Need some users to be able to connect/send via SMTP from outside- event 1018 does not have submit permissions on SMTP Recieve connector

We have recently deployed exchange 2013 in our environment with WAP,  previously we were using Exchange 2010 with ISA.  Users still want to use POP3, IMAP4 to retrieve mail, and SMTP to send.  We have configured our firewall and a netscaler for this, however external users cannot use SMTP on 587 or 25, and exchange logs show event 1018- message is:

The account 'mydomain\user' provided valid credentials, but it does not have submit permissions on SMTP Receive connector 'Default Frontend exchangeserver1'; failing authentication.

I've researched this error and the solution states:

Explanation

This Warning event indicates that the security principal that is trying to use the specified Receive connector does not have the Ms-Exch-SMTP-Submit permission assigned to it on the Receive connector. Security principals are user accounts, computer accounts, or security groups.

The Ms-Exch-SMTP-Submit permission allows the Receive connector to accept the SMTP MAIL FROM: command from the connecting messaging server.

Receive connectors grant permissions to security principals or to permission groups. Permission group members and their assigned permissions cannot be modified. All permission groups grant the Ms-Exch-SMTP-Submit permission on the Receive connector.

User Action

To resolve this problem, do one of the following:

  • Use the Set-ReceiveConnector cmdlet in the Exchange Management Shell to assign the appropriate permission group to the Receive connector. For more information, see Set-ReceiveConnector.
  • Use the Add-ADPermission cmdlet in the Exchange Management Shell to grant the Ms-Exch-SMTP-Submit permission to an appropriate security principal, and then assign that security principal to the Receive connector. For more information, see Add-ADPermission.

HOWEVER,

there is only one example of this command in powershell/technet, so I am not sure what the command for my particular case should look like- and I would like to know a little more about what is actually happening- basically, I am giving this user permissions to send through the receive connector, instead of just the exchange servers, is that the gist of it?

August 18th, 2015 12:58pm

The default frontend connector is not designed for sending email with a authentication - that is what the client receive connector is for. Therefore you should be sending the email to that connector.

Have you tested the connector internally? You need to rule out the publication process first - ensure that Exchange is working correctly.

Simon.

Free Windows Admin Tool Kit Click here and download it now
August 18th, 2015 2:10pm

Hi,

Please check your Receive connector 'Default FrontEnd exchangeserver1' settings in Exchange server.

Make sure "Exchange users" permission is enabled on "Default FE Receive connector" and restarted FE transport service to have a try.

Regards,

August 19th, 2015 5:10am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics