This one is not that big of a deal, and is a DUH on my part, but it may be something someone else runs into so I am going to post it.
Senario: User has a shared mailbox (SB1) that he wants to receieve email, and then foward it to his Personal mailbox (PM1) and an external user (EU1).
Solution: you need to setup a contact for EU1 that points to the users external email address. Setup a distribution group that contains the contact for EU1 as well and PM1. Then go into the mailbox settings and set it up so that the Delivery of email to SB1 is fowarded to the distribution group. That will make it so that if someone sends an email to SB1, it will go to SB1, PM1, and EU1.
Problem: But here is the problem. The forward worked correctly for internal emails, but did not work for external emails. I had no idea that the little checkbox on the Distribution list that requires authentication works for forwards as well. So if you want email from an outside address to foward correctly, you have to take off the check box for “Require that all senders are authenticated” on the distribution groups Message Delivery Restrictions settings.
To verify that this is the issue, you will want to check the message tracking logs and see if you can find one that shows the failure. Then look for a “Recipient Status of 550 5.7.1 RESOLVER.REST.AuthRequired; authentication required”
To do this, I used the following command.
get-transportserver | get-messagetrackinglog -messagesubject "PUT SUBJECT HERE" -start 8/2/2012 -EventID Fail | FL | more
I always put a get-transportserver before any message tracking log commands. We have several HUB servers, and this command will then search the traking logs for ALL of the HUB servers.
Note: To make sure you don’t confuse the heck ot of your end users you will want to make the DL you created for the forward, as well as the Contact to the external user hidden from the address book.
I hope that is now clear as mud. Comment if you have questions, or suggestions on how to do this. I don’t like using rules in the actual mailbox because they are harder to maintain than the ability to use the EMC and powershell.