Home > Exchange 2007, How To > Microsoft Finally Starts Protecting Me from Myself

Microsoft Finally Starts Protecting Me from Myself

September 5th, 2008 Dave Leave a comment Go to comments

And of course it bites me.  When setting up Distribution Groups in Exchange 2007, there is a silly option that is set by default that will prevent sending to that group from external sources.  I suppose it’s a security feature, making you manually enable that address to be accessed from unauthenticated users, but it can be a head scratcher if you’re not looking for it. 

The error you would get if you tried to send to this group from outside would look something like:

Delivery has failed to these recipients or distribution lists:

yourlist@yourdomain.com

Your message wasn’t delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

Sent by Microsoft Exchange Server 2007

Diagnostic information for administrators:

Generating server: yourdomain.com

yourlist@yourdomain.com

#550 5.7.1 RESOLVER.RST.AuthRequired; authentication required ##

….

Final-Recipient: rfc822;yourlist@yourdomain.com

Action: failed

Status: 5.7.1

Diagnostic-Code: smtp;550 5.7.1 RESOLVER.RST.AuthRequired; authentication required

X-Display-Name: yourlist@yourdomain.com

 

So, after you create the Group, right-click on it, then go to properties.  Click the Mail Flow Settings tab and it looks like this:

 image_4

Select Message Delivery Restrictions, then click the properties button and you’ll see:

image_6

Uncheck the box that says "Require that all senders are authenticated", and you should be good to go.

Categories: Exchange 2007, How To Tags:
  1. Josh Lynch
    December 22nd, 2008 at 14:27 | #1
    Reply | Quote

    How can this be bypassed when you create new distribution groups? Is there a power shell cli that can be executed to allow unauthenticated users to send to the group by default?

  2. Dave
    December 22nd, 2008 at 15:28 | #2
    Reply | Quote

    You can use the Set-DistributionGroup cmdlet to do that. It would look something like:

    [PS] C:\Windows\System32>Set-DistributionGroup -identity [your distribution group] -RequireSenderAuthenticationEnabled $False

  3. João Mascarenhas
    March 8th, 2010 at 05:22 | #3
    Reply | Quote

    It’s there any way to i re-send email that were bloked when the check its not select?

    Thanks

  4. Dave
    March 8th, 2010 at 08:44 | #4
    Reply | Quote

    Eu nao descobri como fazer isso. Acho que as mensagens sao perdidos.

  1. No trackbacks yet.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word