Exchange 2010 Send As Permissions Dropping
We are finding send as rights are dropping even though they are still appearing in the send As Rights Permissions box. This has been happeneing intermittently for a few weeks now, has anyone experienced something similar?
Thanks
Hi,
As per the information and details provided by you, Send As permission is Dropping in Exchange 2010.
Please follow these steps to setup Send As Permission in Exchange Server2010: -
In Exchange 2010, Click on Start>
Programs> Microsoft Exchange> and then click
Active Directory Users and Computers.
In the View menu, click on the
Advanced Features.
Expend Users, then right click the Mailbox Owner object where you want to grant the permission, and then click
Properties.
Click on the Security tab, and then click on
Advanced.
In the Access Control Setting for Mailbox Owner dialog box, click on Add.
In the Select User, Computer, or Group dialog box, click the user account or the group that you want to grant Send As permission to and then click
OK.
In the Permission entry for Mailbox Owner dialog box, click
This Object Only in the Apply onto list.
In the Permission list, locate
Send As, and then click to select the Allow check box.
Click OK three times to close the dialog boxes.
I hope this information will be helpful for you.
Thanks and regards
Ashish@S
Ashish@V
Similar Messages
-
Exchange 2010 Send Connector to postfix (v. 2.11) smarthost uses STARTTLS and cannot connect
Dear all,
I am having problems with exchange 2010 sending emails through a postfix smarthost server which disconnects the sessions. I also use a sendmail as a smarthost
server which is working just fine but I have to switch to postfix and cannot do this as long as the encryption does not work.
Here is the log file of the postfix server:
Jan 4 14:18:59 server7 postfix/smtpd[1659]: initializing the server-side TLS engine
Jan 4 14:18:59 server7 postfix/smtpd[1659]: connect from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: setting up TLS connection from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: server1.mydomain.com[192.168.20.10]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:before/accept initialization
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1B0] (11 bytes => 11 (0xB))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0000 16 03 01 00 5a 01 00 00|56 03 01 ....Z... V..
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAB1BE] (84 bytes => 84 (0x54))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0000 54 a9 3d b9 0d 5e 8b 64|7c 6b b5 21 f2 93 e7 84 T.=..^.d |k.!....
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0010 17 ea 33 d7 e5 13 f2 75|3a 87 38 32 01 85 82 5b ..3....u :.82...[
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0020 00 00 18 00 2f 00 35 00|05 00 0a c0 13 c0 14 c0 ..../.5. ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0030 09 c0 0a 00 32 00 38 00|13 00 04 01 00 00 15 ff ....2.8. ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0040 01 00 01 00 00 0a 00 06|00 04 00 17 00 18 00 0b ........ ........
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0050 00 02 01 ...
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0053 - <SPACES/NULLS>
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 read client hello A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server hello A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write certificate A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write key exchange A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 write server done A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: write to 7F4823FA5210 [7F4823FB8B70] (1911 bytes => 1911 (0x777))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: 0774 - <SPACES/NULLS>
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:SSLv3 flush data
Jan 4 14:18:59 server7 postfix/smtpd[1659]: read from 7F4823FA5210 [7F4823FAC803] (5 bytes => 0 (0x0))
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept:failed in SSLv3 read client certificate A
Jan 4 14:18:59 server7 postfix/smtpd[1659]: SSL_accept error from server1.mydomain.com[192.168.20.10]: lost connection
Jan 4 14:18:59 server7 postfix/smtpd[1659]: lost connection after STARTTLS from server1.mydomain.com[192.168.20.10]
Jan 4 14:18:59 server7 postfix/smtpd[1659]: disconnect from server1.mydomain.com[192.168.20.10]
I
have read in the post at https://social.technet.microsoft.com/Forums/exchange/en-US/6db38364-cb08-45c0-b159-3ddf30ef0b3e/exchange-2010-send-connector-uses-ssltls-and-cannot-connect-to-smarthost-how-to-deactivate-ssl?forum=exchange2010
how to deactivate the SSL encryption, but this is of course a security flaw, if I am not mistaken. I would like to encrypt the connection between the servers for obvious security
reasons but I have come to a standstill...
My Exchange server certificate is configured
as follows:
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
essRule}
CertificateDomains : {server1, server1.solid-con.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=server1
NotAfter : 22/01/2017 13:18:02
NotBefore : 22/01/2012 13:18:02
PublicKeySize : 2048
RootCAType : None
SerialNumber : 6925D91285B649BD4D5E4297F1A48471
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=server1
Thumbprint : 939A37173BF84E352CEDC74F7D9A3D71F498A005
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-SERVER1}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-SERVER1
NotAfter : 19/01/2022 12:56:44
NotBefore : 22/01/2012 12:56:44
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 1DB8711F7ADC5CB54196468EF2FF5D21
Services : None
Status : Valid
Subject : CN=WMSvc-SERVER1
Thumbprint : 191D86BDE274510453D58DDB91D253DABBCF05F1
And My Default Send Connector is configured as follows:
AddressSpaces : {SMTP:*;1}
AuthenticationCredential : System.Management.Automation.PSCredential
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
DNSRoutingEnabled : False
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn :
HomeMTA : Microsoft MTA
HomeMtaServerId : SERVER1
Identity : Internet
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
LinkedReceiveConnector :
MaxMessageSize : unlimited
Name : Internet
Port : 25
ProtocolLoggingLevel : None
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {server7.mydomain.com, server6.mydomain.com}
SmartHostsString : server7.mydomain.com,server6.mydomain.com
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {SERVER1}
TlsAuthLevel :
TlsDomain :
UseExternalDNSServersEnabled : False
Any help would be greatly appreciated as I am
stuck...
LucaHi Allen,
Thank you very much for your reply.
The Postfix TLS Manager is enabled in master.cf
tlsmgr unix - - n 1000? 1 tlsmgr
and running
server7:/etc/postfix # ps -efa|grep tls
postfix 11967 11863 0 11:21 ? 00:00:00
tlsmgr -l -t unix -u
Every other (Linux/UNIX) server has no problem e.g.:
Jan 5 11:28:36 server7 postfix/smtpd[12215]: connect from server2.mydomain.com[192.168.20.20]
Jan 5 11:28:36 server7 postfix/smtpd[12215]: Anonymous TLS connection established from server2.mydomain.com[192.168.20.20]: TLSv1 with cipher DHE-DSS-AES256-SHA (256/256 bits)
Jan 5 11:28:36 server7 postfix/smtpd[12215]: B5502946AB0: client=server2.mydomain.com[192.168.20.20]
Jan 5 11:28:36 server7 postfix/cleanup[12221]: B5502946AB0: message-id=<[email protected]>
Jan 5 11:28:36 server7 postfix/qmgr[12200]: B5502946AB0: from=<[email protected]>, size=1026, nrcpt=1 (queue active)
Jan 5 11:28:36 server7 postfix/smtpd[12215]: disconnect from server2.mydomain.com[192.168.20.20]
Jan 5 11:28:37 server7 postfix/smtpd[12225]: connect from localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/smtpd[12225]: 4076A946AB1: client=localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/cleanup[12221]: 4076A946AB1: message-id=<[email protected]>
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: from=<[email protected]>, size=1778, nrcpt=1 (queue active)
Jan 5 11:28:37 server7 postfix/smtpd[12225]: disconnect from localhost[127.0.0.1]
Jan 5 11:28:37 server7 postfix/smtp[12222]: B5502946AB0: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.54, delays=0.05/0.01/0.01/0.47, dsn=2.0.0, status=sent
(250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4076A946AB1)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: B5502946AB0: removed
Jan 5 11:28:37 server7 postfix/cleanup[12221]: 4401F946AB0: message-id=<[email protected]>
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: from=<[email protected]>, size=1920, nrcpt=1 (queue active)
Jan 5 11:28:37 server7 postfix/local[12226]: 4076A946AB1: to=<[email protected]>, relay=local, delay=0.02, delays=0/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 4401F946AB0)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4076A946AB1: removed
Jan 5 11:28:37 server7 postfix/smtp[12227]: Untrusted TLS connection established to 192.168.20.10[192.168.20.10]:25: TLSv1 with cipher AES128-SHA (128/128 bits)
Jan 5 11:28:37 server7 postfix/smtp[12227]: 4401F946AB0: to=<[email protected]>, orig_to=<[email protected]>, relay=192.168.20.10[192.168.20.10]:25,
delay=0.29, delays=0/0.01/0.02/0.25, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=619] Queued
mail for delivery)
Jan 5 11:28:37 server7 postfix/qmgr[12200]: 4401F946AB0: removed
and if you take a look at the lines in bold you will see that mails can be delivered over TLS to that very Exchange server (the mailboxes are on that server)...
To summarise:
exchange --> postfix with TLS = session disconnected (and everything seems to be initiated by the exchange server -if I read the logs correctly)
postfix --> exchange with TLS = works
any further hints?
Thank you very much in advance,
Luca -
BUG - Outlook 2010 'send as' permissions - Workaround within
issue : when a user attempts to 'send as' another mailbox, the email fails with Undeliverable message:
"You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary
permission. If the problem continues, please contact your helpdesk ".
This error only occurs once the email address has been cached (ie: 2nd attempt to 'send as' a user). Permissions are correct as 'send as' worked fine when using outlook 2007. upgrading
a client to outlook 2010 results in the above error.
scope : outlook 2010 clients with exchange 2007/2010 (appears to be client related, not exchange server). windows updates as of 22-dec-2010 have not resolved this.
workaround : Cached Exchange Mode is ENABLED. Disabling this and restarting outlook resolves this issue. (Outlook 2010 > File > Account settings > Account settings... > double click the default account on the 'EMAIL' tab > untick
'used cached exchange mode'.)
i hope this helps other people; i've been googling for a resolution to this issue since beta/RC. now i've got office 2010 RTM the issue was still present. no forums/blogs could
shed light on this issue.
Is this the correct way to report bugs, or is there another way? i've tried connect.microsoft.com, but theres no "accepting bugs" for the outlook/office suite.Nothing particularly useful in that thread either:
by: busbarPosted on 2010-06-07 at 08:12:05ID: 32933664
1) looks like you have an issue with the DC plesae check it
2) restart the information store and system attendant to speed it.
3) send as is managed using send as permissions in the EMC
http://technet.microsoft.com/en-us/library/bb676368.aspx
by: totallytontoPosted on 2010-06-07 at 08:45:34ID: 32934043
dont amend the settings in active directory for exchange 2010 servers. use the exchange management console> recipient config>mailbox and use 'manage send as permission' in the right pane.
by: SatyaPathakPosted on 2010-06-07 at 11:55:55ID: 32935929
Its looks like permission issue.
Go through .
http://blog.nick.mackechnie.co.nz/post/2009/11/20/Exchange-2010-Active-Sync-Issue.aspx
http://social.technet.microsoft.com/Forums/en/exchange2010/thread/b28ea96a-8458-4ec8-87a8-66f64cbb7600
by: coderccPosted on 2010-06-07 at 19:00:23ID: 32938614
Or bypass it all with a 3rd party app: http;//www.servolutions.com/changesender.htm
by: ExchisaPosted on 2010-06-08 at 01:20:07ID: 32940097
SatyaPathak: :
I already tick the checkbox to inherit all the permissions from the parent , now for those who
are members of any protected group , this check box keep un-ticked again every 15 min ,
active directory keep synchronize these permissions with adminsdholder .
anyway my problem are still open , hope it solved .
wait something
by: totallytontoPosted on 2010-06-08 at 04:28:40ID: 32940992
Hi Exchisa,
Many, many apologies, as I mis-read your query and missed the vital bit of info (serves me right for reading it on my mobile...)
I'm afraid you are a bit stuck. Members of the protected groups are automatically reset to the approved permissions at regular intervals as a security measure.
I'm afraid you are not going to be able to use the 'send as' facility on any member of such a group.
Either move the user to another group or change the e-mail address to suit your needs.
EG:
Lets say you want to 'send as' administrator:-
a) change the administrator's email from {[email protected]}to {[email protected]} and disable automatic recipient policy updates for the user.
b) Create a distribution group for {[email protected]}and set administrator as a member so they receive messages as they would have before.
c) set the send as permissions on the distribution group {[email protected]}to allow users to send as, including the administrator user.
This is technically a workaround, not a solution.
by: ExchisaPosted on 2010-06-21 at 08:07:03ID: 33037008
Dear All .
I still stuck to have this feature working perfectly .
Now I don't want to use this feature to enable users to send as by each other , i only want the users on any given group to send by the name of this group , i did not configure any thing in the ADUC snap in , i only configure this feature from the EMC .
i recieve this error from outlook 2010 :
You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.
I surprised that this feature are working sometimes and sometimes not (this is the truth).
does this feature need a CAL like archiving ??
Wait a reply
by: totallytontoPosted on 2010-06-21 at 08:39:56ID: 33037354
No you do not need a CAL for this.
Is the mailbox that you are sending as still a member of a protected group in AD?
If yes, send as permissions will be reset at random intervals and cannot be changed as long as the user is a member of the protected group.
by: ExchisaPosted on 2010-06-22 at 01:43:00ID: 33043673
totallytonto:
No It's NOT .
Thanks
by: ExchisaPosted on 2010-07-25 at 15:37:57ID: 33285888
totallytonto : I leave configure this from the EMC , instead , i use the ACL for that group in AD , in order to enable SEND AS , just tick the send as permission -
Exchange 2010: Sender address rejected: Access denied
hi friends
i have been recently experiencing an issue with one of my customer which i send email i get bounce message while i can receive their emails with no issue. i have exchange 2010 installed and im using Anti spam device too. my domain is ok.com
i try to send from OWA as well but i get the same result.
Delivery has failed to these recipients or groups:
[email protected] A problem occurred during the delivery of this
message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
Diagnostic information for administrators:
Generating server: antispamServer.ok.com
[email protected] #< #5.0.0 X-Spam-&-Virus-Firewall; host mail.abc.com[22.22.22.12] said: 554
5.7.1 <btv1==14869c83b8f==[email protected]: Sender address rejected: Access denied (in reply to RCPT TO command)> #SMTP#
Original message headers:
any idea?
thankshi
when i disable the antispam device i get this error
smtp5.relay.iad3a.emailsrvr.com rejected your message to the following e-mail addresses:
[email protected]
smtp5.relay.iad3a.emailsrvr.com gave this error: <[email protected]>: Sender address rejected: Access denied
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another
restriction may be preventing delivery. -
Exchange 2010: Send As Permission for group mailbox...
Our helpdesk has a shared mailbox used for users to submit issues. Up until a week ago, all of the helpdesk techs could send-as the shared mailbox.
Now when they attempt to send as the shared mailbox via Outlook they get the error "You do not have the permission to send the message on behalf of the specified user.". When I attempt to manage send as permission via EMC (using an account
with Domain Admin privileges) I've found that the list of users who can send as is blank. When I attempt to add send as permissions via EMC I get the error below:
domain\username
Failed
Error:
Active Directory operation failed on DC1.xxxxxx.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521E1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The user has insufficient access rights.
Click here for help... http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.140).aspx?v=14.3.195.1&t=exchgf1&e=ms.exch.err.Ex6AE46B
Exchange Management Shell command attempted:
Add-ADPermission -Identity 'CN=account,DC=xxxxxx,DC=local'
-User 'domain\username' -ExtendedRights 'Send-as'
Elapsed Time: 00:00:00
Anyone have any advice to fix this issue?
Thanks in advance for your help.I got this sorted. Here's the fix:
On the problem account: Open up active directory > Select the target user account > properties > Security Tab > advanced button. If
you cannot see the Security tab you have to go to view > advanced features
On the Permissions tab put a check mark in Allow inheritable permissions from
the parent and click ok -
Exchange 2010 Room Calendar Permissions are too permissive when Default is set to None.
Help! Room Calendar permissions are too permissive when Default is set to None.
We are a brand new Exchange 2010 shop, and have setup several conference rooms. Many of them are restricted to specific groups to book via In-Policy Requests using Resource Booking Attendant. The Room Calendar permissions for most
rooms shows only two options for the Default access: None and Full Details. Default is set to None, yet if someone opens the room calendar in Outlook (& they are not part of the In-Policy restrictions) they are able to see the full meeting details
(even open the meeting for full details). How is this possible when by default they should not have any access as it is set to None? Some rooms would not be a problem for clients to see the details, but some rooms like Executive rooms need to be
locked down so that others cannot see the room details - None.
I also found this, although it did not make a difference. If I create an Outlook profile for the room and login as the room calendar in Outlook, go to File, Options, Calendar, Resource Scheduling, Set Permissions I get different default options:
None, "Free/Busy time", "Free/Busy time, subject, location" and Full Details. Why do I have more options in this view rather than the Room Calendar Permissions? I looked at two rooms and both Default options were set to "Free/Busy
time", so I changed these settings to None. Still the clients can view the full room calendar details. What are we missing to get the room calendar locked down so it is not displaying details to everyone?Only the default groups and Exchange Admins have Full Access to these items, so that is not the issue.
-MailboxFolderPermission 1RP07AWest:\Calendar cmdlet and it shows the same access I see when I open the calendar in Outlook and view the Permissions as shown below - Default is set to None.
As I stated in my last reply the only thing that finally forced it to be blocked is changing the Resource Scheduling permissions under Options > Calendar for that room mailbox. If I have to do that for each room calendar, it's going to
take considerable time to change each one. Is there a cmdlet to allow me to access and change that setting as well?
RunspaceId : ea4ebc26-1d22-4a7d-b115-1b609099bae3
FolderName : Calendar
User : Default
AccessRights : {None}
Identity : Default
IsValid : True
ObjectState : New
RunspaceId : ea4ebc26-1d22-4a7d-b115-1b609099bae3
FolderName : Calendar
User : Anonymous
AccessRights : {None}
Identity : Anonymous
IsValid : True
ObjectState : New -
Exchange 2010 - Send Connector High Availability
Hi All,
I performed a successful migration a few years back from a single node Exchange 2003 server to a two node Exchange 2010 organisation with a DAG and Kemp load balanced CAS array. The solution works well and when we simulate a site failure
I am able to get the second node to handle all mail functions.
The one problem I have though is that I have to manually disable the send connector on the primary server in order for the one on the secondary server to be in use. I should explain that I have two send connectors as I do not want the secondary server
to be used unless the primary server is down or the route is unavailable. I realise that Exchange 2010 does not know whether the SMTP route is down or not so will just continue trying to use the send connector from the primary server (until I tell it
not to by disabling it).
My question is how do I get this to happen automatically? Does anyone else have an example of how this could be done or use a PowerShell script to achieve this? I guess a script could check the route and disable the send connector on the primary
server if necessary, but how would one do this?
Any help greatly appreciated.
RobHi,
According to your description, your secondary send connector cannot be automatically used when the first one is down. If I misunderstand your meaning, please feel free to let me know.
If yes, I’d like to confirm if the settings of the secondary one is same with the first one and we can check the connectivity logs including diagnostic information for Healthy Server Selector.
For more information, you can refer to the following article:
http://technet.microsoft.com/en-us/library/ff634392(v=exchg.141).aspx
Thanks,
Angela Shi
TechNet Community Support -
Exchange 2010 Shared mailbox permissions gone
In Exchange2010, I created a shared mailbox yesterday, then granted several groups and individuals "full access permissions" to the Shared mailbox.
When I arrived at work this morning and looked at the permissions, all the permissions I had assigned were gone, except for a single individual.
I re-applied the same permissions and checked them an hour later and they were gone again. I thought it may be related to the groups, so I selected several individuals and gave them Full Access Permissions to the Shared Mailbox. I checked
that some time later to discover that several individuals were missing again..
What might cause this to happenHi,
As Willard suggested, please check if these problematic mailboxes are members of Domain Admins or Enterprise Admins. Domain Admins and Enterprise Admins are assigned the explicit Deny permissions for Send As and Receive as on the main Exchange Organization
object in AD. If you want to grant them full access permission, you need to remove the explicit Deny permissions.
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support -
We have Exchange setup but are running into an issue where anyone can spoof an email account from our domain and it goes out using SMTP through command prompt. I want to know if it is possible to set up Exchange so whenever anyone tries to send an email
out from our domain it verifies the account exists and also looks for a password. This will prevent people from being able to send email pretending they are someone else. Here are accouple examples
1) I can use [email protected] and send an email to [email protected] and it goes through with no password required using smtp through command prompt both accounts exist but the sender is not really josh.smith.
2) I can send an email from [email protected] to [email protected] but [email protected] does not exist on the domain.
Thanks
KevinThere are two ways to do this - 1) you can configure your receive connectors to only allow messages from specific IP addresses, or 2) you can configure the ms-exch-smtp-accept-authoritative-domain-sender permission on the domain (use Get-ReceiveConnector
“Internet ReceiveConnector” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission
to do this). The first allows messages inbound from the Internet, which may be useful when people use their internal address for signing up on external websites. The second blocks everything using your domain that's not authenticated. -
Exchange 2010 - Send / Recieve Limits
Hi All,
I'm facing this weird issue where my send and receive limits are not the same, currently I'm unable to receve a large sized mail even though my receive limits are at that rate. What I've noticed is its hitting my Send Limit. What is the reason for this I've
seen a few posts on this on the internet but I find it a little hard to believe I will Post those article links here too.
Links with similar Issue:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27744685.html
Please Advice,
Thanks and Best Regards,
MichaelHi Amy / Andy,
I'm aware of the three places to change the limits and that User level limits take precedence when authenticated only.
[PS] C:\Windows\system32>Get-TransportConfig | ft maxsendsize, maxreceivesize
MaxSendSize
MaxReceiveSize
12.01 MB (12,595,200 bytes) 30.27 MB (31,744,000 bytes)
[PS] C:\Windows\system32>Get-ReceiveConnector | ft name, maxmessagesize
Name
MaxMessageSize
Edge Server to Hub Transport Server 30.27 MB (31,744,000 bytes)
Edge Server to Hub Transport Server 30.27 MB (31,744,000 bytes)
[PS] C:\Windows\system32>Get-SendConnector | ft name, maxmessagesize
Name
MaxMessageSize
EdgeSync - Inbound to Default-First-Site-Name unlimited
EdgeSync - Default-First-Site-Name to Internet 30.27 MB (31,744,000 bytes)
My Problem is External Mail that is being sent to an Internal User is hitting the Send Connector Org Limit when it shouldn't be and I'm getting the NDR of message size exceeded.
Thanks and Best Regards,
Michael -
Exchange 2010 powershell calendar permissions
I want to give user01, user02, user03, and user04 reviewer rights to user05's calendar. What is the best way to do this? with a .csv file?
Please explain fully.Dear All,
I also use this syntax:
Import-csv C:\user.csv | ForEach-Object{Add-MailboxFolderPermission -identity $_Samaccountname":\Calendar" -User "username" -AccessRights "reviewer"} , but isn't work.
csv file content:
"SamAccountName"
"testuser1"
"testuser2"
I got this error:
Add-MailboxFolderPermission : An existing permission entry was found for user: xyz.
At line:1 char:70
+ Import-csv c:\users.csv | foreach-object {Add-MailboxFolderPermission <<<< -identity $_Samaccountname":\Calendar" -User "[email protected]" -Acc
essRights "Author"}
+ CategoryInfo : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], UserAlreadyExis...nEntryException
+ FullyQualifiedErrorId : 377F77B8,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
Add-MailboxFolderPermission : An existing permission entry was found for user: xyz.
At line:1 char:70
+ Import-csv c:\users.csv | foreach-object {Add-MailboxFolderPermission <<<< -identity $_Samaccountname":\Calendar" -User "[email protected]" -Acc
essRights "Author"}
+ CategoryInfo : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], UserAlreadyExis...nEntryException
+ FullyQualifiedErrorId : 377F77B8,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
Certainly I checked and there is no permission for xyz user on testuser1 and testuser2 Calendar.
Any help would be appreciated -
Exchange 2010 sends attachments as winmail.dat
Hi
Some users are complaining about pdf attachements they received as winmail.dat. This is an internally isue.
For external mail flow I disabled tnef conversion, seems to work. Is there a possibility to do the same thing for the internal mail flow?
Regards
PeterHi PeterN22,
Winmail.dat attachments are included in received e-mail messages is because the Winmail.dat file is used to preserve formatting that the sending
client includes in the message, but the receiving client does not recognize the Winmail.dat file.(The original message attachment is not always separate from the Winmail.dat file attachment, and may be included in the Winmail.dat file attachment.)
So it is important to clarify what clients were involved in both the sending and receiving the messages in question.
If this is occur in Outlook, here is a related document for you:
Winmail.dat attachments are included in received e-mail messages in Outlook
http://support.microsoft.com/kb/278061
Thanks,
Evan
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Users are receiving about 95% of their messages from sending SMTP servers. Intermittently, sending SMTP servers send the Exchange 2010 Server a SMTP RSET command for no apparent reason. The RSET Command (by SMTP specification) causes the Exchange 2010 Server
to drop the message. The sending SMTP servers then do not resend the message after asking the Exchange server to drop the message. This means the message is marked as Sent by the sending servers but the dropped messages never show up in the users' Outlook
inbox.
Exchange 2010 Version 14.3 (Build 123.4)
Roles: Hub Transport, Client Access, Mailbox
What is going on?
Exchange Receive Connector log showing a RSET example:
2014-07-17T12:47:07.370Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,1,10.80.120.15:25,65.99.255.73:53479,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2014-07-17T12:47:07.370Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,2,10.80.120.15:25,65.99.255.73:53479,>,"220 vpn.a1expediting.com Microsoft ESMTP MAIL Service ready at Thu, 17 Jul 2014 08:47:06 -0400",
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,3,10.80.120.15:25,65.99.255.73:53479,<,EHLO inbound37.exchangedefender.com,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,4,10.80.120.15:25,65.99.255.73:53479,>,250-vpn.a1expediting.com Hello [65.99.255.73],
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,5,10.80.120.15:25,65.99.255.73:53479,>,250-SIZE 52428800,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,6,10.80.120.15:25,65.99.255.73:53479,>,250-PIPELINING,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,7,10.80.120.15:25,65.99.255.73:53479,>,250-DSN,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,8,10.80.120.15:25,65.99.255.73:53479,>,250-ENHANCEDSTATUSCODES,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,9,10.80.120.15:25,65.99.255.73:53479,>,250-AUTH,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,10,10.80.120.15:25,65.99.255.73:53479,>,250-8BITMIME,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,11,10.80.120.15:25,65.99.255.73:53479,>,250-BINARYMIME,
2014-07-17T12:47:07.480Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,12,10.80.120.15:25,65.99.255.73:53479,>,250 CHUNKING,
2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,13,10.80.120.15:25,65.99.255.73:53479,<,MAIL FROM:<[email protected]> SIZE=165270,
2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,14,10.80.120.15:25,65.99.255.73:53479,*,08D16FD38F3D3355;2014-07-17T12:47:07.370Z;1,receiving message
2014-07-17T12:47:07.511Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,15,10.80.120.15:25,65.99.255.73:53479,>,250 2.1.0 Sender OK,
2014-07-17T12:47:07.558Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,16,10.80.120.15:25,65.99.255.73:53479,<,RCPT TO:<[email protected]> ORCPT=rfc822;[email protected],
2014-07-17T12:47:07.558Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,17,10.80.120.15:25,65.99.255.73:53479,>,250 2.1.5 Recipient OK,
2014-07-17T12:47:10.496Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,18,10.80.120.15:25,65.99.255.73:53479,<,RSET,
2014-07-17T12:47:10.496Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,19,10.80.120.15:25,65.99.255.73:53479,>,250 2.0.0 Resetting,
2014-07-17T12:47:10.559Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,20,10.80.120.15:25,65.99.255.73:53479,<,QUIT ,
2014-07-17T12:47:10.559Z,A1-S1\Windows SBS Internet Receive A1-S1,08D16FD38F3D3355,21,10.80.120.15:25,65.99.255.73:53479,>,221 2.0.0 Service closing transmission channel,
DanielHi,
According to the receive connector log, your emails were failed to be deliverd with DNR. If I misudnerstand the meaning, please feel free to let me know. If yes, I'd like to confirm the detail information in the DNR to narrow down the
cause.
Additionally, based on my research, the RSET command performs an SMTP reset, and then aborts the message that is currently being sent. Thus, the log didn't provide more information for troubleshooting. Is there any other error in your event log? please check
the event log when the issue happens again.
Thanks,
Angela Shi
TechNet Community Support -
Hi,
We have an issue with our OWA page. We are currently publishing OWA via UAG.
We recently upgraded to Exchange 2010 SP3 and then SP3 Rollup7. Since the upgrade, we are keep getting the following error after entering our credentials on the login page. I've tried with every possible browser.
You do not have permissions to view this folder or page
Strangely enough, the mobile phones are sending and receiving emails just fine, the phones use the same OWA link, so it's not an authentication issue, the phones login into the UAG servers with no issues. I can see this on the Active Sessions screen
on Web Monitor.
I've attempted to connect to the OWA by bypassing the UAG server, so putting in the local OWA address of one of my Exchange servers, it works... so the OWA page is up and running.
No error logs get generated on Web Monitor when we receive the permission error, I think this is because it's past authentication, it's on the Exchange layer.
Any insight would be helpful? I'm assuming something changed on the Exchange side after the upgrade.
Just in case, I've upgraded the UAG and TMG servers to the latest SP and Rollup packets.
UAG > SP4
TMG > SP2 Rollup 5I've found a solution; UAG requires Basic Authentication over OWA. For some reason Integrated Windows Authentication got turned on after the SP3 upgrade.
http://technet.microsoft.com/en-us/library/ee921443.aspx
Turning Integrated Windows Authentication off via the Client Access OWA settings resolved the issue. Though beware, you
have do this on all your Client Access servers. -
Cannot "Send As" a distribution list in Exchange 2010
I'm trying to enable some of our users to send email as one of our distribution lists in Exchange 2010, and I cannot get it to work.
I have granted the users "send as" permissions on the distribution group in ADUC, both individually and as members of a security group. I also did the same using the "Add-AdPermission" PowerShell cmdlet.
I have ensured that the distribution list is visible to the GAL.
I have cleared Outlook's nickname cache.
I have tried waiting the specified two hours for Exchange settings to update, and I have also rebooted the Exchange server itself.
I continue to get bounce messages with "You can't send a message on behalf of this user unless you have permission to do so."
What can I try next?
Thanks,
JasonHi Jason,
I have a test in my lab. Here is the steps for your reference:
1. Open Active Directory Users and Computers on Domain Controller. Click Users -> right click the distribution group -> click Properties -> click Security.
2. Add the user that you want to grant "Send As" permission to the list. Allow the "Send As" permission.
3. Click Apply, and then Ok.
Besides, we need to wait some minutes to take it effect.
Hope it helps.
If you need further assistance, please feel free to let me know.
Best regards,
Amy
Amy Wang
TechNet Community Support
Maybe you are looking for
-
Report on the Status of Shopping Carts
Hi, We are using SRM 4.0 with ECS. Need to pull a report for the Open Shopping carts created in the system. Pls advise asap.
-
How to transfer songs and sync iPod?
My iTunes was over capacity, so I unchecked a lot of songs and my movies from the iTunes library. But before I did that, I had bought some songs on my iPod. I can't transfer those songs on to my iTunes library (on my laptop) because it still thinks i
-
Sharing Photo, Video and Music files
My new iMac has arrived and I'm looking forward to transferring across all my files at the weekend and to starting to use it. We use the computer as a family computer although we have different accounts on the computer. I would like to enable all mem
-
CSCtw80338 - Database is not in sync on both nodes alert in RTMT
We are constantly getting a rtmt alert from UCCX that SyslogSeverityMatchFound events generated. Please see the alert below: At Wed Dec 31 21:02:46 AST 2014 on node 10.120.180.20, the following SyslogSeverityMatchFound events generated: SeverityMatch
-
Hi, Enter another transaction type (Transaction type . does not exist) Message no. AA816 Diagnosis According to your entry or specification, you want to use transaction type .. However, this transaction type has not been defined. Procedure Check th