Delivery/Message Restrictions –> Accept Messages Only From, Send As/From and NDR
2010-11-23 Updated (Clarified)
2010-02-04 Initial Post
Tested against Exchange Server 2003 SP2
This applies to mailboxes, public folders, and distribution lists/groups (collectively referred to as mail-enabled objects).
I tried looking this up today to verify how I think this works and didn’t really find the details that I was looking for. It's just one of these things that we don't think much about until we run into an issue that requires more research into the specific feature. I ran into such a situation today and that's why I'm documenting this. Here are my notes:
1.) The entries you add to allow/disallow sending to a mail-enabled object must be mail-enabled objects themselves. This seems logical but I wasn’t sure since Exchange 200x is integrated with AD I thought that perhaps non-mail enabled AD objects could also be used.
2.) When sending as another mail-enabled object to a DL, for example, the mail-enabled object must be allowed to send to the DL, either directly or indirectly via group membership. To clarify, let’s walk through an example.
a. Jack has “send as” permission on a public folder named IT Help Desk. This means he can send e-mails that show IT Help Desk as the sender.
b. Jack sends an e-mail using, using Outlook, as IT Help Desk (he put that name in the From field) to the DL named Company – Everyone.
c. In order for the message to make it to the recipients, IT Help Desk must be allowed to send to Company – Everyone. Jack would only need permission to send to Company – Everyone if he was trying to send as himself.
e. Any mail-enabled object that doesn't have permission to send to the DL will get an NDR back. It's important to note that the NDR goes back to the address in the From field, so in 2b, the public folder IT Help Desk would get the NDR, not Jack. Jack must check IT Help Desk often to make sure that there are no NDRs in there. Because Jack would never get an NDR directly, he'd assume that all messages sent as IT Help Desk were delivered with no issues.
3.) If you want to allow an external address to send to a mail-enabled object, create a contact entry for the external address and add that contact to the allowed senders list.
4.) This seems logical, but is worth noting: If my mailbox is on server EXC01 and I send a message as Customer Service Mailbox, who's mailbox is on EXC02, the message will get sent from my mailbox on EXC01. I sent the message and the message went into my Sent Items folder, just like a regular message. EXC02 would only be involved if a reply was sent back, which would obviously go to Customer Service Mailbox on EXC02.
Tags: allow to send, distribution group, distribution list, public folder, send to permission