question

DieterTontsch-0908 avatar image
0 Votes"
DieterTontsch-0908 asked KaelYao-MSFT commented

Using AD User WITHOUT EXCHANGE MAILBOX for SMTP Authentication on Exchange (on-premises)

We have the requirement to use an Exchange SMTP Connector in order to send emails from third-party systems. Yet we have a mix out of SMTP Authentication with an AD user who has no mailbox on Exchange (all on-prem), and anonymous SMTP which connects to another dedicated Connector who allows anonymous replay. the later is restricted to particular IP addresses.

But we'd prefer to not use anonymous SMTP anymore, but only smtp auth instead. At the same time I did not want to create a bunch of mailboxes for different smtp auth users. I have asked this question a few years ago here already: https://social.technet.microsoft.com/Forums/en-US/50c1a28f-869a-4897-a805-c1ada00a2d1e/smtp-connector-with-auth-for-ad-user-only-without-mailbox?forum=Exch2016Adm

Jason Chao stated this is not possible. But as far as I can tell, we have such an user, that works for SharePoint Outgoing Email and also from a PowerShell command.

 Send-MailMessage -smtpServer my.exchange.fqdn -credential smtpauth@company.com -from 'sophosxg@outside-company.com' -to 'mailbox.user@company.com' -subject 'Test Extern' -body 'whatever' -UseSsl

But it does not work for several other third-party systems, while authentication with an user who has a mailbox works.
I'd like to understand what the limitations here are, and whether a AD is required to have a mailbox on Exchange or not. Or can I eventually just set a certain attribute to thsi user, so that it also works with these systems in charge?

kind regards,
Dieter

office-exchange-server-mailflowoffice-exchange-server-connectivityoffice-exchange-server-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

DieterTontsch-0908 avatar image
1 Vote"
DieterTontsch-0908 answered KaelYao-MSFT commented

I think I found the solution by myself.
Actually a certain AD user without mailbox needs ms-Exch-SMTP-Accept-Authoritative-Domain-Sender (or ms-Exch-SMTP-Accept-Authoritative-Any-Sender) extended right on the respective Send Connector. This can only by set (from what I know), via Exchange Management Shell.

Example:

 Get-ReceiveConnector "<connector name>" | Add-ADPermission -User "<username>" -ExtendedRights "ms-Exch-SMTP-Accept-Authoritative-Domain-Sender"

For us this works then with services which it didn't before.
This way the user does not need to have a mailbox on Exchange.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Glad to hear the issue has been resolved.
Thanks for the sharing!

0 Votes 0 ·