Tuesday, May 3, 2011

Allow SMTP users to send emails in Exchange 2010

When you need to integrate normal email clients in a exchange 2010 environment, you probably get problems with sending mails to the outside world.

To solve this you normaly do the following:
  1. Create SMTP connector your users will use for sending mails
  2. This connector must require user authentication
So in normal environments this would be enough to start sending mails.
But unfortunally Exchange does still return a error message like:

"550 5.7.1 Client does not have permission to send as this sender"

To solve this, you have to allow all authenticated users to send mails via this connector.
This can be done via the Exchange shell with this command:
Add-AdPermission -Identity "MySMTPConnector" -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

Unfortunally non-english servers just won't find the corresponding group, since it is named differently (Read localized)
To find out the correct group name you can use this command:

Get-Adpermission -Identity "MySMTPConnector" | format-table -view identity

For a german installation the corresponding group is "NT-AUTORITÄT\Authentifizierte Benutzer"

So the final command for the german exchange server is:

Add-AdPermission -Identity "MySMTPConnector" -User "NT-AUTORITÄT\Authentifizierte Benutzer" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender