectMessagesFromDLMembers : {}RequireSenderAuthenticationEnabled : TrueSimpleDisplayName : UMDtmfMap : {}WindowsEmailAddress : DistribTest@foo.orgIsValid : TrueOriginatingServer : footb1.foo.lanExchangeVersion : 0.1 (8.0.535.0)Name : DistribTestDistinguishedName : CN=DistribTest,CN=Users,DC=foo,DC=lanIdentity : foo.lan/Users/DistribTestGuid : b9c4bbe3-418d-4649-a73d-f2dff876801fObjectCategory : foo.lan/Configuration/Schema/GroupObjectClass : {top, group}WhenChanged : 11/7/2008 10:19:44 AMWhenCreated : 11/7/2008 9:51:07 AM

Hi, I am not able to reproduce your problem after create a new Universal Distribution Group with same configuration as your group. My test environment is Exchange 2007 Service Pack 1. Therefore, I suggest you firstly upgrade your Environment to Service Pack 1 and create a new Distribution Group to check whether the issue persists. In addition, would you please let me know whether Internet message go into the hub transport server directly or through some other Mail Server, such as Edge server or other mail servers. I suggest you test the problem by using following method: 1. Telnet to the Hub Transport Server 2. Run following command: Note: You need to temporarily enable the Anonymous users group on the Receive Connector. Ehlo Mail from: externalemailaddress@domain.com (such as XXX@hotmail.com) Rcpt to: distribTest@foo.org Data . Quit Please check whether the message is able to go into the correct mailbox or the external email address receives a NDR message. Mike

turns out the server is running SP1. it's 8.01 (240.6)i was able to run the ehlo command internally and it went through to the distribution list and it seems it's going right to the transport server. from the outside it failed because our spam filter caught it, but i have a feeling it would have gone through.

Since you have setRequireSenderAuthenticationEnabled : True, only internal users will be able to send to thisDL. If you set it to false, thenboth internal and external users will be able to send to this DL. Nitin.