Exchange: You don’t have permissions to send to this recipient
Exchange 2003 environment Mail is working fine 99.9% of the time, e-mail out, e-mail in, no issues. Then every once in a while lately I will see users that get messages from the System Adminitrator account that say, "Your message did not reach some or all of the intended recipients. The following recipient(s) cannot be reached: tom@mail.com on ... You do not have permission to send to this recipient. For assistance, contact... This only happens here and there, so it isn't like a permission is there one minute and then gone the next. Any ideas on where to start looking for a problem that only happens here and there?
Software/Hardware used:
Exchange 2003 on Dell PowerEdge
Software/Hardware used:
Exchange 2003 on Dell PowerEdge
ASKED:
August 18, 2009 1:48 PM
UPDATED:
November 6, 2009 3:31 PM
Answer Wiki:
Check the account they get the message for in AD and make sure there are no restrictions on delivery to that account. We have some accounts noone is allowed to send to without permission. Are the same people denied permission to send to the same account every time? I find it hard to believe this is truly 'random". If it is, I would definitely call Microsoft for support on this one as it is NOT normal behavior for Exchange.
Also check that they are not sending from a shared mailbox. By default, any user other than the mailbox owner is not allowed to send from it ("send as" permissions).
To see all answers submitted to the Answer Wiki: View Answer History.
Random users get the “don’t have permission to send to this recipient.” If I asked them right now to try again, it would work. The receiver can be anything from a company we deal with to a hotmail or gmail account.
I could also just be something where the exchange server can’t authenticate the user to AD but just trying to track down the possible issue.
If these undeliverable messages are coming mainly from email addresses outside your company’s email system, then what they are seeing is intermittent issues at the recipient’s end. The recipient system’s gateway may be down, the recipient’s mailbox may be full, the list goes on and on. SMTP gateways can be configured to provide all kinds of custom messages to indicate error conditions that they encounter, and in many cases those error messages are pretty useless or inaccurate. The bottom line is, you have no control over what happens with email once it leaves your network. If there are problems at the receiving end of where a message is going, there is no guarantee that you will get accurate or timely feedback as to what error was encountered. SMTP communications are best effort only, and some efforts are really good while others are truly lacking. I have to remind the email users I support about that every so often. If they want guaranteed delivery results, that’s what Fed Ex, UPS and others get paid to do.
Now if the non-delivery messages are coming from users mailboxes within your Exchange system, it’s time to get on the phone with Microsoft and have them try to explain what’s going on and where to look for potential problems. You are correct, permissions don’t just change momentarily and revert back. If they do, your AD infrastructure is in need of a serious health check.