Share via

451 5.7.3 Require XOORG extension to send mail

Андрей Михалевский 3,451 Reputation points
2023-03-07T09:30:52.8233333+00:00

Hi. Exchange 2016, on-premise.

I want relay mail from exchange to postfix.

Im change accepted domain to internal and create connector to postfix:

[PS] C:\Windows\system32>Get-SendConnector "Relay to Rupost" | fl *


PSComputerName               : exchange.testm.org
RunspaceId                   : de8101f3-7fbe-4a5d-90ed-db7285995616
PSShowComputerName           : False
DNSRoutingEnabled            : False
TlsDomain                    :
TlsAuthLevel                 :
ErrorPolicies                : Default
SmartHosts                   : {rupost.testm.org}
Port                         : 25
ConnectionInactivityTimeOut  : 00:10:00
ForceHELO                    : False
FrontendProxyEnabled         : False
IgnoreSTARTTLS               : False
CloudServicesMailEnabled     : False
Fqdn                         : exchange.testm.org
TlsCertificateName           :
RequireTLS                   : True
RequireOorg                  : True
Enabled                      : True
ProtocolLoggingLevel         : Verbose
SmartHostAuthMechanism       : None
AuthenticationCredential     :
UseExternalDNSServersEnabled : False
DomainSecureEnabled          : False
SourceIPAddress              : 0.0.0.0
SmtpMaxMessagesPerConnection : 20
ConnectorType                : Default
SmartHostsString             : rupost.testm.org
CertificateSubject           :
Region                       : NotSpecified
AddressSpaces                : {smtp:testm.org;1}
ConnectedDomains             : {}
IsScopedConnector            : False
IsSmtpConnector              : True
Comment                      :
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {EXCHANGE}
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : EXCHANGE
MaxMessageSize               : 35 MB (36,700,160 bytes)
AdminDisplayName             :
ExchangeVersion              : 0.1 (8.0.535.0)
Name                         : Relay to Rupost
DistinguishedName            : CN=Relay to Rupost,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),C
                               N=Administrative Groups,CN=Test-M,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=testm,DC=org
Identity                     : Relay to Rupost
Guid                         : 1fd5e35b-426b-40ef-ab91-a1fdc524fdf2
ObjectCategory               : testm.org/Configuration/Schema/ms-Exch-Routing-SMTP-Connector
ObjectClass                  : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}
WhenChanged                  : 07.03.2023 12:08:42
WhenCreated                  : 20.02.2023 17:25:58
WhenChangedUTC               : 07.03.2023 9:08:42
WhenCreatedUTC               : 20.02.2023 14:25:58
OrganizationId               :
Id                           : Relay to Rupost
OriginatingServer            : dc.testm.org
IsValid                      : True
ObjectState                  : Unchanged

But i got error. Can you tell me what the problem may be?: 


LastError : [{LED=451 4.4.395 Target host responded with error. -> 451 5.7.3 Require XOORG extension to send mail};{MSG=};{FQDN=192.168.81.10};{IP=192.168.8
            2:01:02}]
Exchange | Exchange Server | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Aholic Liang-MSFT 13,886 Reputation points Microsoft External Staff
    2023-03-08T08:12:59.3366667+00:00

    Hi @ Андрей Михалевский

    Just want to determine if your Exchange environment is a hybrid deployment?

    When I researched this error, I found that the XOORG command was only understood by Exchange.

    In cases where the sender is external (like forward scenario) the XOORG use the default accepted domain. The following two conditions are checked on the on-premises Server:

    1.If the Receive connector TlsDomainCapabilities is set to AcceptedCloudServicesMail,

    2.If the XOORG Domain mentioned with MAIL FROM Command matches on-premises Accepted Domain or matches any remote domains with TrustedMailInboundEnabled set to true.

    If the above conditions are true, on-premises server will treat the connection as Authenticated and will promote cross premises headers to org headers.

    X-OriginatorOrg: contoso.com

    In addition, it is recommended that you use the rule to add X-OriginatorOrg headers when relaying to see if it works.

    More information about XOORG can be found here:Advanced Office 365 Routing: Locking Down Exchange On-Premises when MX points to Office 365 - Microsoft Community Hub

    Hope the above information is helpful to you!

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.