User to send as anyone in Exchange?

exchange

I have a .NET program -- a Windows Service -- that connects to Exchange to send email. The goal is to allow it to send email appearing to be from any number email addresses within the domains my employer owns. The program is authenticating with an Active Directory account -- called "AutoMail" -- and the problem is that Exchange is giving the following error response code:

System.Net.Mail.SmtpException: Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send as this sender
   at System.Net.Mail.MailCommand.CheckResponse(SmtpStatusCode statusCode, String response)
   at System.Net.Mail.MailCommand.Send(SmtpConnection conn, Byte[] command, String from)
   at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
   at System.Net.Mail.SmtpClient.Send(MailMessage message)
   at ConsoleApplication1.Program.Main(String[] args) in C:\WorkingCode\ConsoleApplication1\ConsoleApplication1\Program.cs:line 38

When I change the network credentials to my A/D login and send email as being from me, it works with no problem.

So my question is: can the AutoMail user be configured from the Exchange side to be allowed to send email as any validly formatted email address? If so, how?

For reference, here's the C# code in use:

MailMessage mail = new MailMessage();
mail.From = new MailAddress("[email protected]");
mail.To.Add("[email protected]");
mail.Subject = "This is an email";
mail.Body = "This is a test. <b>This is bold</b> <font color=#336699>This is blue</font>";
mail.IsBodyHtml = true;
SmtpClient smtp = new SmtpClient();
smtp.Host = "172.16.1.33";
smtp.UseDefaultCredentials = false;
smtp.Credentials = new NetworkCredential("AutoMail", "password");
smtp.Send(mail);

By actually logging in via Exchange hooks, you are subject to sender validation. There are permissions that need to be set in order to impersonate someone, which was done intentionally by Microsoft. The permission you're looking for is "Send As". This kind of operation is required by a Blackberry Enterprise Server, so isn't unusual.

The way we solved it is to give the user (AutoMail in your case) a specific ACL to the Domain object in AD. The Apply To is for 'Decedent User Objects', and with only the "Send As" box checked. This will cause all User objects in the domain (unless they're in a container with rights inheritance turned off) to allow AutoMail to impersonate them.

Send-as user permission example
(source: sysadmin1138.net)

Related

POSTFIX Won't Start says: bind 0.0.0.0 port 25: Address already in use, what should i do?
SSH closes connection after login Exit status 254
How do you NAT Hairpin in IOS 8.3+
Supervisor process exits with 'exit status 1; not expected'
Why was the FTP protocol designed to use more than one port?
Yum install php-pecl-memcached - No package found (Have epel-release-6-8.noarch.rpm)
Finding all domain names that resolve to the same ip?
tcpdump shows traffic until I use a filter
Nslookup not using hosts file
How can I stop Azure from randomly replacing network cards on VMs?
Close locked file in Windows Share using Powershell and Openfiles
How do I migrate from RHEL 5 to CentOS 5?