A few days ago, I was asked to track down what was, on the surface, a troubling problem with Exchange 2003: bounced messages to addresses I knew for a fact existed in the organization. They were both generating a 5.1.1 User unknown SMTP error.
As you can imagine, we have several distribution and security groups in our Active Directory deployment for various purposes. Mysteriously, two of these mail-enabled groups — we’ll call them Foo and Bar — had started bouncing messages sent to them externally. Both Foo and Bar were created years ago and had given me very little problems under both Exchange 2003 and Exchange 2007. I could send message to Foo internally and have it work, but Bar was completely toast.
Since Bar wasn’t working at all, I tackled that one first. Long story short: the group had somehow gotten purged from Active Directory. Whoops! Easy fix, though; create the group, give it the right email address, add the correct members, and voila! it’s fixed.
Except it’s not. Now Bar is doing the same thing Foo is doing: messages sent internally are fine, messages coming from the Internet are getting a lovely 5.1.1 error still. Time to pull up the objects in Exchange Management Shell and see what I can find:
[PS] C:\>Get-DistributionGroup Foo | fl ... RequireSenderAuthenticationEnabled : True ...
Oh, geez. Somehow, the “Require sender to authenticate” checkbox got turned on for this group; anonymous incoming connections aren’t authenticated, therefore Exchange won’t accept this group as a recipient. This setting is set to True by default when you create new distribution groups in EMS or EMC, BTW, so don’t forget to turn it off if you need to:
[PS] C:\>Set-DistributionGroup Foo -RequireSenderAuthenticationEnabled $False
Hope this helps!