550 5.7.64 TenantAttribution; Relay Access Denied SMTP.

Anas, Mohd 0 Reputation points
2024-02-15T03:39:31.2966667+00:00

I relay email through Exchange Online Protection from on-premises Internet Information Services (IIS) SMTP server. I have an inbound connector that's set to on-premises and has certificate validation enabled. In this scenario, mail isn't relayed through Exchange Online Protection. Additionally, i receive the following error message: 550 5.7.64 TenantAttribution; Relay Access Denied SMTP.

Public certificate is available and i have verified the Root CA , SAN entries as well CN but still This problem occurs in one of the 2 servers, The primary server is up and running with the same Public SSL certificate, the Secondary on-premises server is not sending the required certificate chain during the Transport Layer Security (TLS) handshake to Exchange Online. Hence the external flow is impacted.

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,188 questions
Windows development | Internet Information Services
Windows for business | Windows Server | User experience | Other
{count} votes

3 answers

Sort by: Most helpful
  1. Lex Li 6,037 Reputation points
    2024-02-17T04:49:43.2566667+00:00

    You are not supposed to use the SMTP server feature of Windows Server, as it has been deprecated for more than a decade, https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831568(v=ws.11) Since Microsoft does not provide a replacement, you might consider a third party SMTP server.

    1 person found this answer helpful.

  2. Yuki Sun-MSFT 41,376 Reputation points Moderator
    2024-02-15T07:50:34.6533333+00:00

    Hi @Anas, Mohd , From the description, agreed that it's likely to be an issue because the affected server is not sending the required certificate chain during the Transport Layer Security (TLS) handshake to Exchange Online.
    Please try following the instructions in the following document and see if it can help fix the issue:

    "550 5.7.64 TenantAttribution" when sending emails through Exchange Online Protection


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Yuki Sun-MSFT 41,376 Reputation points Moderator
    2024-02-20T07:21:51.42+00:00

    Hi @Anas, Mohd ,

    I have an inbound connector that's set to on-premises and has certificate validation enabled

    Have you tried adding the IP of the secondary sever to the existing inbound connector and check how it goes?

    Reference: "550 5.7.64 TenantAttribution" when sending mail externally in Microsoft 365.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.