Start a conversation

Sending to Distribution Groups with external domain recipients

Situation You want to configure Outbound Relay for domains utilizing Distribution Groups sending to external domain recipients but you receive a Relay Access Denied error.
Solution At this time, this is not a supported configuration. Details below.

 

Sending To Distribution Groups With External Domain Recipients

Proofpoint Essentials does not currently support the Outbound Relaying of mail to external domain recipients in a distribution group.

An external recipient consists of an email address that is not part of one of the customer's listed domains.

You may also experience bounceback messages containing Relay Access Denied with the external recipients address listed in the bounceback:

proofpoint@gmail.com
mx1-eu1.ppe-hosted.com #554 5.7.1 proofpoint@gmail.com>: Relay access denied ##

Mail sent to a distribution group containing external domains needs to be routed through a different outbound mail route because Proofpoint Essentials SmartHost will give the Relay Access Denied error. Contact your mail server's routing guide/expert to set this up correctly. 

Sample Steps For O365. General Concept Can Be Used For Exchange (Steps Coming Soon)

Generally, there are two pieces

Please note, these steps are within O365 and outside of Proofpoint Essentials. Some steps or words may require approximation depending on what version of O365 you are using and any potential UI modifications they may make to their product.

Create another outbound connector that uses mx.
  1. Navigate to Mail Flow > Connectors > + (New).
  2. Click From O365 To Partner > Next.
  3. Name the rule whatever you like, i.e. Bypass Proofpoint, and click Next.
  4. Choose Only when I have a transport rule set up that redirects messages to this connector and click Next.
  5. Choose Use the MX record associated with the partner's domain and click Next.
  6. Leave defaults on TLS connection screen and click Next.
  7. Next on summary page.
  8. Use any external email address to validate the connector (It may or may not validate but that wont' matter) and click Save.
Create a mail flow rule that triggers for any outbound messages from your Distribution List
  1. Navigate to Rules > + (New).
  2. Give the rule a name, i.e. DL External Forwarding.
  3. Choose If Sender is... and pick your DL.
  4. Important: Choose More Options first.
  5. Then from the *Do the following drop down list select Redirect the message to... and then choose the following connector...
  6. Choose Select One next to the Do the following rule... and pick the connector created in step 1. (i.e Bypass Proofpoint).
  7. Click Save.

Additional help: 

If you are using Office 365, this Microsoft article will assist in creating outbound connectors to change mail routing

https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-for-secure-mail-flow-with-a-partner

 

Also see: 

Masquerade domains

Can Proofpoint Essentials be used to forward email for non-registered domains?

554 5.7.1: Relay access denied

 

Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Carlos Rios

  2. Posted
  3. Updated

Comments