none
Issue sending to group with nested groups restricted to authenticated users

    Question

  • Post upgrade from exchange 2010 we had a group that we would use and publish externally: groupA- the members of this distribution list were groupb groupc and groupd - groupA does not require that all senders are authenticated, (or in delivery managment senders inside and outside of my oranization is selected)   and in exchange 2010 received emails from outside the company and they were received by the members of groupb/c/d. Since migrating to exchange 2013, when sending to group A we are getting NDR from groups b/c/d saying senders must be authenticated. 

    my workaround is to setup groups b/c/d to receive email from all senders, but im a bit loathe to expose all of my nested distribution lists to the outside world when this wasnt an issue in exch2010.

    would anyone have any ideas on where to look on this? finding this particular query very difficult to search. 


    Wednesday, September 30, 2015 3:24 PM

Answers

  • Hi,

    Based on my knowledge, if the external users want to send to Group A with groups b/c/d nested,  all groups a/b/c/d should be set to "senders inside and outside of my organization".

    If you don't want to disable RequireSenderAuthenticationEnabled for all groups, we can consider creating Dynamic distribution group and filter the recipients included in Groups b/c/d instead of using nested distribution group as a workaround.

    Regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Winnie Liang
    TechNet Community Support

    Thursday, October 1, 2015 9:12 AM
    Moderator

All replies

  • Hi,

    This is the correct solution. Before this change, the nested groups could be emailed from external senders by sending an email to group A so you are not changing anything in that this is still possible.

    You can also test out the below transport rule to see if you can block external emails to particular nested groups but allow external emails from Group A.

    Let me know if this answers your question. 

    Thanks.


    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010

    Blog: http://markgossa.blogspot.com

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Wednesday, September 30, 2015 4:04 PM
  • Thanks mark, ill try that now and test, i suppose the only issue im having now is that i have quite a few groups setup like this so ill have to do a lot of transport rules to get that functionality back. I can see why it was done but i would have thought that it could be a configurable setting. 

    Wednesday, September 30, 2015 4:11 PM
  • Sorry mark just one small question on this, if groupA is internal and receives an external email, why is that not going to its members being groupB/C/D as since the message is accepted by groupA does it not become internal? ie. not from an external sender but groupA who is internal? 

    Wednesday, September 30, 2015 4:24 PM
  • Sorry just to clarify what im trying to achieve is when someone external sends an email to group A, its received by groups B/C/D - where group A is allowed receive external email and group b/c/d is not, that was the setup in exchange 2010 and what i would like to replicate in 2013. 

    Wednesday, September 30, 2015 4:32 PM
  • Hi,

    I've just tested the transport rule in my lab and it will block external email to all members of Group B. I don't think there is a way to do what you want with Exchange 2013. 

    If you're concerned about internet users emailing GroupB, this would not make any difference as internet users can email GroupA which sends email to GroupB and other groups. 

    Thanks.


    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010

    Blog: http://markgossa.blogspot.com

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    • Proposed as answer by Mark Gossa Thursday, October 1, 2015 12:52 PM
    Thursday, October 1, 2015 12:03 AM
  • Hi Mark, many thanks for your help and taking the time, however the last line of your reply is the reason why i put up this post in the first place, when you send an external email to groupA it DOESNT send email to group B and others unless groupB and others are set to allow external mail.
    Thursday, October 1, 2015 8:12 AM
  • Hi,

    Based on my knowledge, if the external users want to send to Group A with groups b/c/d nested,  all groups a/b/c/d should be set to "senders inside and outside of my organization".

    If you don't want to disable RequireSenderAuthenticationEnabled for all groups, we can consider creating Dynamic distribution group and filter the recipients included in Groups b/c/d instead of using nested distribution group as a workaround.

    Regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Winnie Liang
    TechNet Community Support

    Thursday, October 1, 2015 9:12 AM
    Moderator