Exchange/SBS 2003 – You do not have permission to send to this recipient. -Solved!

There are a lot of variables where a problem like this can take a while to track down and resolve, so hopefully if you encounter this issue again, the resolution will be easy.

A user called complaining they would receive a bounceback message from Exchange whenever trying to send an email as a different user, for example, “[email protected]”. They had not previously experienced this problem trying to send on behalf of that user and “something suddenly changed.”

To make a long story short, in this case, the resolution was that the From: field contained a corrupt .NK2/NickName entry for the “Promoter” address. When auto-resolving the email address for the “From” field, I had to type in the first letter of the bad entry, arrow down to the corrupt entry in the nickname list, so that it was highlighted and hit the Delete button. Next, to put in the correct “From: Promoter” address, I had to manually click the “From” button, go to the Global Address List and select “Promoter”. This resolved the correct entry and the From: field was now populated with “Promoter” instead of “[email protected]”. The message could now be sent without a failure/bounceback/error message.

Read below for the workflow that caused the problem and what I had to do to resolve it:

The user opened a new mail message. The From field is “shown” and the user typed in the first letter of the address who the email is from. In this case, “p”. This auto-resolved the nickname as an email address “[email protected]”. The user would then type in the recipients name into the To: field (in this case [email protected]) and then supply a subject, a message body, and hit send. A moment later the following email arrived from the Exchange System:

Your message did not reach some or all of the intended recipients.

Subject: test Sent: 4/27/2011 11:43 AM
The following recipient(s) cannot be reached: on 4/27/2011 11:42 AM            You do not have permission to send to this recipient.  For assistance, contact your system administrator.            MSEXCH:MSExchangeIS:/DC=local/DC=domain:servername


The first thing to check was that the user has the ability to send on behalf of the “Promoter” account:

On the SBS2003 server, go to Server Management. Click on the View menu and checkmark the “Advanced Features”. Then browse   -> Active Directory Users and Computers -> Domain.local ->MyBusiness ->Users -> SBSUsers

Right click on the account that the user is trying to send on behalf of (in this case “Promoter”). Click on the Exchange General tab. Click on the Delivery Options… button. Under Send on behalf, make sure the user that is trying to send as is listed under “Grant this permission to:”. If not, click the Add button… and add the user.

Next, in Server Management, browse to Advanced Management -> EXCHANGESERVERNAME (Exchange) ->Servers -> SERVERNAME -> Protocols -> SMTP

Right-click on “Default SMTP Virtual Server” and click Properties.

SMTP Properties.jpg
Click image to enlarge

Under the Access tab, click on the Relay… button

Under Relay Restrictions, “Only the list below” should be selected and Granted: the server’s IP address/SNM; and Granted loopback

Uncheck “Allow all computers which successfully authenticate to relay, regardless of the list above. Click on the Users… button. Under Permissions – Group or user names, make sure Authenticated Users has both Submit and Relay permission set to Allow. Click OK, OK, OK.

If any changes have been made to SMTP, right-click on Default SMTP Virtual Server under Protocols/SMTP and Stop/Start the Default SMTP Virtual Server.

Now, on the client, open a new mail message, remove the bad auto-resolving address, click on the From: button, select the account you wish to send from, and hit “Send”. See the 2nd paragraph of this post for further details on how to accomplish this part. The message should now be sent to the recipeint with the correct “From” address.