Thursday, April 14, 2011

How to fix "550 5.1.1 User unknown" Error when Sending to a Distribution Group

You may find that after you create a new distribution group in Exchange 2010, you cannot send SMTP email to it from the Internet or internal relay hosts.  When you do, you receive a "550 5.1.1 User unknown" error .  If you send email to the distribution group internally using Outlook or OWA, it works just fine.

This happens because Exchange 2010 automatically sets the attribute Require that all senders are authenticated to enabled by default. 

To clear this setting, view the properties of the distribution group and double-click Message Delivery Restrictions on the Mail Flow Settings tab:


Then clear the checkbox for Require that all senders are authenticated and click OK.



At first I thought this might be due to the fact that my client is using Edge Transport servers and that the Block messages sent to recipients that do not exist in the directory setting was enabled.  This is shown below from the Edge server's Recipient Filtering properties:


I tested this by running the following cmdlet:
Test-EdgeSynchronization -VerifyRecipient zzz.domain.com
Sure enough, the result shows, NotSynchronized - Recipient doesn't exist in source Active Directory, as shown below:


Somewhat surprisingly, this result does not change when Require that all senders are authenticated is disabled.

I can't believe I've never run into this until now. 

Before you ask, there is no way to change the default behavior of Exchange 2010 to create all distribution groups with the authentication setting set to disabled (unchecked). 3:39 PM