locked
Cannot send mail from "outside" to mail enabled Public Folder. RRS feed

  • Question

  • I am trying to enable anonymous to send to my PF and although command seems to work fine, I still get a failure when trying to send mail to it from outside.

    Here is how I use it (and worked in Exchange 2010 and doesn't in 2016):

    - Mail is sent to a distribution group like this: groupmail@mydomain.com
    - One of the members (among "normal" users) is groupmail-PF@mydomain.com which is the mail-enabled public folder.
    - People sending to groupmail@mydomain.com get a failure that "groupmail-PF@mydomain.com cannot receive anonymous email".
    - I *have* added anonymous with CreateItems right and even restarted services.
    Add-PublicFolderClientPermission -Identity “<PF Name>” -AccessRights CreateItems -User Anonymous
    (note that there is no real user anonymous)

    Any ideas?


    NLS

    Monday, March 6, 2017 2:06 PM

All replies

  • Hi

    Try this

    Set-MailPublicFolder -Identity "" -RequireSenderAuthenticationEnabled $false


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/

    Monday, March 6, 2017 2:14 PM
  • Thanks. Tried that and got:

    WARNING: The command completed successfully but no settings of '<my PF>' have been modified.

    (which I suspect means it was already set that way)



    NLS

    Monday, March 6, 2017 4:28 PM
  • Two more things checking Get-MailPublicFolder |fl

    1) I have it hidden from address list.

    2) There is no "ExternalEmailAddress" set.


    NLS

    Monday, March 6, 2017 4:30 PM
  • Two more things checking Get-MailPublicFolder |fl

    1) I have it hidden from address list.

    2) There is no "ExternalEmailAddress" set.


    NLS

    Hidden from address list should be fine as it is still subjected to receive emails even though it is hidden from GAL

    The ExternalEmailAddress parameter specifies an email address outside the organization.

    Please assign it an external email address and validate the outcome


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    • Edited by Akabe Monday, March 6, 2017 4:46 PM
    Monday, March 6, 2017 4:45 PM
  • Just did. Will need a few hours to check.


    NLS

    Monday, March 6, 2017 4:52 PM
  • Not a problem.

    I hope this will help. Other than these two settings (ExternalEmailAddress & RequireSenderAuthenticationEnabled ) there shouldn't be any problem

    Have a good one


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/

    Monday, March 6, 2017 4:55 PM
  • Well actually the plot thickens.

    It still happens. BUT not to everybody and actually not to external senders!!!

    I sent a test using some other mail external server, I got no error.

    I sent using my own account internally in the organisation (the account is administrative), I got no error.

    A normal user, INSIDE the organization (!) and also a member of the distribution group itself, got the error!

    He cannot be unauthenticated by no means.

    Your message couldn't be delivered to a public folder because delivery to this address is restricted to authenticated senders. If the problem continues, please contact your email admin.
    
    Remote Server returned '550 5.7.13 STOREDRV.AuthenticationRequiredForPublicFolder; Anonymous users are not permitted to add contents to mail enabled public folder, authenticated required [Stage: CreateMessage]'
    


    NLS

    Monday, March 6, 2017 5:03 PM
  • You might wana check mail flow restriction. There might be a case where this user is restricted from sending an email

    Under "mail flow settings" the "Accept messages from:" option is set to "All senders"

    Get-mailPublicfolder "" | fl RejectMessagesFrom, RejectMessagesFromDLMembers


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    • Edited by Akabe Monday, March 6, 2017 5:11 PM
    Monday, March 6, 2017 5:11 PM
  • You can also check

    Get-MailPublicFolder | fl auth*
    Get-PublicFolder "\sales team pf" | Get-PublicFolderClientPermission and see what permission does a default user and anonymous user hold

    Other than that things should be fine


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/

    Monday, March 6, 2017 5:13 PM
  • 1) No mail flow issue.

    2) Get-MailPublicFolder | fl auth* produces 5-6 empty lines on console.

    3) Here is the client permission output of one of my PF (that has the problem:

    FolderName           User                 AccessRights
    ----------           ----                 ------------
    Bunkers              Default              {Author}
    Bunkers              Anonymous            {CreateItems}
    Bunkers              Nick Sardelianos (that's me)    {PublishingEditor}
    Bunkers              Bunkers      {Reviewer}

    Issue still happening. I have already populated "ExternalEmailAdress" attribute properly btw.


    NLS

    Tuesday, March 7, 2017 1:15 PM
  • Hi,

    What is the issue now (1st point you have mentioned is no mail flow issue)? Internal user not able to send an mail to PF or external user? what NDR


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/

    Tuesday, March 7, 2017 1:21 PM
  • Also what if you re-enable the PF to be mail enabled?Also try to set the hiddenfromaddresslist to false

    - https://technet.microsoft.com/en-us/library/aa997560(v=exchg.160).aspx


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer | https://www.linkedin.com/in/abrar-kaberi-46a483102/


    • Edited by Akabe Tuesday, March 7, 2017 1:32 PM
    Tuesday, March 7, 2017 1:23 PM
  • The issue is the same as it was. Users cc their mail to bunkers@mydomain.com distribution list, where one of the members is bunkers-pf@mydomain.com which is the mailbox of a PF. I can do it and get no NDR, I can sent from some other mail server, I don't get NDR, but they get NDR when they do it, from inside the organization (and even members of the same distribution list).

    I will try re-enabling mail for PF and termporarily unhide it from address list and get back to you.


    NLS

    Wednesday, March 8, 2017 8:08 AM
  • Hi NLS,

    Does re-enable help? 

    If the issue has been resolved, please mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well. 
    Thanks for your understanding.



    Niko Cheng
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 10, 2017 2:39 AM
  • I haven't tested yet. I need more time until I get back to client and make the tests.


    NLS

    Friday, March 10, 2017 11:48 AM
  • Take your time Nick.


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer

    Friday, March 10, 2017 11:55 AM
  • Haven't tested switching it on the contact list yet.

    But I think we are going to the wrong direction.

    I just verified the CONTENTS of the public folder.

    Note the bold.

    1) Email from real external senders (which ARE unathenticated of course), do get in the PF (and I think do not get an NDR from my last own test)!

    So right from the start, the error that supposedly unathenticated users cannot send to PF is wrong.

    2) Email sent from me, that I am an administrator of the organization, get in the PF (and of course no NDR).

    3) Email sent from the rest of my users (that are of course authenticated domain users) hits the error (get NDR) and their mail doesn't get in the PF! Note that the users are also part of the distribution list that has the PF as a member. Email DOES get distributed otherwise (other members see it).

    4) Email "sent as" the distribution list (a property that I have set for select members) TO the distribution list, also do not get in the PF but do not get NDR either. Email DOES get distributed otherwise (other members see it).

    I also tested case 2, 3 and 4, sending directly to PF mailbox and not using the distribution list. Same problem. I can send to it, users cannot.

    It could be a bug...


    NLS


    • Edited by NULUSIOS Friday, March 10, 2017 1:04 PM
    Friday, March 10, 2017 1:01 PM
  • Is that distribution group mail enabled?

    What happens if you remove PF from the DG membership and then ask internal user to send an email to only PF

    Any restriction on DG? or any moderator set on DG

    Get-distributiongroup | fl reject*, accept*, ModeratedBy, ModerationEnabled, RejectMessagesFrom, RequireSenderAuthenticationEnabled

    Can you please share the output of above


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer

    Friday, March 10, 2017 1:12 PM
  • Cannot remove the PF from the DG right now (it is production and receives much mail) - possibly wil test at night.

    As for the output, for all the "offending" DG I have such:

    RejectMessagesFrom                     : {}
    RejectMessagesFromDLMembers            : {}
    RejectMessagesFromSendersOrMembers     : {}
    AcceptMessagesOnlyFrom                 : {}
    AcceptMessagesOnlyFromDLMembers        : {}
    AcceptMessagesOnlyFromSendersOrMembers : {}
    ModeratedBy                            : {}
    ModerationEnabled                      : False
    RejectMessagesFrom                     : {}
    RequireSenderAuthenticationEnabled     : False

    ...so this doesn't look like a configuration issue.


    NLS

    Friday, March 10, 2017 1:34 PM
  • Yup the config of DG looks fine

    two things:-

    1. Either remove PF as a member from DG and test?

    2. Re-enable PF for mail


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer

    • Proposed as answer by Niko.Cheng Tuesday, April 11, 2017 6:02 AM
    Friday, March 10, 2017 1:37 PM
  • Will do, off business hours.

    Thanks.


    NLS

    Friday, March 10, 2017 1:49 PM
  • Hi NLS,

    How about testing result ? If you have any questions or needed further help on this issue, please feel free to
    post back.

    Best Regards,



    Niko Cheng
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 14, 2017 3:08 AM
  • I had this same issue after upgrading my exchange 2013 server to CU19, from CU4.

    I found the issue was due to the anonymous user had no permissions.   My externalsmtp address is empty but that's not a problem, at least for me.

    I fixed it by running this: Get-PublicFolder "\sales team pf" | Add-PublicFolderClientPermission -user Anonymous -accessrights contributor

    Thank you for your suggestion.


    Jason

    Tuesday, March 20, 2018 3:58 PM
  • I had the same issue, but I solved it directly from outlook, right click on the public folder, properties, permissions, select the anonymous user and just gave the permission to write, Ok, issue solved. ( https://technet.microsoft.com/en-us/library/aa997560(v=exchg.150).aspx ) 
    Wednesday, March 28, 2018 3:52 PM