Email forwarding : 550 5.7.1 Command rejected

Hi, we have a problem with forwarding emails. Exchange 2013 on Prem. Using Email Security on Sophos Central. 

This seems to have come up on here before, but I cant find a solution.  Any help appreciated.



I use exchange to forward emails on for a user to an external account at

I can email the external account from our domain and they can email in.

If I email from any other exernal account, say I get the following error:

Subject: Delivery Failure Notification

 Sophos XG Firewall was unable to send the following mail:


MessageID: <LNXP265MB250800947BB98F138EDDAD85B6E69@LNXP265MB2508.GBRP265.PROD.OUTLOOK.COM>

Sent on: 2022-04-07 12:39:27

 Mail delivery to following recipients failed: - 550 5.7.1 Command rejected


Resent-From: <>

Received: from ExchangeServer (10.10.) by  exchangeserver (10.10.) with Microsoft SMTP Server (TLS)  id 15.0.847.32; Thu, 7 Apr 2022 12:42:47 +0100

Received: from

( by Exchange.domain1 (10.10. with Microsoft  SMTP Server id 15.0.847.32 via Frontend Transport; Thu, 7 Apr 2022 12:42:28


Received: from

( [])      by (Postfix) with ESMTP id

4KZ00l6CnfzPjdl        for <>; Thu,  7 Apr 2022 11:44:39

+0000 (UTC)



dkim=pass header.d=domain3 header.from=domain3;  dmarc=pass (recordpolicy=quarantine) header.from=domain3

Received-SPF: pass;

client-ip=; envelope-from=< >;;

X-Sophos-Product-Type: Gateway

X-Sophos-Email-ID: c65874521353416d8dbc3e35fd16a1a1

Received: from

( []) (using

TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client  certificate requested) by (Postfix)  with ESMTPS id 4KZ00c6Rhsz9rwG for <>; Thu,  7

  • This happens because the forwarded email contains the original sender's HEADER FROM which will be

    Since Sophos Central Email is a SaaS solution and it is shared by many tenants, it needs to have a way to determine which emails are for your organization. The way it does this is by using the HEADER FROM email address. If the domain here is not one of your configured domains AND the email address is not a MAILBOX on your Central account, you will get a reject message.

    You should look into other options such as bypassing Central Email for auto forwarded emails or doing some HEADER FROM rewriting.

  • Thank you for the answer, at least I know what is going on with this. Really appreciate it.

    Would you have any information on either of these options at all or is that a post for another topic area?