| Event Id | 1710 |
| Source | MSExchangeTransport |
| Description | An SMTP client authenticated as user "NT AUTHORITY\ANONYMOUS LOGON" attempted to send as "User.one@domain.edu." Access was denied because the authenticated client does not have permission to Send As this SMTP address. Data: 0000: 05 00 07 80 ...? |
| Event Information | Cause: The four most common causes for these nondelivery reports (NDRs) are the following: 1) NDRs that contain a 5.7.1 error code occur if the Allow computers which successfully authenticate to relay check box is not selected on the SMTP virtual server. 2) NDRs that contain a 5.7.1 error code occur if the DNS tables are not configured correctly. Ensure that mail exchanger (MX) records point to the correct SMTP virtual server. 3) NDRs that contain a 5.7.1 error code occur if users have e-mail addresses that were created manually but do not match any existing recipient policies. As a general rule, proxy addresses should match at least one recipient policy. 4) 5.7.1 and 5.7.3 errors might also occur if you are using Microsoft Internet Security and Acceleration (ISA) Server 2000. If the external IP address of the server running ISA Server changes, and the IP address for the SMTP publishing rule is not updated to reflect the new IP address, an NDR results. In addition, if you do not restart the Isactrl service after changing the IP address in the SMTP publishing rule, an NDR results. Related events: Event ID: 1709, Event Source: MSExchangeTransport |
| Reference Links | Resolution: http://www.microsoft.com/exchange/techinfo/tips/trblsht_tip01.asp |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.