Share via

External Emails Bouncing off Relay

Anonymous
2018-10-29T15:00:36+00:00

I have an SMTP relay configured and a connector based on IP. If I send an email to an address at our Office 365 domain it works and sends the mail on. If I email an eternal domain, gmail.com for example, I get this error:

 status=bounced (host my-domain.mail.protection.outlook.com[213.199.154.170] said: 550 5.7.64 TenantAttribution; Relay Access Denied [DB5EUR01FT038.eop-EUR01.prod.protection.outlook.com]

The connector is working as the mail to my domain relay and if I turn the Connector off all email fails. Does anyone have an pointers as to why there is a relay problem with externally destined emails?

Thanks,

Sam

Microsoft 365 and Office | Subscription, account, billing | For business | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2018-11-01T10:15:27+00:00

    Hi FatalEnema,

    We haven’t heard back from you. Do you have any updates with this situation?

    Best Regards,

    Sylvie

    Was this answer helpful?

    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. Anonymous
    2018-10-29T15:31:30+00:00

    Hi FatalEnema,

    Based on my research, This problem occurs if the on-premises server is not sending the required certificate chain during the Transport Layer Security (TLS) handshake to Exchange Online. Would you please try the following steps to see if it works for you?

    1. Get the list of intermediate certificates from the issuer of the third-party certificate.
    2. Export the intermediate certificates from the affected server.
      1. Open the Certificates snap-in on the affected server.
      2. Select Computer account, and then click Local Computer.
      3. In the console tree, expand Personal, and then click Certificates.
      4. Double-click the third-party certificate that's associated with the SMTP service, and then click the Certification Path tab.
      5. Select the intermediate certificate in the certificate path that's listed, click View Certificate, and then click Copy to File on the Details tab.
      6. On the Export File Format page, select DER encoded binary X.509 (.CER), and then click Next.
      7. On the File to Export page, select the file name and path, click Next, and then click Finish.
      8. If there's more than one intermediate certificate in the certificate path, repeat step 2C tthrough step 2F for every intermediate certificate in the path.
    3. Import the intermediate certificates that you exported in step 2 to the intermediate certification authorities (CAs) on the sending server. To do this, run the following command in an elevated Windows PowerShell session:

    Get-ChildItem –Path c:\import\intermediateca.cer | Import-Certificate –CertStoreLocation cert:\LocalMachine\CA 

    More details, please refer to the following link:

    https://support.microsoft.com/en-sg/help/3212877/550-5-7-64-tenantattribution-relay-access-denied-smtp-error-when-sendi

    Best regards,

    Coldwell

    Was this answer helpful?

    0 comments