locked
Authentication Changes - 2013 on Receive Connector RRS feed

  • Question

  • I am using an application that uses authenticated SMTP access on port 587.  In older versions of Exchange (2003, 2007, 2010), part of the setup was to go into the exchange management shell and add these two permissions (ExtendedRights) :  ms-Exch-SMTP-Accept-Any-Sender, ms-Exch-SMTP-Accept-Authoritative-Domain-Sender 

    so a specific administrative user could "send as" any exchange users.

    In 2013 I am seeing the following error:

    550 5.7.1 Client does not have permissions to send as this sender.

    I was able to get around this problem by going into the Exchange Admin Center, selecting the mailbox of the user that received this error,  updated the "send as" in mailbox delegation settings assign this role to the specific user.  In older versions of exchange the step that was performed in the management shell (Add-ADPermission) was all that was required.   In 2013 Is there a global way to set/allow a specific user to "send as" any authenticated exchange user for a specific receive connector?

    Friday, May 3, 2013 10:02 PM

Answers

  • Wendy

    I created a new receive connector and defined it as a Hub Transport and not a Front-End Transport; followed my setup instructions and this time the emails worked as expected.    Exchange 2013 has changed under the hood .... thank you for your help.

    Monday, May 6, 2013 7:15 PM

All replies

  • Hi ,

    Send as permission is associated with two mail accounts and  there is no way to grant this permission for a special receive connector, but you can grant this permission for all mailboxes, you can also create a shared mailboxes to achieve this goal.

    Add-ADPermission:

    http://technet.microsoft.com/en-us/library/bb124403(v=exchg.150).aspx

    Shared Mailboxes:
    http://technet.microsoft.com/en-us/library/jj150498(v=exchg.150).aspx


    Wendy Liu
    TechNet Community Support

    Monday, May 6, 2013 7:38 AM
    Moderator
  • Wendy

    Thank you for your response.  You mention "there is no way to grant this permissions for a special receive connector" is this something new in Exchange 2013?  The setup procedures I am following worked for 2007 and 2010 Exchange.   The application I am testing has a user designated to be the sender into the SMTP recieve connector of all emails.  This user was given granted these permissions by the following two powershell cmdlets:

    Add-ADPermission "receive connector name" -User "mail box user name" -ExtendedRights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

    Add-ADPermission "receive connector name" -User "mail box user name" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

    In 2013 what would be the cmdlet that would allow this to happen?  We are not sharing mailboxes.

    Monday, May 6, 2013 3:13 PM
  • Wendy

    I created a new receive connector and defined it as a Hub Transport and not a Front-End Transport; followed my setup instructions and this time the emails worked as expected.    Exchange 2013 has changed under the hood .... thank you for your help.

    Monday, May 6, 2013 7:15 PM