I am trying to setup a receive connector as described in https://www.codetwo.com/admins-blog/how-to-prevent-internal-email-spoofing-in-exchange/
This receive connector listens to IP Ranges from the internal network. Here is how I created the connector:
New-ReceiveConnector -Name "Internal Clients" -TransportRole FrontendTransport -Usage Custom -Bindings 0.0.0.0:25 -RemoteIPRanges 192.168.0.50 -AuthMechanism TLS,Integrated -PermissionGroups ExchangeUsers
The IP address is from the machine I'm doing the testing from. Now I want to send a message from this computer. I am testing with PowerShell.
Send-MailMessage -SmtpServer [email protected] -UseSsl -From [email protected] -to [email protected] -Subject "Test"
In the link mentioned above, this seemed to work immediately. I however get the following error message:
Send-MailMessage: The SMTP server requires a secure connection or the client was not
authenticated. The server response was: 5.7.1 Client was not
authenticated
I'm logged in as [email protected]. So I thought that maybe this doesn't work because the receive connector doesn't have the anonymous access and that I have to provide credentials.
After manually providing the Credentials with the -Credentials parameter I receive the following message instead.
5.7.1 Client does not have permissions to send as this sender
This doesn't make any sense to me, since I am literally authenticating as the AD user of the mailbox, but I cannot send mails.
The FrontendTransport Receive Connector Log has the following entries:
2020-01-31T09:01:02.552Z,SERVER\Internal Clients,73D4991F209,46,192.168.0.1:25,192.168.0.50:52691,*,DOMAIN\TEST,authenticated
2020-01-31T09:01:02.583Z,SERVER\Internal Clients,73D4991F209,47,192.168.0.1:25,192.168.0.50:52691,*,,Proxy session was successfully set up. Outbound session will now be proxied
2020-01-31T09:01:02.583Z,SERVER\Internal Clients,73D4991F209,48,192.168.0.1:25,192.168.0.50:52691,>,235 2.7.0 Authentication successful,
2020-01-31T09:01:02.661Z,SERVER\Internal Clients,73D4991F209,49,192.168.0.1:25,192.168.0.50:52691,-,,Remote(SocketError)
It looks like the authentication goes through, but after that there is an error?
Okay I found the log of the connector which it gets proxied to, this basically just shows the message that I already get in my PowerShell Session:
2020-01-31T09:21:26.875Z,SERVER\Client Proxy SERVER,48F69B08,67,192.168.0.1:465,192.168.0.50:13767,>,550 5.7.1 Client does not have permissions to send as this sender,
2020-01-31T09:21:26.875Z,SERVER\Client Proxy SERVER,48F69B08,68,192.168.0.1:465,192.168.0.50:13767,-,,Remote(ConnectionReset)
So I guess my question would now be why am I getting refused to send as the sender who owns the mailbox?
According to error messages, you could run AdsiEdit and select the following path: Configuration – Services – Microsoft Exchange – – Administrative Groups – Exchange Administrative Group – Servers – – Protocols – SMTP Receive Connectors
Select custom receive connector and click “Security” tab and grant the “Accept Authoritative Domain Sender” allow permission for the “Authenticated users”
More steps in this article for your reference.