We have a freshly installed Exchange 2010 server (on Server 2012) which coexisted with 2003 for a short time then the 2003 was peacefully removed.
All is going perfectly except we have found that no one @hotmail.com can send directly to our exchange domain, but they are able to reply just once.
The bounceback each time is...
Arrival-Date: Mon, 17 Mar 2014 17:42:20 -0700
Diagnostic-Code: smtp;550-Please turn on SMTP Authentication in your mail client, or login to the
550-IMAP/POP3 server before sending your message.
550-dub0-omc1-s5.dub0.hotmail.com [184.108.40.206]:38950 is not permitted to
550 relay through this server without authentication.
Our domain has valid SPF record, and sends all outbound through McAfee SAAS email security service. Inbound has MX records sending email to McAfee then down to our server.
The receive connector is set to only allow the two McAfee server ranges to send in, I did allow ALL to send but this made no difference.
Logs show that 3 of many emails made it into exchange directly from Hotmail IP's, but from there senders still got a bounceback.
Replies show the hotmail email coming in via McAfee IP range.
So it looks like replies follow the MX records, but new emails do not through A records maybe hit the exchange server directly (maybe autodiscover)?
I am at a loss so here I am.