Blog

Exchange 2007 – SMTP Authentication

Date July 28, 2009 Author By Category Microsoft Exchange

The default installation of Exchange 2007 does not allow authenticated users to relay through the server.  This means your IMAP or POP3 clients will not be able to send mail until you change the settings.

Error Message:

The message could not be sent because the server rejected the sender's e-mail address. The sender's e-mail address was 'myname@mydomain.com'. Subject 'Test', Account: 'mydc.mydomain.local', Server: 'mydc.mydomain.local', Protocol: SMTP, Server Response: '550 5.7.1 Client does not have permissions to send as this sender', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC78

How to fix it:

Reference this article for more information.

Key information:

Setting Permissions by Using ADSI Edit

Active Directory Service Interfaces (ADSI) Edit is a Microsoft Management Console that is provided with the Windows Support Tools. ADSI Edit is used as a low-level editor for modifying properties of Active Directory or ADAM objects that are not exposed in other management interfaces. ADSI Edit should only be used by experienced administrators.

You can use ADSI Edit to view and modify the ACLs for Send connectors and Receive connectors. After you open ADSI Edit, you locate the connector object. Exchange 2007 connectors are stored in the Configuration partition of the directory service. Send connectors are stored as an object in the Connections container. Receive connectors are stored as a child object of the Exchange 2007 transport server.

To modify Receive connector permissions by using ADSI Edit:

  1. Locate the Receive connector by going to the following location:CN=ConfigurationCN=ServicesCN=Microsoft ExchangeCN=<Organization> CN=Administrative GroupsCN=Exchange Administrative Group (FYDIBOHF23SPDLT)CN=ServersCN=<Server Name>CN=ProtocolsCN=SMTP Receive Connectors
  2. Select a Receive connector in the results pane. Right-click and then click Properties.
  3. Click the Security tab. The following screen is displayed:
    Receive Connector Security Tab in ADSI Edit
  4. Select Authenticated Users and grant Accept any Sender, Accept Authentication Flag, and Accept Authoritative Domain Sender.
  5. You should do this for both Receive Connectors if your clients need to send on both ports 25 and 587. 

Note: Mac Mail clients will use port 587 if port 25 if blocked by their ISP.

Leave a Reply

Your email address will not be published.