Discovered today that the directory synchronization tool copies permissions with distribution lists.
DirSync syncs the following AD attributes that control who can and cannot send to a DL:
· AuthOrig (Authorized Originators: Only these Users can send to the DL)
· UnauthOrig (Unauthorized Originators: Anyone BUT these users can send to the DL)
· dLMemRejectPerms (Unauthorized DLs: Anyone but members of these DLs can send to this DL)
· dLMemSubmitPerms (Authorized DLs: No one but members of these DLs can send to this DL)
· msExchRequireAuthToSendTo (Only Authenticated Senders can send to the DL, blocks External senders, doesn’t work for other CCS customers)
You can control this in the Exchange 2007 Message delivery system UI or in AD.
Thanks to Tarkek Dawoud in BPOS engineering for this detail.