After my recent upgrade to Exchange 2010, I began having issues with sending out service account emails. Usually I use distribution group addresses for FROM fields to help easily tell which system was responsible for sending emails. For example, my AD Reports are sent out to an "AD Reports" distribution group with a SMTP FROM address of "ADReports@xxxx.com". So this helps to keep things simple.
In Exchange 2003 (bless its heart), it wasn't set to authenticate FROM fields with any precision, so you could put just about anything in there and it would blithely send it on its way.
In Exchange 2010 however, now there's checking if a FROM field matches an object in the Exchange organization (even if it's just a distribution group). If there's a match, the "Send As" permission will be checked and if it doesn't pass, an SMTP error "5.7.1 Client does not have permissions to send as this sender" will be generated. This was the issue I ran into once I pointed my reporting tools to the new Exchange's SMTP server.
To fix this, you must grant the "Send As" permission to the authenticating account trying to send the email. If you are trying to send as a different mailbox, this is a simple task. (Right-click the mailbox, choose "Manage Send As Permissions", and adjust accordingly) However, if you are trying to send as a Distribution Group this is trickier and requires Powershell.
The following command will allow you to grant the "Send As" permission on a Distribution Group.
"Add-ADPermission -Identity <Distribution Group> -User <User or Security Group> -ExtendedRights Send-As"
Quote explanation: If you're wondering about the quote at the top of the article, it refers to one of my favorite movies. "The Fifth Element" starring Bruce Willis, Gary Oldman, and a young Milla Jovovich before her Resident Evil days. The quote is from Ms. Jovovich's character Leeloo who is an alien on Earth. She is trying to use an ID card called a Multipass to board a spaceship. Not knowing the language, she simply holds up her ID and continually says "Leeloo Dallas, Multipass" over and over again. Fortunately, Bruce Willis' character arrives on the scene in time to help poor Leeloo past the ticketing agent before the authorities are called on her.
The relevancy to this article is simply that my reporting server was sending its ID to my Exchange 2010 server over and over again, expecting a different result each time.
And this is why they say if you have to explain a joke it isn't funny...
No comments:
Post a Comment