this post was submitted on 27 Oct 2023
0 points (50.0% liked)

Sysadmin

5625 readers
1 users here now

A community dedicated to the profession of IT Systems Administration

founded 5 years ago
MODERATORS
 

I am working part time for a small company, they have about 40 employees that use the email everyday for work and recently they have acquired a MS account for 10 employees that use it mainly for teams with customers but also sharepoint, etc.

To buy an MS account for each of the 40 would be too expensive and necessary because the other 30 only really use email in the day to day work.

So what I did initially was to follow this Microsoft doc: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365

So our MX register point to Exchange server and exchange relay it to the secondary email server where all those 30 accounts exists.

It was working fine until I we started to get this "Not delivered message" email returning with this error:

Error:	550 5.7.367 Remote server returned not permitted to relay -> 554 5.7.1 : Relay access denied

I talked to the support of this secondary email server and they told me they do not support this operation.

So I am looking for help in finding some server that would allow me to work like this. Do you happen to know some company you could recommend?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago

Hey so it seems like you don't really get licensing or 'too expensive' is just business speak for wanting it done free.

Exchange plan 1 licenses are minimally very very small licenses, but you can get even cheaper. You can even get exchange kiosk. Kiosk isn't designed for users, it's designed for things like an MFP then you're allowed to relay with an authenticated startTLS account setup on the MFP to connect to exchange Online.

However, if you don't use an authenticated account, you can still send internally. That way your inevitable compromised device doesn't spam the world with mail throttle Microsoft servers. However you can scan to your own internal staff. And by internal staff I'm guessing at more and more here but I'm betting you have two mail domains. Only domains in your exchange Online Admin centre which are added into the domains, will be 'internal'.

If you wanted hybrid you should do hybrid using the hybrid configuration wizard and it will connect your on premises exchange to your exchange Online using mail transports. You need to fix up a bunch of things to get that connected. But doing so will count the mailboxes which are on premise as 'internal' and unauthenticated mail will be allowed to relay to them.

But 40 exchange online only accounts with exchange plan 1 is hardly a few seconds of wage time per month in costs.

I'm guessing a lot here, but you said you have two different mail servers currently, online and on premise, I can only assume you've either got two different mail domains otherwise MX routing would be dead to one or the other. And I guess that because you said you're getting errors that only happen when you send mail to external users.

So...