In a Exchange 2003 the SMTP collector
has the 'Delivery Restriction
' configurated to deny for all except for who is in a security group mail-enabled (called 'InternetMail').
There are user mail-enabled and dummy user for shared mailbox ( think them as 'office mailbox' delegated to many users )
Some user mail-enabled and some dummy-user mail-enabled are in the InternetMail group and other no.
So far so good.
The issue is that when a user with personal mailbox is in the InternetMail
group and has also access to a dummy mailbox (not in the InternetMail
group) can send emails outside also from this dummy mailbox even if it is not in the group!
My guess is that the 'delivery restriction' lookup, not only look to the group-membership of the user owner of the mailbox, but also, the group-membership of the delegated user with 'send as' permission to evaluate the condition.
Maybe is by design but I need some microsoft document to certificate this behaviour or the evidence that something is not right configured in exchange.
I've try a deep googling but no luck, maybe I've wrong the query...
Feel free to ask more information or clarificaton.
Are you sure they are actually sending email out as that dummy user that doesn't have internet email access, or are they sending "on behalf of"? Big difference on how the email is processed and which "mailbox user" it is sent from.
You should also look at this KB article to properly understand how to restrict internet email inbound and outbound: http://support.microsoft.com/kb/924635