Spoofing emails from outside service - 550 5.7.1 Client does not have permissions to send as this sender

Exchange 2010 and all emails go in and out through Barracuda cloud spam filter.

Started using a cloud accounting package that sends emails with the user's Exchange domain email address and those go through the cloud service's mail servers. Those emails were originally bouncing for SPF, so added the cloud services hostnames to the SPF and they now get past Barracuda, but Exchange is stopping them near as I can tell.

So Bob logs into the cloud accounting service, creates a PO, needs that PO approved. The approval is emailed to Bob's manager through the accounting system. The email goes to manager@domain.com and the from is bob@domain.com. The email servers at the service show the from a bob@domain.com and to manager@domain.com. Exchange doesn't appear to like that.

From Barracuda:
Rejected (mail.domain.com:25:550 5.7.1 Client does not have permissions to send as this sender)

Exchange is only allowed to talk to Barracuda in and out via ACLs on the firewall....could I change something in Exchange to allow emails from domain.com that come in on the default receive connector? It seems like a bad idea to me though.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Did you added that domain under accepted domain list option in Exchange? If not then add it. Follow this: https://www.petri.com/configure-exchange-2010-receive-email-external-domains
mvalpredaAuthor Commented:
This is not a new domain. Exchange is auth for domain.com. That is all working correctly. What is happening is accounting service in the cloud sends emails as domain.com and Exchange doesn't seem to like it. Guessing because emails from domain.com should not originate from outside the Exchange server.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Provide your actual domain details.

Very difficult to guess at this. Better to provide you with a real solution, based on your DNS settings.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

AmitIT ArchitectCommented:
I think you already know the answer for your problem and you are trying to make it work. If you ask my suggestion, rather using your domain name. Better you create sub domain. Something like support.domain.com and give it to your vendor to use it. Add that domain into you Exchange accepted domain list.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mvalpredaAuthor Commented:
A sub-domain might be the way to go. I don't think allowing Exchange to accept emails from the outside on the default connector is a good idea....no matter how good the Barracuda spam filtering is.

I need to find out if this is purely for notifications, or if they are going to reply/forward these emails thus causing emails they never get.
AmitIT ArchitectCommented:
I gave you the idea. I assume rest you can design.
AmitIT ArchitectCommented:
Enough information provided.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.