If you receive the error You don’t have permission to perform this action while any user try to send an email, then you are in big trouble..
Some FAQ tell to go check the server DNS setting, to be sure it’s only internal’s DNS server listed there, but I found another cause for that problem.
It can happen when you do a CU (Cummulative Update) and the service get stuck in a Inactive state. No windows event log are logged too when such happen and your receive connector can still connect on port 25, but the server just look to do nothing.
To validate please run that powershell commandlet;
You can see some component in inactive state;
At this point you can put each component active, by issuing that command;
Set-ServerComponentState -Identity ServerName -Component HubTransport -State Active -Requester Functional
After all component are active it should be listed more like that;