Problem How do you setup an email workflow for a Windows NT Service? I have configured Microsoft Team Foundation Server (TFS)to emailthe send the alert messages to adistribution list and configured the FROM as the same distribution list. The reason being, the people monitoring the problems are on the distribution list. Any accidental replies should not accumulate in an Windows Service Mailbox allocated to a Windows Service. TheTFS Service account "TFSSERVICE_CETTF02" has minimal permissions. This is to follow a defence in depth practises. The event viewer error message indicates the service account does not have permission to the authenticate with SMTP transport. Either I am configuring a bad mail workflow or I need to set a DACL for the SMTP transport. I need some direction on how to configure exchange server 2007. Event Viwer Error Event Type:ErrorEvent Source:MSExchangeTransportEvent Category:SmtpReceive Event ID:1025Date:9/29/2008Time:7:25:48 AMUser:N/AComputer:CETEXCH07SRVDescription:SMTP rejected a (P1) mail from 'TeamServiceAlerts2@AAAAAAAAA.com' with 'Default EXCHANGESERVER' connector and the user authenticated as 'AAAAAAA\TFSSERVICE_CETTF02'. The Active Directory lookup for the sender address returned validation errors. Microsoft.Exchange.Data.ProviderError For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Thanks in advance, Robert Livermore

Hi Robert, Did you give Send-As permission to TFSSERVICE_CETTF02 on distribution list? Since you are sending mail by putting distribution list in From address and with TFSSERVICE_CETTF02 account, service account requires send-as permission on DL. Refer below article, it is for granting permission for a mailbox but it issame for DL... How to Grant the Send As Permission for a Mailbox http://technet.microsoft.com/en-us/library/aa998291.aspx

Thanks for the help. It is almost the solution I am after. The problem is the TFSSERVICE_CETTF02 has no mailbox. This is by design. The window's service (Microsoft Team Foundation Server in this case) cannot read email. Email may be sent to the mailbox, accumulating in the storage, and you may never knowmail is there. Who really has time to check all windows service account mailboxes for accumulating email? I did find another article which helped. http://technet.microsoft.com/en-us/library/aa997170.aspx According to the article the DACL for receiving email is configured on transport receiver. I have grouped the TFS Services into a security group "TeamServices". Added the Security group to the transport receiver with the extended rights to "ms-Exch-SMTP-Accept-Any-Sender" The windows service's process is running with a domain account. When sending email it should assume the authenticated user extended rights. Plus the additional right ms-Exch-SMTP-Accept-Any-Sender. This will by pass the return address check. I am still leaving the spam, and recipient checks enabled for defence in depth purposes. PowerShell: Add-ADPermission -Identity "NAME OF CONNECTOR" -User "AAAAAAAAAAAA\TeamServices" -ExtendedRights ms-Exch-SMTP-Submit,ms-Exch-SMTP-Accept-Any-Sender I am going to give this a try for a few day to see if this corrects the transport errors.

Hi Robert, I would like to explain that the event id 1025 indicates a problem validating the e-mail address of a sender that was using "Send as" permission to send a message. The Active Directory directory service lookup for the sender's address returned the specified validation errors. For your reference: SMTP rejected a mail because the Active Directory lookup for the sender address returned validation errors http://technet.microsoft.com/en-us/library/bb217711(EXCHG.80).aspx According to the above article, I think that issue related to the send as permission. Therefore, I suggest you assign the send as permission of the group to the specific user: Add-adpermission mail enabled group user username Extendedrights send as Note: I have local tested the command by using a user with no mailbox enabled. Mike