Topic: extern distribution list: Recipient address rejected: SMTP AUTH req
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.0
- Deployed with iRedMail Easy or the downloadable installer? Downloaded
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I saw an earlier thread on this or very similar, but it was not resolved.
Our scenario:
We moved a group of users from the main domain.org to a server running webmail.domain.org.
Everything works fine sending from webmail.domain.org to other webmail.domain.org users and between webmail.domain.org and domain.org
However, we set up distribution lists/forwarding on the domain.org site (hosted in Office 365) for these addresses to send them to webmail.domain.org while people adjust, and also have a few distribution lists that need to go to multiple people, some on domain.org and some on webmail.domain.org.
When a user @webmail.domain.org sends an email to the distribution list hosted on @domain.org that sends the message to a @webmail.domain.org user, it attempts to send the copy back to the mailbox on @webmail.domain.org with the original sender address of @webmail.domain.org.
This triggers the error: NOQUEUE: reject: RCPT from mail-bn8nam12lp2168.outbound.protection.outlook.com[104.47.55.168]: 554 5.7.1 <destuser@webmail.domain.org>: Recipient address rejected: SMTP AUTH is required for users under this sender domain; from=<sender@webmail.domain.org> to=<destuser@webmail.domain.org> proto=ESMTP helo=<NAM12-BN8-obe.outbound.protection.outlook.com>
I tried to create a rule in /etc/postfix/helo_access.pcre:
/\.outbound\.protection\.outlook\.com$/ OK
But I still am getting the SMTP AUTH message, so this is not a fix for this problem.
I did see this FAQ: https://docs.iredmail.org/errors.html
I do not know if ALLOW_FORGED_SENDERS is an option to solve this problem or not, because potentially everyone on @webmail.domain.org may need to send to one of these distribution lists.
I also do not know every IP address that Office 365 may use so that I could include them in MYNETWORKS as that article suggests, if that is even a good idea.
So how would I allow a forwarded/distribution list message send back into webmail.domain.com by a webmail.domain.com user when it had to route through the Office 365 domain.com distribution list?
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.