• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2353
  • Last Modified:

Exchange 2007 - 550 5.7.1 Client does not have permissions to send as this sender

Hi there,

A client has an SBS 2008 server running Exchange 2007 SP1 Rollup9 installed.
They have a website that takes orders and sends an email (using PHP mailer) to the clients email address.

now as it is only in the testing phase he is using himself as the from address and to address.
He is receiving bounce backs

Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
    SMTP error from remote mail server after MAIL FROM:<user@somewhere.com.au> SIZE=16881:
    host mail.somewhere.com.au [203.161.xxx.xxx]:
    550 5.7.1 Client does not have permissions to send as this sender

Now from what I believe is the problem is that when the website is sending the email to his address it is hitting the SBS box and the exchange server is thinking that is is a Spoofed email. As it is being sent from an external address/email server and it is being addressed to the same address as it is from.

So in order to get around this I have tried creating a new receive connector and setting it up for anonymous authentication but locking it down by only allowing the IP address of that one external server.

That didn't work so i also added some Extended Right

This still doesn't seem to be working - any advice on where I am going wrong?
*Please note I have nothing to do with setting up the web site - only administering the the SBS domain.
  • 6
  • 5
1 Solution
did you restart the transport service after giving the extend rights /?

is the new connector you have created listening to a dedicated IP other than the default connector ?
LindenTechAuthor Commented:
Yep - restarted the transport service each time I made a change in the Exchange Management Shell.

And the connector is listening on all available IPv4 Addresses.
I was wondering if it was somehow being blocked by another receive connector = but have already created another anonymous receive connector on that exchange server for the scanning machine to use for scan to email functionality.
Is there any kind of prioritisation between the connectors?
you cannot have 2 connectors listening to a single IP or to all available IPs

you will need to have the default listening on all available IPs and the one you created to a dedicated one.

In other terms you need another IP addrss on exchange just for that connector
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

LindenTechAuthor Commented:
OK- thanks for the reply Akhater.

How am I supposed to add another IP?

the server is only configured with one internal IP
the ADSL connection only has one IP address - and if mail is coming in on port 25 - how is it supposed to distinguish to send only smtp traffic from a specific external  IP address to that new IP address?Is it just a matter of adding in another IP address into the new SMTP receive connector?
This application of yours is communicating with your exchange server on your internal or public IP ?
LindenTechAuthor Commented:
The application is external in a co-lo that is hosting the website and the php mailer is then trying to deliver to the SBS box via internet using SMTP.
OK so it uses the real IP and you do not have 2 right ?

is it sending emails to users inside your exchange organization or outside ?
LindenTechAuthor Commented:
It is sending emails into the organisation to notify them of actions made on the website..

 I am thinking that I maybe change the from address if possible to a fictitious domain - but not sure if they will also need the capacity to have it send emails to other domains and that people will need to be able to reply to an address that will be inside the domain.

Ie change the form address to website@website.com.au - but then it may fail on spf or other spam filters.
also if people then replied to that address it would go no where.
You have 3 options

1) would be to let the dedicated listener to use another port other than 25 something like 2525 and let your application talk to it using on that port

2) Get another real IP for your exchange server

3) find a way for your application to authenticate against exchange to be able to send

using a fictitious from address  will not solve the problem since the connector will not allow you to relay to external domains anyway
LindenTechAuthor Commented:
Thanks Akhater,

I really appreciate efforts and quick responses. You helped me learn something more about Exchange today.

It looks like I am going to have to get in touch with the web developers and see if they can change the SMTP send port from there app, or see what way it can auth with the mail server.
You are most welcome, if you need more help feel free to update this thread or contact me
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now