The Display Name provides a ‘hint’ as to what the permission is about. The list below provides more information on each of them.
ms-Exch-SMTP-Submit
If the SMTP receive session does not have this permission, it will fail to submit messages. It will fail both the “MAIL FROM” and “AUTH” command. The “AUTH” command will also fail as the credential might have been correct, but the authenticated user or computer will have no chance to do anything useful with the session.
ms-Exch-SMTP-Accept-Any-Recipient
If the SMTP receive session does not have this permission, the server will reject the “RCPT TO” command if the recipient domain does not match any accepted domain. You could call this permission also the Relay permission.
ms-Exch-SMTP-Accept-Any-Sender
If the SMTP receive session does not have this permission, the server will check sender address spoofing. If the spoofing check fails, the message gets rejected at either “MAIL FROM” or EOD (End Of Data), depending on which sender (envelop or message/header) was found to be spoofed.
ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
If the SMTP receive session does not have this permission, the server will reject “MAIL FROM” if the specified address is at an authoritative domain. (An authoritative domain is an administrative domain with at least one mail server responsible for the final delivery of messages addressed to that domain.)
ms-Exch-SMTP-Accept-Authentication-Flag
If the SMTP receive session does not have this permission, the server will ignore the AUTH= option that was specified on the “MAIL FROM” command. (Internally, Exchange Servers transfer anonymous messages using “AUTH=<>”.)
ms-Exch-Accept-Headers-Routing
If the SMTP receive session does not have this permission, the server will strip all “Received:” headers.
Note: This should only happen for client message submissions over SMTP, which is why by default ExchangeUsers do not get this permission. (See RFC 2476.)
ms-Exch-Accept-Headers-Organization
If the SMTP receive session does not have this permission, the server will strip all organization headers. Those headers all start with “X-MS-Exchange-Organization-“.
ms-Exch-Accept-Headers-Forest
If the SMTP receive session does not have this permission, the server will strip all forest headers. Those headers all start with “X-MS-Exchange-Forest-“.
ms-Exch-SMTP-Accept-Exch50
If the SMTP receive session does not have this permission, the server will not accept the “XEXCH50” command.
Note: This command is necessary for interoperability with Exchange2000 and Exchange2003. In an environment with only Exchange2007 servers, the “XEXCH50” command won’t be used once disabled.
ms-Exch-SMTP-Send-Exch50
If the SMTP send session does not have this permission, the server will not send the “XEXCH50” command.
ms-Exch-Send-Headers-Routing
If the SMTP send session does not have this permission, the server will strip all “Received:” headers.
ms-Exch-Send-Headers-Organization
If the SMTP send session does not have this permission, the server will strip all organization headers. Those headers all start with “X-MS-Exchange-Organization-“.
ms-Exch-Send-Headers-Forest
If the SMTP send session does not have this permission, the server will strip all organization headers. Those headers all start with “X-MS-Exchange-Forest-“.
ms-Exch-Bypass-Message-Size-Limit
If the SMTP receive session has this permission, the server will skip message size restrictions at the protocol level.
ms-Exch-Bypass-Anti-Spam
If the SMTP receive session has this permission, the server will pass this permission to anti spam agents, as to skip this message for anti-spam checks.
Looking once more at the sample output of the get-adpermission task and considering the permissions granted to ‘NT AUTHORITY\Authenticated Users’, this means that this SMTP Receive connector allows authenticated users:
1) to submit messages (ms-Exch-SMTP-Submit)
2) to send messages to any domain (ms-Exch-SMTP-Accept-Any-Recipient)
3) and their messages won’t be scanned for spam (ms-Exch-Bypass-Anti-Spam)
