Bounce back on external email to group

Hello everyone,

Once again, asking for help. I set up a distro group with external email address. When I email the group internally from the domain, it works fine. but if I email the group externally, I get a bounce back. The rejected server is coming from my server. I did set up the group to send to internal and external emails.

*Note: We did upgrade from exchange 2010 to 2016 a month ago and the group is set to send internal and external emails. Not sure what is the causing the issue. Could it be a receive connector

Error message below:

---------- Forwarded message ---------
From: <postmaster@mycompany.com>
Date: Mon, Apr 23, 2018, 10:25 AM
Subject: Undeliverable: Test
To: <kenny.admin@gmail.com>

Delivery has failed to these recipients or groups:
g.c@external.us
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
d.c@external.us
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
w.w@external.us
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
The following organization rejected your message: mail.mycompany.com.


Diagnostic information for administrators:
Generating server:mycompany.com
g.c@external.us
mail.mycompany.com #554 5.7.1 Relaying denied ##
d.c@external.us
mail.mycompany.com #554 5.7.1 Relaying denied ##
w.w@external.us
mail.mycompany.com #554 5.7.1 Relaying denied ##
Original message headers:

Received: from SA-EXDR-P01.mycompany.local (192.168.122.184) by
 BOEX1.mycompany.local (192.168.127.210) with Microsoft SMTP Server (TLS) id
 14.3.382.0; Mon, 23 Apr 2018 10:23:04 -0500
Received: from SA-EX-P01.mycompany.local (192.168.122.241) by
 SA-EXDR-P01.mycompany.local (192.168.122.184) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1261.35; Mon, 23 Apr 2018 10:23:03 -0500
Received: from mail.mycompany.com (192.168.122.5) by
 SA-EX-P01.mycompany.local (192.168.122.241) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id
 15.1.1261.35 via Frontend Transport; Mon, 23 Apr 2018 10:23:04 -0500
Received: from mail-wr0-f177.google.com (mail-wr0-f177.google.com
 [209.85.128.177])      by mail.mycompany.com  with ESMTP id
 w3NFOtLB010583-w3NFOtLD010583      (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA
 bits=128 verify=NOT)      for <tigaproject@mycompany.com>; Mon, 23 Apr 2018
 10:24:56 -0500
Received: by mail-wr0-f177.google.com with SMTP id v60-v6so42413595wrc.7
        for <tigaproject@mycompany.com>; Mon, 23 Apr 2018 08:24:56 -0700
 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=nWudKbw3UE7LOU8U1HUxXs+teQDZ8JUUBwrFIrUoiz8=;
        b=PkpodLDtbfKnPphfr3rqbOUh841+2dQX7eHl7Jjgo9IGIwNFtk0HWLz0meaYEVucSX
         JZc9ku7Ap4QW4yYnW7LiIrDwrksRcQpM28yOv2+SzM2sr+JmnBoziwulFF0DF5JLkKTC
         CyXtn9fLkqpZj/AOHFfhPiKd608gq39nDFM/57Atcv0EFqEZJqhkq4aRbUg+HsLmEI/1
         nUSSe6U8qKlcvyEk6QYBjDS6hIifE1izLmsWBzzJ+WWG/3BYh7D4q3bsbmxzGtVz+xhP
         p1S6MPwUBXu+UvoNtk00YNV6snEjdDQPyRXArrXJ/c3FtwLa4hzluHKe7glil1Zy3poH
         OCzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=nWudKbw3UE7LOU8U1HUxXs+teQDZ8JUUBwrFIrUoiz8=;
        b=lL1myleEL3y4Up6hXxFmm2Xne720TWIT9t2pbFhv08GPRvoVnUwgpBmKoZvjXG5J4l
         tufFJaoRg97zYtYliFqNePCFzRBfB3UG0dYO/gTYHsJUMSWjWWegV5NzFOTjTAsTJLhR
         K22EcaRIfiG/B45wLENOib28vdGA4a32WgGr7EH5v787eMudJxgDCevmXPuRVgdwrsLJ
         iSO4vweVB4/SqZf+T4Y4PjyVdHeDTnUptUoDBqEyviCU7qWiqV4lNtwErxKRB5uiATr0
         DX1cm73cxcHyjHPYTP3gUeV1mS3Bo24vzMiJ8/nZ/5dj3GAkP1FCU7hRaougFHRQDIzJ
         mnQg==
X-Gm-Message-State: ALQs6tBzKUy9dloUftDVvAtfJr7/G3tufNDSbPxtonp25rqZBFMxIS7d
      pjLg+ec26yeuY2GpEPVuuncmGd8lG5/iD70qG3U=
X-Google-Smtp-Source: AIpwx4/w13L9YbByZR3pRvMNXwSP2LOr2xI3DCmE1MFrjDkK5H4ELarzn6AKnqCY+B9zSsaS3q/iCO/Q3udKOaczH18=
X-Received: by 10.167.197.83 with SMTP id s19mr11893642edr.139.1524497094976;
 Mon, 23 Apr 2018 08:24:54 -0700 (PDT)
MIME-Version: 1.0
From: Kenny Placido <Kenny.admin@gmail.com>
Date: Mon, 23 Apr 2018 15:24:44 +0000
Message-ID: <CAPxCpbS5ZvMtHdZ_8N-YNi-NQK=tk_3evQ9ebVTVF_C4B6ZNxA@mail.gmail.com>
Subject: Test
To: <tigaproject@mycompany.com>
Content-Type: multipart/alternative; boundary="883d24f6aed4ceaa90056a85a362"
X-FEAS-SPF: pass, ip=209.85.128.177, helo=mail-wr0-f177.google.com, mailFrom=kenny.admin@gmail.com
X-FEAS-DKIM: Valid
Authentication-Results: mail.mycompany.com;
      spf=pass (mycompany.com: domain of kenny.admin@gmail.com designates 209.85.128.177 as permitted sender) smtp.mailfrom=kenny.admin@gmail.com;
      dkim=pass header.i=@gmail.com
Return-Path: kenny.admin@gmail.com
X-Auto-Response-Suppress: DR, OOF, AutoReply
Kenny PlacidoSr System AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

timgreen7077Exchange EngineerCommented:
By default when you setup a DL you can only receive email from internal users, so you will need to go to DL in exchange and under delivery management on the DL select "sender inside and outside my organization", that will allow you to get emails from internal and external users.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kenny PlacidoSr System AdministratorAuthor Commented:
Sorry, should have explained that I did that about 30 minutes ago and I am still getting the same error. Should have posted that in the original question.
0
Jose Gabriel Ortega CastroCEOCommented:
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Kenny PlacidoSr System AdministratorAuthor Commented:
Thank you for the heads up. CASA CBL is a china server, we dont do anything with that. As for SORBS, I will have to figure a way to get removed from them.
0
timgreen7077Exchange EngineerCommented:
Also make sure that the check box "require that all senders are authenticated." isn't checked.
0
Jose Gabriel Ortega CastroCEOCommented:
Well those Blacklists are worldwide and are used for many Antispam on cloud and on-prem just make sure to get your IPs clean of all of them
0
Kenny PlacidoSr System AdministratorAuthor Commented:
This is on a exchange 2016 ECP. I cant find "require that all senders are authenticated" in the contact created or group DL.
0
Jose Gabriel Ortega CastroCEOCommented:
Just go to your group properties and select "Senders inside and outside my organization:
 1.png
0
Kenny PlacidoSr System AdministratorAuthor Commented:
Already did that.
0
Jose Gabriel Ortega CastroCEOCommented:
And... ? it was before my answer? did you do the clean up of the blacklists?
did you test again?
0
timgreen7077Exchange EngineerCommented:
these bounced emails are only on this DL is that correct? not all emails?
0
Kenny PlacidoSr System AdministratorAuthor Commented:
The blacklist is coming from a 209 address. THat is google. Not from mycompany.com. Im not worried about that. And yes, the bounce emails are only from the DL.

Just got confirmation but if you are not in the group, you can not email it from an external email address. This is what we want, so I guess its working now.
0
timgreen7077Exchange EngineerCommented:
Just got confirmation but if you are not in the group, you can not email it from an external email address. This is what we want, so I guess its working now.

Did you have email addresses as allowed in that property? In other words even though you selected sender inside and outside my org, did you still add addresses in the box below it.
0
Kenny PlacidoSr System AdministratorAuthor Commented:
No, the addresses are blank.
0
timgreen7077Exchange EngineerCommented:
hmmm, well exchange doesn't know if an external sender sending an email from an external domain is a member of that group. strange. oh well happy its working for you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.