Hi there, We have a user outside our network who uses MS Outlook 2007 to connect to our exchange server using IMAP4 but keeps having issues with sending email out. on Exchange 2007: We have the receive connector listed as Client Connector, which has port 587 this connector was created by default after installation and no settings has been changed on Outlook 2007 client: set up incoming AND outgoing server as our exchange 2007 server when he click the test connection button, there were 2 processes listed: - logon to domain ... : successful - sending test message: connection timed out we set up everything correct (I think): Incoming using port 993 SSL Outgoing using port 587 TLS (using same authentication as incoming) Connection definitely not blocked by the firewall on both ports. I'm pretty sure the issue lies with the server itself since i also tried it using thunderbird and got the same issue. help? Note: we also installed Exchange 2010 on the network but it hasn't been configured yetAndrew P.

Can you telnet to 587?

after much troubleshooting, I found the issue. McAfee blocks the connection - resolved - the user account I used has no NT AUTHORITY\SELF listed in the Send As permission group I don't know why but after I set it last night, it's gone again this morning Any idea? - resolved temporarily - even though testing the account via Outlook 2007 works, when I start it up it refuse to get any emails in. when I do the send/receive, I got this message: Your IMAP server closed the connection. This can occur if you leave the connection idle for too long. Details: Connection is closed. 15 Protocol: IMAP Server: MYSERVER.DOMAIN.COM Port: 993 Error Code: 0x800CCCDD sending email out is now ok though. I'll post the IMAP issue on another post.Andrew P.

Hi Andrew, The user account I used has no NT AUTHORITY\SELF listed in the Send As permission group The behavior you have seen shouldn’t happen, unless it is an admin level account that has the send as permission. By default the admin level account cannot hold that permission. Exchange 2007 Permissions: Frequently Asked Questions http://technet.microsoft.com/en-us/library/bb310792(EXCHG.80).aspx Error “Your IMAP server closed the connection. This can occur if you leave the connection idle for too long” This might be some folders in User mailbox causing the issue. In some threads it is because a duplicate folder in client’s mailbox created by IMAP client. You can get more information from these similar threads: IMAP not working for one user only? Problem http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/342ff88e-d0a8-409f-96b2-c9cf7f31c8f1 IMAP account configuration issue http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/da569d41-3136-42aa-aa2a-8a2d55e365c9 Thanks, Evan Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

the only admin group I belong to is Exchange Public Folder Administrators. I've checked the links but it didn't say anything about send as permission being denied for that particular group. I've created a new post for the IMAP issue here: http://social.technet.microsoft.com/Forums/en-AU/exchangesvrclients/thread/b418d42a-ce66-4cfa-adb9-e6e24ec769f4 Andrew P.

Hi Andrew, For this issue, I suggest you follow these steps to troubleshoot the problem: 1. Use this command to grant NT AUTHORITY\SELF send as permission, then check whether it will go or not? Get-Mailbox MailboxName | Add-ADPermission –user “NT AUTHORITY\SELF” –ExtendedRights Send-As 2. If you still cannot grant NT AUTHORITY\SELF send as permission, I suggest you follow these steps to have a try: <1> Run this command in CMD: dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "\SELF:CA;Send As" (note: Replace "dc=<mydomain>,dc=com" with the distinguished name of your domain) <2> After that, follow step1 to grant NT AUTHORITY\SELF send as permission, then check whether this issue will occur or not. Sorry that I didn’t explain clearly, this issue may because the user is member of protected group does not match the security descriptor on the AdminSDHolder object, the user’s security descriptor is overwritten with a new security descriptor that is taken from the AdminSDHolder object. You can know more information from this document: The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server http://support.microsoft.com/kb/907434 Thanks, Evan Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I haven't tried the CLI commands but I set the send as permission via exchange management console (Exchange 2007). it was set ok but a few hours later it removed the NT AUTHORITY\SELF from my mailbox account. Will that be the same thing or I should still try the CLI? also, the link saying something about Exchange 5.5, which is not exist in our organization. and it also advised me to "do not use accounts that are members of protected groups" Where or what are these protected groups?Andrew P.

Hi Andrew, I tested on my lab (Exchange 2007 SP3), it works for my Administrator account. If you don’t want to change the setting for ADminsdholder, you can use account which is not added in protected group. The protected group for Windows: Windows 2000 Server RTM Windows 2000 Server with SP1 Windows 2000 Server with SP2 Windows 2000 Server with SP3 Windows 2000 Server with SP4 Windows Server 2003 RTM Windows Server 2003 with SP1 Windows Server 2003 with SP2 Windows Server 2008 RTM Windows Server 2008 R2 Administrators Account Operators Account Operators Account Operators Domain Admins Administrator Administrator Administrator Enterprise Admins Administrators Administrators Administrators Schema Admins Backup Operators Backup Operators Backup Operators Cert Publishers Domain Admins Domain Admins Domain Admins Domain Controllers Domain Controllers Domain Controllers Enterprise Admins Enterprise Admins Enterprise Admins Krbtgt Krbtgt Krbtgt Print Operators Print Operators Print Operators Replicator Read-only Domain Controllers Replicator Schema Admins Replicator Schema Admins Server Operators Schema Admins Server Operators Server Operators Thanks, Evan Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.