Bounce back on external email to group

Hello everyone,

Once again, asking for help. I set up a distro group with external email address. When I email the group internally from the domain, it works fine. but if I email the group externally, I get a bounce back. The rejected server is coming from my server. I did set up the group to send to internal and external emails.

*Note: We did upgrade from exchange 2010 to 2016 a month ago and the group is set to send internal and external emails. Not sure what is the causing the issue. Could it be a receive connector

Error message below:

---------- Forwarded message ---------
From: <postmaster@mycompany.com>
Date: Mon, Apr 23, 2018, 10:25 AM
Subject: Undeliverable: Test
To: <kenny.admin@gmail.com>

Delivery has failed to these recipients or groups:
g.c@external.us
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
d.c@external.us
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
w.w@external.us
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
The following organization rejected your message: mail.mycompany.com.


Diagnostic information for administrators:
Generating server:mycompany.com
g.c@external.us
mail.mycompany.com #554 5.7.1 Relaying denied ##
d.c@external.us
mail.mycompany.com #554 5.7.1 Relaying denied ##
w.w@external.us
mail.mycompany.com #554 5.7.1 Relaying denied ##
Original message headers:

Received: from SA-EXDR-P01.mycompany.local (192.168.122.184) by
 BOEX1.mycompany.local (192.168.127.210) with Microsoft SMTP Server (TLS) id
 14.3.382.0; Mon, 23 Apr 2018 10:23:04 -0500
Received: from SA-EX-P01.mycompany.local (192.168.122.241) by
 SA-EXDR-P01.mycompany.local (192.168.122.184) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1261.35; Mon, 23 Apr 2018 10:23:03 -0500
Received: from mail.mycompany.com (192.168.122.5) by
 SA-EX-P01.mycompany.local (192.168.122.241) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id
 15.1.1261.35 via Frontend Transport; Mon, 23 Apr 2018 10:23:04 -0500
Received: from mail-wr0-f177.google.com (mail-wr0-f177.google.com
 [209.85.128.177])      by mail.mycompany.com  with ESMTP id
 w3NFOtLB010583-w3NFOtLD010583      (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA
 bits=128 verify=NOT)      for <tigaproject@mycompany.com>; Mon, 23 Apr 2018
 10:24:56 -0500
Received: by mail-wr0-f177.google.com with SMTP id v60-v6so42413595wrc.7
        for <tigaproject@mycompany.com>; Mon, 23 Apr 2018 08:24:56 -0700
 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=nWudKbw3UE7LOU8U1HUxXs+teQDZ8JUUBwrFIrUoiz8=;
        b=PkpodLDtbfKnPphfr3rqbOUh841+2dQX7eHl7Jjgo9IGIwNFtk0HWLz0meaYEVucSX
         JZc9ku7Ap4QW4yYnW7LiIrDwrksRcQpM28yOv2+SzM2sr+JmnBoziwulFF0DF5JLkKTC
         CyXtn9fLkqpZj/AOHFfhPiKd608gq39nDFM/57Atcv0EFqEZJqhkq4aRbUg+HsLmEI/1
         nUSSe6U8qKlcvyEk6QYBjDS6hIifE1izLmsWBzzJ+WWG/3BYh7D4q3bsbmxzGtVz+xhP
         p1S6MPwUBXu+UvoNtk00YNV6snEjdDQPyRXArrXJ/c3FtwLa4hzluHKe7glil1Zy3poH
         OCzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=nWudKbw3UE7LOU8U1HUxXs+teQDZ8JUUBwrFIrUoiz8=;
        b=lL1myleEL3y4Up6hXxFmm2Xne720TWIT9t2pbFhv08GPRvoVnUwgpBmKoZvjXG5J4l
         tufFJaoRg97zYtYliFqNePCFzRBfB3UG0dYO/gTYHsJUMSWjWWegV5NzFOTjTAsTJLhR
         K22EcaRIfiG/B45wLENOib28vdGA4a32WgGr7EH5v787eMudJxgDCevmXPuRVgdwrsLJ
         iSO4vweVB4/SqZf+T4Y4PjyVdHeDTnUptUoDBqEyviCU7qWiqV4lNtwErxKRB5uiATr0
         DX1cm73cxcHyjHPYTP3gUeV1mS3Bo24vzMiJ8/nZ/5dj3GAkP1FCU7hRaougFHRQDIzJ
         mnQg==
X-Gm-Message-State: ALQs6tBzKUy9dloUftDVvAtfJr7/G3tufNDSbPxtonp25rqZBFMxIS7d
      pjLg+ec26yeuY2GpEPVuuncmGd8lG5/iD70qG3U=
X-Google-Smtp-Source: AIpwx4/w13L9YbByZR3pRvMNXwSP2LOr2xI3DCmE1MFrjDkK5H4ELarzn6AKnqCY+B9zSsaS3q/iCO/Q3udKOaczH18=
X-Received: by 10.167.197.83 with SMTP id s19mr11893642edr.139.1524497094976;
 Mon, 23 Apr 2018 08:24:54 -0700 (PDT)
MIME-Version: 1.0
From: Kenny Placido <Kenny.admin@gmail.com>
Date: Mon, 23 Apr 2018 15:24:44 +0000
Message-ID: <CAPxCpbS5ZvMtHdZ_8N-YNi-NQK=tk_3evQ9ebVTVF_C4B6ZNxA@mail.gmail.com>
Subject: Test
To: <tigaproject@mycompany.com>
Content-Type: multipart/alternative; boundary="883d24f6aed4ceaa90056a85a362"
X-FEAS-SPF: pass, ip=209.85.128.177, helo=mail-wr0-f177.google.com, mailFrom=kenny.admin@gmail.com
X-FEAS-DKIM: Valid
Authentication-Results: mail.mycompany.com;
      spf=pass (mycompany.com: domain of kenny.admin@gmail.com designates 209.85.128.177 as permitted sender) smtp.mailfrom=kenny.admin@gmail.com;
      dkim=pass header.i=@gmail.com
Return-Path: kenny.admin@gmail.com
X-Auto-Response-Suppress: DR, OOF, AutoReply
Kenny PlacidoSr System AdministratorAsked:
Who is Participating?
 
timgreen7077Exchange EngineerCommented:
By default when you setup a DL you can only receive email from internal users, so you will need to go to DL in exchange and under delivery management on the DL select "sender inside and outside my organization", that will allow you to get emails from internal and external users.
0
 
Kenny PlacidoSr System AdministratorAuthor Commented:
Sorry, should have explained that I did that about 30 minutes ago and I am still getting the same error. Should have posted that in the original question.
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Kenny PlacidoSr System AdministratorAuthor Commented:
Thank you for the heads up. CASA CBL is a china server, we dont do anything with that. As for SORBS, I will have to figure a way to get removed from them.
0
 
timgreen7077Exchange EngineerCommented:
Also make sure that the check box "require that all senders are authenticated." isn't checked.
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Well those Blacklists are worldwide and are used for many Antispam on cloud and on-prem just make sure to get your IPs clean of all of them
0
 
Kenny PlacidoSr System AdministratorAuthor Commented:
This is on a exchange 2016 ECP. I cant find "require that all senders are authenticated" in the contact created or group DL.
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Just go to your group properties and select "Senders inside and outside my organization:
 1.png
0
 
Kenny PlacidoSr System AdministratorAuthor Commented:
Already did that.
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
And... ? it was before my answer? did you do the clean up of the blacklists?
did you test again?
0
 
timgreen7077Exchange EngineerCommented:
these bounced emails are only on this DL is that correct? not all emails?
0
 
Kenny PlacidoSr System AdministratorAuthor Commented:
The blacklist is coming from a 209 address. THat is google. Not from mycompany.com. Im not worried about that. And yes, the bounce emails are only from the DL.

Just got confirmation but if you are not in the group, you can not email it from an external email address. This is what we want, so I guess its working now.
0
 
timgreen7077Exchange EngineerCommented:
Just got confirmation but if you are not in the group, you can not email it from an external email address. This is what we want, so I guess its working now.

Did you have email addresses as allowed in that property? In other words even though you selected sender inside and outside my org, did you still add addresses in the box below it.
0
 
Kenny PlacidoSr System AdministratorAuthor Commented:
No, the addresses are blank.
0
 
timgreen7077Exchange EngineerCommented:
hmmm, well exchange doesn't know if an external sender sending an email from an external domain is a member of that group. strange. oh well happy its working for you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.