Exchange 2007 & Distribution Groups

ainsofainsof Member Posts: 5 ■□□□□□□□□□
1. I have delegated administration of a DL to a given user, but really
don't feel comfortable having her add / remove contacts through AD or the
Exchange Mgmt Console. What else can be used, or how can I totally restrict
her activites to only add / remove if she has to use either of the above
tools?

2. Also regarding DLs: A given distribution list made up of employees and
outside contacts; only employees are allowed to post / reply to emails sent
out across the listserv. Management wants to change this so that external
contacts can also reply / post to the list. How do I do this?

Comments

  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    If I remember correctly on EMC, you will go to the properties of the DL that you are trying to configure and enable "Anonymous Access" this gives external user ability to send out email to this DL.
  • ainsofainsof Member Posts: 5 ■□□□□□□□□□
    Thank you jbaello. Are you referring to:

    [DL name] > Properties > Mail Flow Settings > Message Delivery Restrictions > (uncheck) "Require that all Senders are Authenticated" ?

    Unfortunately, this does not work

    Users still get this error: "#550 5.7.1 RESOLVER.RST.AuthRequired; authentication required ##"

    Can you figure that? Any other ideas?
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    ainsof wrote:
    Thank you jbaello. Are you referring to:

    [DL name] > Properties > Mail Flow Settings > Message Delivery Restrictions > (uncheck) "Require that all Senders are Authenticated" ?

    Unfortunately, this does not work

    Users still get this error: "#550 5.7.1 RESOLVER.RST.AuthRequired; authentication required ##"

    Can you figure that? Any other ideas?

    I was referring to DL in exchange 07, you can check the properties of this, and select authentication tab, and there you will see what type of authentication you want, this will give you the option for anonymous users, I will take a SS tonite, and post it here.
  • ClaymooreClaymoore Member Posts: 1,637
    ainsof wrote:
    1. I have delegated administration of a DL to a given user, but really
    don't feel comfortable having her add / remove contacts through AD or the
    Exchange Mgmt Console. What else can be used, or how can I totally restrict
    her activites to only add / remove if she has to use either of the above
    tools?

    2. Also regarding DLs: A given distribution list made up of employees and
    outside contacts; only employees are allowed to post / reply to emails sent
    out across the listserv. Management wants to change this so that external
    contacts can also reply / post to the list. How do I do this?

    1. The DL can be managed through Outlook as well. You can go to the address book, open the DL and then add or remove users as necessary. I have an instruction document that I put together for our supervisors if you want it, but I won't be back into the office until next week.

    2. On one of the Exchange properties tabs of the DL in AD Users and Computers, you have the option to restrict whom may send to this list. Make sure the All Users option is checked and not the 'Only those listed below' option.
  • ainsofainsof Member Posts: 5 ■□□□□□□□□□
    jbaello:

    Yup, Exchange 07, there with ya, but I might be confused here. I don't see an Authentication tab when I select Properties of a DL in the EMC. Here's the path I'm following in EMC:

    Recipient Configuration > Distribution Group > [DL name] > Properties

    SS would be great. Thanks!


    Claymoore:

    Thanks for the offer. Any help would be great. I'd love to see the doc when you get the chance to send.

    Copy that on the "All users" option. It's already checked.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Regarding question #2

    Does the DL have an Internet SMTP address that your transport server will route authoritatively? Have you attempted to send it a message from the outside, and what is the error message you get (if any) when you do so, and what do the SMTPReceive logs say on the transport server (assuming you have logging enabled)?

    Regarding question #1

    If you've only delegated them as owner of a group and haven't elevated their rights on the domain or in exchange, I don't think you have to worry about locking it down any further. However, Claymoore's suggestion about adding managing the DL using Outlook is the best tool for them to use IMO. It's pretty straight forward, just go to the group in the GAL, Properties, and there will be a place for them to modify the membership.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • ainsofainsof Member Posts: 5 ■□□□□□□□□□
    blargoe wrote:
    Does the DL have an Internet SMTP address that your transport server will route authoritatively?

    Blargoe,

    I'm afraid I don't understand what you mean by that. Please explain further.

    I have been sending test emails from a Hotmail account, but receive the exact same reply as other external email Contacts.

    Also, what do you mean by GAL and is this in AD or the EMC? (Yes, I'm a total exchange noob :) )

    Pleae forgive the stupid questions, this setup and config was literally dropped in my lap.
  • ainsofainsof Member Posts: 5 ■□□□□□□□□□
    Ahh... GAL = Global Address List... okay...

    Now, in Outlook 2003, Contacts "folder", under the Actions drop-down, I only see options that allow for the creation of New Distribution lists or users for said lists.

    I don't see any of the DLs that this user is supposed to be a member of, and, when I go to Tools > Address Book to import a DL, the only objects in the GAL are employees of the organization I work for?

    Does this mean that our distribution lists have to be added manually to the GAL? If so, how?

    Thanks again... and again... and again...
Sign In or Register to comment.