Exchange 2010 distribution groups don't accept internal mails through smtp

Question

In Exchange 2010 I have distribution group called all@domain.com. It's allowed to be used only for internal mail. It works fine when sending emails thru OWA or directly thru Outlook RPC. However it doesn't work thru authenticated SMTP (for some time users will have to use pop3/smtp instead of RPC due to management decision) giving an error like below:

#550 5.7.1 RESOLVER.RST.AuthRequired; authentication required ##

It seems SMTP even thou it's authenticated (users aren't able to send without authentication so they use authentication to be able to send normal emails as well) is treated as not internal email. Is there a way to make it work without having to enable the address for everyone in the world?

score 1 · Answer 1 · answered Dec 06 '11 at 11:26

1

I have not found a way to make this work with SMTP AUTH clients without opening the group to the world. I think it's preferable to maintain the "Require that all users are authenticated" setting enabled on your "all" distribution group, so this may not be possible with your setup.

answered Dec 06 '11 at 11:26

ewwhite

197,159
92
443
809

Had to take out accepted answer as I found out it's possible after all :-) – MadBoy Mar 04 '12 at 15:59

score 1 · Accepted Answer · answered Mar 04 '12 at 15:58

To allow SMTP users to be able to send emails to distribution groups with "Require that all users are authenticated" flag enabled on the group one has to add the "ms-Exch-SMTP-Accept-Authentication-Flag" to the Receive Connectors.

Lets verify current settings on connector:

Get-ReceiveConnector "EXCHANGE1\Client EXCHANGE1" | Get-ADPermission
-User "NT AUTHORITY\Authenticated Users" | ft user,extendedrights

NT AUTHORITY\Authenticated Users                  {ms-Exch-SMTP-Accept-Any-Sender} 
NT AUTHORITY\Authenticated Users                  {ms-Exch-SMTP-Accept-Any-Recipient} 
NT AUTHORITY\Authenticated Users                  {ms-Exch-Accept-Headers-Routing} 
NT AUTHORITY\Authenticated Users                  {ms-Exch-Bypass-Anti-Spam} 
NT AUTHORITY\Authenticated Users                  {ms-Exch-SMTP-Submit}

With this setup it doesn't work. So we add ms-Exch-SMTP-Accept-Authentication-Flag to SMTP connector using this command:

Get-ReceiveConnector "EXCHANGE1\Client EXCHANGE1" | Add-ADPermission
-User 'NT Authority\Authenticated Users' -ExtendedRights ms-Exch-SMTP-Accept-Authentication-Flag

And we verify it's added with this command:

Get-ReceiveConnector "EXCHANGE1\Client EXCHANGE1" | Get-ADPermission
-User "NT AUTHORITY\Authenticated Users" | ft user,extendedrights

NT AUTHORITY\Authenticated Users                  {ms-Exch-SMTP-Accept-Any-Sender} 
NT  AUTHORITY\Authenticated Users                 {ms-Exch-SMTP-Accept-Any-Recipient} 
NT AUTHORITY\Authenticated Users                  {ms-Exch-Accept-Headers-Routing} 
NT AUTHORITY\Authenticated Users                  {ms-Exch-SMTP-Accept-Authentication-Flag}
NT AUTHORITY\Authenticated Users                  {ms-Exch-Bypass-Anti-Spam} 
NT AUTHORITY\Authenticated Users                  {ms-Exch-SMTP-Submit}

Note: {ms-Exch-SMTP-Accept-Authentication-Flag} which wasn't there before.

And that's all. After that it works. In my case I had to set it up on 2 connectors (2 Exchange servers).

Exchange 2010 distribution groups don't accept internal mails through smtp

2 Answers2

Linked