This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 71%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDT%3C/text%3E%3C/svg%3E)
We have the requirement to use an Exchange SMTP Connector in order to send emails from third-party systems. Yet we have a mix out of SMTP Authentication with an AD user who has no mailbox on Exchange (all on-prem), and anonymous SMTP which connects to another dedicated Connector who allows anonymous replay. the later is restricted to particular IP addresses.
But we'd prefer to not use anonymous SMTP anymore, but only smtp auth instead. At the same time I did not want to create a bunch of mailboxes for different smtp auth users. I have asked this question a few years ago here already: https://social.technet.microsoft.com/Forums/en-US/50c1a28f-869a-4897-a805-c1ada00a2d1e/smtp-connector-with-auth-for-ad-user-only-without-mailbox?forum=Exch2016Adm
Jason Chao stated this is not possible. But as far as I can tell, we have such an user, that works for SharePoint Outgoing Email and also from a PowerShell command.
Send-MailMessage -smtpServer my.exchange.fqdn -credential smtpauth@company.com -from 'sophosxg@outside-company.com' -to 'mailbox.user@company.com' -subject 'Test Extern' -body 'whatever' -UseSsl
But it does not work for several other third-party systems, while authentication with an user who has a mailbox works.
I'd like to understand what the limitations here are, and whether a AD is required to have a mailbox on Exchange or not. Or can I eventually just set a certain attribute to thsi user, so that it also works with these systems in charge?
kind regards,
Dieter
I think I found the solution by myself.
Actually a certain AD user without mailbox needs ms-Exch-SMTP-Accept-Authoritative-Domain-Sender (or ms-Exch-SMTP-Accept-Authoritative-Any-Sender) extended right on the respective Send Connector. This can only by set (from what I know), via Exchange Management Shell.
Example:
Get-ReceiveConnector "<connector name>" | Add-ADPermission -User "<username>" -ExtendedRights "ms-Exch-SMTP-Accept-Authoritative-Domain-Sender"
For us this works then with services which it didn't before.
This way the user does not need to have a mailbox on Exchange.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Glad to hear the issue has been resolved.
Thanks for the sharing!