We just upgraded a customer to Exchange 2013 from Exchange 2010. The 2010 machine is still in place, but all the mailboxes have been moved over to the 2013 machine.
The users have absolutely no problem exchanging mail inside or outside with Outlook, Activesync etc.
However, a few users have to send emails from a 3rd party program that just uses SMTP. With this, it fails with:
550 5.7.1 Client does not have permissions to send as this sender
To troubleshoot I used telnet into the SMTP server. It connects fine, takes the AUTH LOGIN with their username and password successfully, but then rejects sending the email, even though it is their own email address, and listed under their user.
I'm really out of ideas here. It worked fine before with Exchange 2010 and I don't remember doing anything special.
EDIT: I just noticed that it does seem to work with my account.
EDIT 2: Created a test user and it works for them as well. It must be something going on with only some accounts.
EDIT 3: I added them as being able to send to their own account in the Exchange admin center. This allowed the email to go through. I don't quite understand why this would need to be since my account is not set that way and works correct. Obviously something is still wrong, but at least this buys me time.
Another thing I tried was adding the "NT AUTHORITY\SELF" account send permissions on the mailbox. It appears this fixes the problems for a lot of people, but in my case that permission was already set.
Best Answer
I finally called Microsoft to get this resolved. The issue appeared to be permissions on the "Client Proxy" HubTransport receive connector. They went into ADSI Edit, Configuration -> Services -> Microsoft Exchange -> DOMAINNAME -> Administrative Groups -> Exchange Administrative Group -> Servers -> SERVERNAME -> Protocols -> SMTP Receive Connectors, then went to the properties for the "Client Proxy SERVERNAME" entry.
Then, on the security tab, went to "Authenticated Users" and made sure "Accept any Sender" and "Accept Authoritative Domain Sender".
Once these were set it began working. I'm not sure what the defaults would be, and if these are the defaults, why ours was not set to that. We didn't change anything with the built in receive connectors.