mvalpreda
asked on
Spoofing emails from outside service - 550 5.7.1 Client does not have permissions to send as this sender
Exchange 2010 and all emails go in and out through Barracuda cloud spam filter.
Started using a cloud accounting package that sends emails with the user's Exchange domain email address and those go through the cloud service's mail servers. Those emails were originally bouncing for SPF, so added the cloud services hostnames to the SPF and they now get past Barracuda, but Exchange is stopping them near as I can tell.
So Bob logs into the cloud accounting service, creates a PO, needs that PO approved. The approval is emailed to Bob's manager through the accounting system. The email goes to manager@domain.com and the from is bob@domain.com. The email servers at the service show the from a bob@domain.com and to manager@domain.com. Exchange doesn't appear to like that.
From Barracuda:
Rejected (mail.domain.com:25:550 5.7.1 Client does not have permissions to send as this sender)
Exchange is only allowed to talk to Barracuda in and out via ACLs on the firewall....could I change something in Exchange to allow emails from domain.com that come in on the default receive connector? It seems like a bad idea to me though.
Started using a cloud accounting package that sends emails with the user's Exchange domain email address and those go through the cloud service's mail servers. Those emails were originally bouncing for SPF, so added the cloud services hostnames to the SPF and they now get past Barracuda, but Exchange is stopping them near as I can tell.
So Bob logs into the cloud accounting service, creates a PO, needs that PO approved. The approval is emailed to Bob's manager through the accounting system. The email goes to manager@domain.com and the from is bob@domain.com. The email servers at the service show the from a bob@domain.com and to manager@domain.com. Exchange doesn't appear to like that.
From Barracuda:
Rejected (mail.domain.com:25:550 5.7.1 Client does not have permissions to send as this sender)
Exchange is only allowed to talk to Barracuda in and out via ACLs on the firewall....could I change something in Exchange to allow emails from domain.com that come in on the default receive connector? It seems like a bad idea to me though.
Did you added that domain under accepted domain list option in Exchange? If not then add it. Follow this: https://www.petri.com/configure-exchange-2010-receive-email-external-domains
ASKER
This is not a new domain. Exchange is auth for domain.com. That is all working correctly. What is happening is accounting service in the cloud sends emails as domain.com and Exchange doesn't seem to like it. Guessing because emails from domain.com should not originate from outside the Exchange server.
Provide your actual domain details.
Very difficult to guess at this. Better to provide you with a real solution, based on your DNS settings.
Very difficult to guess at this. Better to provide you with a real solution, based on your DNS settings.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
A sub-domain might be the way to go. I don't think allowing Exchange to accept emails from the outside on the default connector is a good idea....no matter how good the Barracuda spam filtering is.
I need to find out if this is purely for notifications, or if they are going to reply/forward these emails thus causing emails they never get.
I need to find out if this is purely for notifications, or if they are going to reply/forward these emails thus causing emails they never get.
I gave you the idea. I assume rest you can design.
Enough information provided.