You are not supposed to use the SMTP server feature of Windows Server, as it has been deprecated for more than a decade, https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831568(v=ws.11) Since Microsoft does not provide a replacement, you might consider a third party SMTP server.
550 5.7.64 TenantAttribution; Relay Access Denied SMTP.
I relay email through Exchange Online Protection from on-premises Internet Information Services (IIS) SMTP server. I have an inbound connector that's set to on-premises and has certificate validation enabled. In this scenario, mail isn't relayed through Exchange Online Protection. Additionally, i receive the following error message: 550 5.7.64 TenantAttribution; Relay Access Denied SMTP.
Public certificate is available and i have verified the Root CA , SAN entries as well CN but still This problem occurs in one of the 2 servers, The primary server is up and running with the same Public SSL certificate, the Secondary on-premises server is not sending the required certificate chain during the Transport Layer Security (TLS) handshake to Exchange Online. Hence the external flow is impacted.
Exchange Online
Windows development | Internet Information Services
Windows for business | Windows Server | User experience | Other
3 answers
Sort by: Most helpful
-
-
Yuki Sun-MSFT 41,376 Reputation points Moderator
2024-02-15T07:50:34.6533333+00:00 Hi @Anas, Mohd , From the description, agreed that it's likely to be an issue because the affected server is not sending the required certificate chain during the Transport Layer Security (TLS) handshake to Exchange Online.
Please try following the instructions in the following document and see if it can help fix the issue:"550 5.7.64 TenantAttribution" when sending emails through Exchange Online Protection
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
Yuki Sun-MSFT 41,376 Reputation points Moderator
2024-02-20T07:21:51.42+00:00 Hi @Anas, Mohd ,
I have an inbound connector that's set to on-premises and has certificate validation enabled
Have you tried adding the IP of the secondary sever to the existing inbound connector and check how it goes?
Reference: "550 5.7.64 TenantAttribution" when sending mail externally in Microsoft 365.