locked
Exchange 2010: how can an user send email as another user without Send As permission RRS feed

  • Question

  • I just noticed this issue today. User A can send email as some other users (not all users) without "Send As", "Full permission". (i.e. A colleague can send an email as my account to me. I'm sure he does not have permission on my account.

    Does anyone know if there is an known issue in Exchange 2010 SP1 RU5? 

    I'm still working on the cause.

    Thank you,


    JohnnyW2012

    Tuesday, September 10, 2013 7:10 PM

All replies

  • I would run the Get-ADPermission cmdlet against the mailbox in question.

    get-mailbox you@yourdomain.com | Get-ADPermission | fl

    Is the other user shown with any sort of permissions?

    You can try Get-MailboxPermissions too.

    I believe SendAs would be associated with Get-ADPermissions.

    *

    I think you can single out the user in question with something like this:

    get-mailbox you@yourdomain.com | Get-ADPermission | where {$_.User -like *bob*}

    Or {$_.User -like "*bob*"}

    Not 100% sure about the syntax there and am not close to a machine to test.

    *

    If very precise permissions were granted elsewhere (on the object properties in Active Directory perhaps) those permissions many not be reflected in the GUI (I say may not).


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Tuesday, September 10, 2013 11:30 PM
  • Yup, I run this command to query Send As permission but nothing unusual. 

    Get-Mailbox myuserid | Get-ADPermission | where {($_.ExtendedRights -like "*Send-As*") -and -not ($_.User -like "NT AUTHORITY\SELF")} | FT -Wrap

    Result: this result was same as from EMC.

    Identity             User                 Deny  Inherited
    --------             ----                 ----  ---------
    ABCD.Corp/OU/UserID  S-1-5-21-2461445789- False False
        2236983770-398640140
                         9-42434
    ABCD.Corp/OU/UserID  ABCD\SVCGMCADM       False True

    ABCD.Corp/OU/UserID  ABCD\SVCGMCADM01     False True

    ABCD.Corp/OU/UserID  ABCD\SVCBESADM       False True

    ABCD.Corp/OU/UserID  ABCD\UnityMsgStoreSv False True

    ABCD.Corp/OU/UserID  ABCD\UnityMsgStoreSv False True


    JohnnyW2012

    Wednesday, September 11, 2013 5:54 AM
  • Good Day JohnnyW2012

    I`ve justed faced with the same problem, some users could send emails as other users without "Send As", "Full permission". 

    Did you find any answer?

    Thank you.

    Friday, October 4, 2013 12:01 PM
  • It's security permission at the OU level. I don't have time to look for details yet. 

    Your "some users" should be in certain AD security group which has been delegated with "Send As" Rights at OU.

    Look into the security permission details for those users in "Advanced Security Settings for Users". They must have "Send As" permission".

    Thanks,


    JohnnyW2012

    Wednesday, October 9, 2013 8:00 AM
  • Check the permission for the user against user A in advanced view from there you can negotiate whether OU level or  inherited Group permission. Thanks
    Monday, November 18, 2013 10:55 AM
  • Could well be an issue with SP1 RU5, it's not supported. Get yourself to SP3 RU3 to be in a supported state.  Then test again.

    Sukh

    Monday, November 18, 2013 11:05 AM
  • Your Exchange server may be in open relay where they connect using telnet <Server IP> port 25 and they can uses SMTP commands to send email to your account....

    Telnet x.x.x.x 25

    Mail From:

    Rcpt To:

    Data:


    Exchange Queries

    Monday, November 18, 2013 11:05 AM