Exchange 2007 - 550 5.7.1 Client does not have permissions to send as this sender

Hi there,

A client has an SBS 2008 server running Exchange 2007 SP1 Rollup9 installed.
They have a website that takes orders and sends an email (using PHP mailer) to the clients email address.

now as it is only in the testing phase he is using himself as the from address and to address.
He is receiving bounce backs

Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
  user@somewhere.com.au
    SMTP error from remote mail server after MAIL FROM:<user@somewhere.com.au> SIZE=16881:
    host mail.somewhere.com.au [203.161.xxx.xxx]:
    550 5.7.1 Client does not have permissions to send as this sender

Now from what I believe is the problem is that when the website is sending the email to his address it is hitting the SBS box and the exchange server is thinking that is is a Spoofed email. As it is being sent from an external address/email server and it is being addressed to the same address as it is from.

So in order to get around this I have tried creating a new receive connector and setting it up for anonymous authentication but locking it down by only allowing the IP address of that one external server.

That didn't work so i also added some Extended Right
MS-Exch-SMTP-Accept-Any-Sender
MS-Exch-SMTP-Accept-Any-Recipient
MS-Exch-SMTP-Bypass-Anti-Spam

This still doesn't seem to be working - any advice on where I am going wrong?
*Please note I have nothing to do with setting up the web site - only administering the the SBS domain.
LindenTechAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkhaterCommented:
did you restart the transport service after giving the extend rights /?

is the new connector you have created listening to a dedicated IP other than the default connector ?
0
LindenTechAuthor Commented:
Yep - restarted the transport service each time I made a change in the Exchange Management Shell.

And the connector is listening on all available IPv4 Addresses.
I was wondering if it was somehow being blocked by another receive connector = but have already created another anonymous receive connector on that exchange server for the scanning machine to use for scan to email functionality.
Is there any kind of prioritisation between the connectors?
0
AkhaterCommented:
you cannot have 2 connectors listening to a single IP or to all available IPs

you will need to have the default listening on all available IPs and the one you created to a dedicated one.

In other terms you need another IP addrss on exchange just for that connector
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LindenTechAuthor Commented:
OK- thanks for the reply Akhater.

How am I supposed to add another IP?

the server is only configured with one internal IP
the ADSL connection only has one IP address - and if mail is coming in on port 25 - how is it supposed to distinguish to send only smtp traffic from a specific external  IP address to that new IP address?Is it just a matter of adding in another IP address into the new SMTP receive connector?
0
AkhaterCommented:
This application of yours is communicating with your exchange server on your internal or public IP ?
0
LindenTechAuthor Commented:
The application is external in a co-lo that is hosting the website and the php mailer is then trying to deliver to the SBS box via internet using SMTP.
0
AkhaterCommented:
OK so it uses the real IP and you do not have 2 right ?

is it sending emails to users inside your exchange organization or outside ?
0
LindenTechAuthor Commented:
It is sending emails into the organisation to notify them of actions made on the website..

 I am thinking that I maybe change the from address if possible to a fictitious domain - but not sure if they will also need the capacity to have it send emails to other domains and that people will need to be able to reply to an address that will be inside the domain.

Ie change the form address to website@website.com.au - but then it may fail on spf or other spam filters.
also if people then replied to that address it would go no where.
0
AkhaterCommented:
You have 3 options

1) would be to let the dedicated listener to use another port other than 25 something like 2525 and let your application talk to it using on that port

2) Get another real IP for your exchange server

3) find a way for your application to authenticate against exchange to be able to send




using a fictitious from address  will not solve the problem since the connector will not allow you to relay to external domains anyway
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LindenTechAuthor Commented:
Thanks Akhater,

I really appreciate efforts and quick responses. You helped me learn something more about Exchange today.

It looks like I am going to have to get in touch with the web developers and see if they can change the SMTP send port from there app, or see what way it can auth with the mail server.
0
AkhaterCommented:
You are most welcome, if you need more help feel free to update this thread or contact me
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.