5.7.1 Error Sending to a Distribution List

[anonim1]

When an external user sends mail to an internal distribution list to which he has access, he receives the following error:

Your message did not reach some or all of the intended recipients.
Subject: RE: Distribution List
Sent: 9/8/2008 6:48 PM
The following recipient(s) could not be reached:
TestDL1 on 9/8/2008 6:23 PM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<mymailserver.mydomain.loc #5.7.1>

The server name at the bottom of the message is at our organization, not his. The distribution list has an e-mail address of TestDL1@domain.com. The external user's e-mail address is user@external.com. I have created a "Contact" object in Active Directory with his e-mail address. This object is a member of the TestDL1 distribution list.

The distribution list has message restrictions set up. On the "Exchange General" tab under "Accept Messages", I've specified "Only From" and added the list itself (TestDL1) to the group. I've also added my domain account as a list member.

I can send to and receive mail from this list without any issues. The external user can receive messages sent to the list, but he cannot send to the list.

By adding the list object to the "Accept Messages Only From" box, I assume I am implicitly giving user the necessary permissions to send to the list. I've also tried explicitly adding his contact object to this box, but this did not resolve the issue.

I set up another distribution list and configured everything exactly the same, except that I created a Contact object for my own external e-mail address. I was able to send and receive successfully with the message restrictions in place.

I'm thinking the issue has to do with specifically this user. He can send mail to users at my organization (with the same domain name) without any issues. The issue only appears when he tries to send to a distribution list with restrictions configured.

Please let me know if I can provide anymore details.

 

[anonim1]

No one has any ideas?

 

[bustamove]

ok. try to message tracking centre thing, try to search the incoming email address, look the header and make sure his incoming address is exactly.

 

[bustamove]

ok. try to message tracking centre thing, try to search the incoming email address, look the header and make sure his incoming address is exactly user@external.com, and the system didn't append anything to it

 

[TechyMcSe2k]

I believe the issue would be authenticating the user from an external account outside of your network. The outside sender would need an account within your domain to authenticate to your Exchange environment to allow them to be added to the "restricted" sender group. I would just hide the DL from the GAL and forget about locking it down and proceed from there. Thoug it depends on your needs and restrictions in your environment.

 

[bustamove]

i think hiding it internally will not prevent outside people harvest this list and start spamming. he has a contact for the outside address set up in his domain, but need to make sure the return-path of the sender has the same address as the contat SMTP address. i had exact same problem when return-path doesn't match the address, when turn on bounce verification, for example.

 

[anonim1]

I checked the Message Tracking Center for e-mails from the external user. When I open the item, I see the following:

9/15/2008 - 4:29PM - SMTP: Message Submitted to Advanced Queueing
9/15/2008 - 4:29PM - SMTP: Started Message Submission to Advanced Queue
9/15/2008 - 4:29PM - SMTP: SMTP: Message Submitted to Categorizer
9/15/2008 - 4:29PM - SMTP: Message Categorized and Queued for Routing
9/15/2008 - 4:29PM - SMTP: Non-Delivered Report (NDR) Generated

I am using a Gmail address to perform the testing. In the message header, the correct address appears in the "From" field. However, there is a [guid]@mail.gmail.com in the "Message-ID". I added another e-mail address to the user object in Active Directory with [username]@mail.gmail.com. This, however, did not fix the issue.

I tried right-clicking on the log items in the Message Tracking Center, but there is no way to get any additional information.

Any other suggestions?

 

[bustamove]

sorry i am not good at explaing things...please try the following:

Disable any restrictions on this mail list and ask the person send a message. this should go through no problem. grab the header of this message and find what the "return-path" is, does it match the actual SMTP address?

it doesn't work if they do not match. (this is my experience)

 

[anonim1]

Assuming the external address is user123@gmail.com, the Return-Path on the delivered message was prvs=1138e7b196=user123@gmail.com.

 

[bustamove]

bounce verification is on. thats why you see the random stamp there. so it will not work.

are you using gmail for real? try talk to the their mail admin, close bounce verification, at least for your domain...

 

[anonim1]

Interesting. I will do some more research about bounce verification. The end user who is reporting this error does not use Gmail, so we may have luck with getting their mail admin to disable this feature for our domain. However, I don't think Gmail will address a request such as this.. I'll keep you posted, thank you for your help bustamove.

 

[bustamove]

i think they may use ironport appliance on their end, it is easy to ask them turn that thign off.