Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email forwarding : 550 5.7.1 Command rejected

Hi, we have a problem with forwarding emails. Exchange 2013 on Prem. Using Email Security on Sophos Central. 

This seems to have come up on here before, but I cant find a solution.  Any help appreciated.

Thanks

Trev

I use exchange to forward emails on for a user to an external account at user2@domain2.com

I can email the external account from our domain user1@domain1.com and they can email in.

If I email User1@domain1.com from any other exernal account, say user3@domain3.com I get the following error:

Subject: Delivery Failure Notification

 Sophos XG Firewall was unable to send the following mail:

 ----------------------

From: User1@domain1.com
MessageID: <LNXP265MB250800947BB98F138EDDAD85B6E69@LNXP265MB2508.GBRP265.PROD.OUTLOOK.COM>

Sent on: 2022-04-07 12:39:27

 Mail delivery to following recipients failed:

 user2@domain2.com - 550 5.7.1 Command rejected

 

Resent-From: <User1@domain1.com>

Received: from ExchangeServer (10.10.) by  exchangeserver (10.10.) with Microsoft SMTP Server (TLS)  id 15.0.847.32; Thu, 7 Apr 2022 12:42:47 +0100

Received: from inbound-18-216-7-10-us-east-2.prod.hydra.sophos.com

(18.216.7.10) by Exchange.domain1 (10.10. with Microsoft  SMTP Server id 15.0.847.32 via Frontend Transport; Thu, 7 Apr 2022 12:42:28

+0100

Received: from ip-172-21-100-31.us-east-2.compute.internal

(ip-172-21-100-31.us-east-2.compute.internal [127.0.0.1])      by

inbound-18-216-7-10-us-east-2.prod.hydra.sophos.com (Postfix) with ESMTP id

4KZ00l6CnfzPjdl        for <User1@domain1.com>; Thu,  7 Apr 2022 11:44:39

+0000 (UTC)

Authentication-Results: mx-01-us-east-2.prod.hydra.sophos.com;

spf=pass smtp.mailfrom=user3@domain3.com;

dkim=pass header.d=domain3 header.from=domain3;  dmarc=pass (recordpolicy=quarantine) header.from=domain3

Received-SPF: pass receiver=mx-01-us-east-2.prod.hydra.sophos.com;

client-ip=40.107.10.84; envelope-from=< user3@domain3.com >;

helo=GBR01-LO2-obe.outbound.protection.outlook.com;

X-Sophos-Product-Type: Gateway

X-Sophos-Email-ID: c65874521353416d8dbc3e35fd16a1a1

Received: from GBR01-LO2-obe.outbound.protection.outlook.com

(mail-lo2gbr01on2084.outbound.protection.outlook.com [40.107.10.84]) (using

TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client  certificate requested) by mx-01-us-east-2.prod.hydra.sophos.com (Postfix)  with ESMTPS id 4KZ00c6Rhsz9rwG for <user1@domain1.com>; Thu,  7



This thread was automatically locked due to age.
Parents
  • You could try to address this issue with the new CEMA feature:  SMTP Routing 

    This basically means, you could reroute it on CEMA to another  MailServer on a MTA Level, not a Mailbox.

    Downside: It will not be in the original Mailbox like a Forward behavior, but it will be on another mailbox/server as you intend it to be. The other Mailserver has to accept this Email (be the owner of this mailbox). 

    __________________________________________________________________________________________________________________

Reply
  • You could try to address this issue with the new CEMA feature:  SMTP Routing 

    This basically means, you could reroute it on CEMA to another  MailServer on a MTA Level, not a Mailbox.

    Downside: It will not be in the original Mailbox like a Forward behavior, but it will be on another mailbox/server as you intend it to be. The other Mailserver has to accept this Email (be the owner of this mailbox). 

    __________________________________________________________________________________________________________________

Children
No Data