Zendesk, Exchange and 550 5.7.1

I have a zen desk account that we are using for support tickets.  I setup a group support@mydomain.com that has a member the exchange contact support@mydomain.zendesk.com.  When users submit tickets they go in just fine.  If I reply on the ticket, we get the problem.  This started about 2 months ago now.  I have run out of ideas.

We keep getting bounce failures.  550 5.7.1 Client does not have permissions to send as this sender
I have seen where we need to have the send as self permission assigned, but since this is a group not an account it doesn't have that option.
So I created an account called itsupport@mydomain.com and setup forwarding to support@mydomain.zendesk.com.  It failed zendesks forwarding verification.  

I have the spf record setup for Zendesk and it is verified.  my support@mydomain.zendesk.com account also passes forwarding verification.  Zendesk support has said it is a problem on my exchange server.  

I have even setup a receive connector for Zendesk with their range of ip's accepted, and anonymous user as the permission group.  Currently our firewall is only setup to receive email from our spam service servers, but Zendesk mail is going through that so it is not the issue.  

Any ideas?  This used to work fine, and I have no clue what changed.
oncall4youAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason CrawfordTransport NinjaCommented:
Are you saying the support@mydomain.zendesk.com MailContact on the Exchange server is a member of the support@mydomain.com Distribution Group on the same server?  What is the ExternalEmailAddress for support@mydomain.zendesk.com?  

Here's what I would do:

1. Enable verbose logging on all Receive and Send Connectors
2. Reproduce the issue by replying to a ticket.
3. Inspect the SMTPReceive Protocol Logs and verify your test email was actually received by the new Receive Connector you created.  The SMTPReceive Protocol logs can be found here for Exchange 2013 - %ExchangeInstallPath%TransportRoles\Logs\Hub\ProtocolLog\SmtpReceive and here for Exchange 2010 - %ExchangeInstallPath%\TransportRoles\Logs\ProtocolLog\SmtpReceive
4. Once you verify which connector is receiving the email, copy the name and run this command:

Get-ReceiveConnector 'Receive Connector Name' | Add-AdPermission -User 'NT AUTHORITY\ANONYMOUS LOGON' -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender,ms-Exch-SMTP-Accept-Any-Recipient

Open in new window


Make sure you lock that Receive Connector down to only accept connections from internal IPs on your network.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet / Email Software

From novice to tech pro — start learning today.