My scenario is I have Exchange 2010 and created a custom Receive Connector with Integrated Windows Authentication only. I have the connector configured correctly 100%. I also have a Windows 2008 Server with smtp installed. On the outbound securities button I have a domain admin account configured for Integrated Authentication and everything works fine. However I want to change that account to some kind of service user account. However when I change the account I receive smtp;550 5.7.1 Client does not have permissions to send as this sender. Any help would be greatly appreciated. Thanks.

Hi, When you have ndr 5.7.1 its permission issue, check the following settings: On Exchange 2010 smtp receive add or check if the other server ip is added. Check the permission on authentication & security tab. How the other smtp try to send email? did you check the log file of the other smtp? Eli. Unified Communication , https://www.facebook.com/groups/mucugi/

My apologies for the late response. The Exchange Receive Connector is configured correctly to receive from my Windows 2008 smtp relay server, it has to do with account permissions. What ever account I use on my Windows 2008 SMTP relay--properties--delivery--outbound security--integrated windows has to have specific permissions and I do not know what they are supposed to be. As I said, the domain admin account works, I want to use a domain user account. What permissions would a domain user account need to send mail from the smtp relay to an exchange internal receive connector that allows 'send as this sender' for every sender in the company. the domain admin account has it, but as I said, I do not know specifically what it is. Thanks.

On Wed, 6 Feb 2013 14:08:04 +0000, LT757 wrote: > > >My scenario is I have Exchange 2010 and created a custom Receive Connector with Integrated Windows Authentication only. I have the connector configured correctly 100%. I also have a Windows 2008 Server with smtp installed. On the outbound securities button I have a domain admin account configured for Integrated Authentication and everything works fine. However I want to change that account to some kind of service user account. However when I change the account I receive smtp;550 5.7.1 Client does not have permissions to send as this sender. Any help would be greatly appreciated. If the credentials you use for authentication aren't those of the address in the MAIL FROM then the receive connector is going to regard that situation as address spoofing. E.g. You authenticate as domain\user1 (and that user has a a SMTP address of user1@domain.com) but you send a message using "MAIL FROM:<differentuser@domain.com>". That's a "spoofed" address. It doesn't belong to the account that was authenticated. You need to assign the "ms-Exch-SMTP-Accept-Any-Sender" extended right to the domain\user1 user (using the example below) on the Receive Connector. Get-ReceiveConnector "ConnectorName" | Add-ADPermission User "domain\account" ExtendedRights ms-Exch-SMTP-Accept-Any-Sender --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Wed, 6 Feb 2013 14:08:04 +0000, LT757 wrote: > > >My scenario is I have Exchange 2010 and created a custom Receive Connector with Integrated Windows Authentication only. I have the connector configured correctly 100%. I also have a Windows 2008 Server with smtp installed. On the outbound securities button I have a domain admin account configured for Integrated Authentication and everything works fine. However I want to change that account to some kind of service user account. However when I change the account I receive smtp;550 5.7.1 Client does not have permissions to send as this sender. Any help would be greatly appreciated. If the credentials you use for authentication aren't those of the address in the MAIL FROM then the receive connector is going to regard that situation as address spoofing. E.g. You authenticate as domain\user1 (and that user has a a SMTP address of user1@domain.com) but you send a message using "MAIL FROM:<differentuser@domain.com>". That's a "spoofed" address. It doesn't belong to the account that was authenticated. You need to assign the "ms-Exch-SMTP-Accept-Any-Sender" extended right to the domain\user1 user (using the example below) on the Receive Connector. Get-ReceiveConnector "ConnectorName" | Add-ADPermission User "domain\account" ExtendedRights ms-Exch-SMTP-Accept-Any-Sender --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Thank you Rich, that sounds logical and correct to me. I will try that, and post results in a few days.