Edge Transport Server rejecting email (Domain Does Not Exist or You do not have permission to send)

We are using an Exchange 2007 Edge Transport Server with Domain Lookup (to verify that the sender is actually who they say they are).  We have one particular customer outside the company that is trying to email us, but she keeps getting these type of rejection messages ....

The following recipient(s) could not be reached:
user@ourcompany.com on 1/28/2008 4:47 AM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<naout-cinexs01.nasmtpout.emrsn.com #5.7.1 smtp;550 5.7.1 Sender ID (PRA) Domain Does Not Exist>

We have added her domains IP address into our allow list on the Edge Transport server, but that has not helped.  We believe the problem may be due to the fact that her company passes their mail through Postini, so adding her IP address to our Edge Transport Allow list probably isn't doing much.  She is going to try and check on the IP address Postini uses for forwarding mail, but I think it changes all the time.  As far as I know, there's no way to globally accept email from specific.user@domain.com, or maybe *@domain.com?  I guess that would cause problems when a spoofed email hits us from that address.  Has anybody else ran into these error messages before or a similar type of situation?  How did you resolve it?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

James MontgomeryCommented:
This sounds like an anti spam feature:

550 5.7.1 Sender ID (PRA) Not Permitted" - Antispam, Sender-ID check failed

So... what server is naout-cinexs01.nasmtpout.emrsn.com? yours or theirs?
mccrear1Author Commented:
The naout-cinexs01.nasmtpout.emrsn.com server is their server.  I think our Server tries to validate the sending address (with reverse DNS or something?) and the return-path does not match what is in the header of the email, so it thinks it is spam and rejects it?  What is happening is that the sender from company 1 is trying to automatically send us a file using some program (MIS-Robot).  Our system seems to be rejecting it saying "You do not have permission to send to this recipient....or Sender ID (PRA Domain Does Not Exist).  This must be the anti-spoofing part of Exchange 2007 Edge Transport Server, since the email generated from the MIS Robot has a different Sender Address: (user@company1.com........ this is the email address of the lady responsible for the file) and From Address:  (example.fail.mail.rr.com........ this is the address of the MIS-Robot server).  When the Sender/From aren't identicle, I think Exchange says "no thankyou".  When this user sends us a direct email (without the Robot, and the Sender: and From: address DO match........ both being user@company1.com), the email comes straight through without any problems.  I don't know if there is anything we can really do for her on our end?  Maybe she just needs to stop using the MIS-Robot so the Sender: and From: address will match, and our system won't think spoofing is going on?  I'm sure they are expecting us to come up with a solution on our end though since we are the ones rejecting it.  I hope I'm making sense here, Exchange 2007 is quite new to me.
James MontgomeryCommented:
have you tried the safelist aggregation? I think this may be the 'whitelisting' you are wanting...

mccrear1Author Commented:
I thought the Safe List specifically delt with spam, and that the anti-spoofing was separate?  I could be wrong.  I will give it a try.
mccrear1Author Commented:
Problem cleared up on its own.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.