locked
550 5.7.1 Sender ID (PRA) Not Permitted RRS feed

  • Question

  • Hi all

    I am having issues validating a connector between EOP and our on-premise Edge server. When running the wizard and trying to validate I get "550 5.7.1 Sender ID (PRA) Not Permitted" as result of the validation.

    On the edge server I have set:
    SpoofedDomainAction : Reject
    TempErrorAction: Reject
    in the SenderId config.

    In the SPF record for the domain I have included what I think is all necessary details:

    v=spf1 mx:ourdomain-com.mail.protection.outlook.com ip4:IpOfEdge ip4:IpOfEOPServer include:spf.protection.outlook.com -all

    The thing is that I can use this connector sucessfully to recive emails but the validation is not allowing it to be go through.

    What have I misse? 
    All suggestions or comments welcome.
    Thanks,
    Mrtro

    Monday, September 19, 2016 10:20 AM

Answers

  • Thanks for your message, please see below for the answers:
    I am only allowing messages from EOP to the Edge server through the firewall.
    This is the inbound connector, from EOP to the Edge.
    I am getting the error from the connector setup wizard on EOP.
    Last one is a very good question, not sure what the standard way of setting this up. I guess SenderID is useless in the end as I am only recieving email from EOP to the Edge server. Is it standard to disable the SenderID on the edge when using EOP?

    Thanks again for your help

    Yep, if you are only allowing connections to the Edge from EOP, then disable any of those checks and let EOP do them since that is what you are paying for.

    If you want to drop spoofed mail, you can create a mail flow rule in EOP to do that or better yet, setup DMARC and quarantine if a message fails that

    http://no-one-uses-email-anymore.com/the-trinity-of-email-protection-lessons-learned-using-dmarc-dkim-and-spf-in-office-365/


    Blog:    Twitter:   

    • Proposed as answer by Jason.Chao Tuesday, September 20, 2016 2:43 AM
    • Marked as answer by Jason.Chao Friday, September 30, 2016 9:26 AM
    Monday, September 19, 2016 4:17 PM

All replies

  • Hi all

    I am having issues validating a connector between EOP and our on-premise Edge server. When running the wizard and trying to validate I get "550 5.7.1 Sender ID (PRA) Not Permitted" as result of the validation.

    On the edge server I have set:
    SpoofedDomainAction : Reject
    TempErrorAction: Reject
    in the SenderId config.

    In the SPF record for the domain I have included what I think is all necessary details:

    v=spf1 mx:ourdomain-com.mail.protection.outlook.com ip4:IpOfEdge ip4:IpOfEOPServer include:spf.protection.outlook.com -all

    The thing is that I can use this connector sucessfully to recive emails but the validation is not allowing it to be go through.

    What have I misse? 
    All suggestions or comments welcome.
    Thanks,
    Mrtro

    Are you allowing only messages from EOP to the Edge and not from the internet?

    What type of EOP connector is this inbound or outbound?

    Whats throwing the error? The Edge?

    Why are you blocking spoofed domains on the Edge when you are using EOP to receive internet mail? Why not block it there?


    Blog:    Twitter:   

    Monday, September 19, 2016 10:48 AM
  • Thanks for your message, please see below for the answers:
    I am only allowing messages from EOP to the Edge server through the firewall.
    This is the inbound connector, from EOP to the Edge.
    I am getting the error from the connector setup wizard on EOP.
    Last one is a very good question, not sure what the standard way of setting this up. I guess SenderID is useless in the end as I am only recieving email from EOP to the Edge server. Is it standard to disable the SenderID on the edge when using EOP?

    Thanks again for your help

    Monday, September 19, 2016 12:32 PM
  • Thanks for your message, please see below for the answers:
    I am only allowing messages from EOP to the Edge server through the firewall.
    This is the inbound connector, from EOP to the Edge.
    I am getting the error from the connector setup wizard on EOP.
    Last one is a very good question, not sure what the standard way of setting this up. I guess SenderID is useless in the end as I am only recieving email from EOP to the Edge server. Is it standard to disable the SenderID on the edge when using EOP?

    Thanks again for your help

    Yep, if you are only allowing connections to the Edge from EOP, then disable any of those checks and let EOP do them since that is what you are paying for.

    If you want to drop spoofed mail, you can create a mail flow rule in EOP to do that or better yet, setup DMARC and quarantine if a message fails that

    http://no-one-uses-email-anymore.com/the-trinity-of-email-protection-lessons-learned-using-dmarc-dkim-and-spf-in-office-365/


    Blog:    Twitter:   

    • Proposed as answer by Jason.Chao Tuesday, September 20, 2016 2:43 AM
    • Marked as answer by Jason.Chao Friday, September 30, 2016 9:26 AM
    Monday, September 19, 2016 4:17 PM
  • Sorry for beeing so slow with marking as answer. Thanks alot for your help Jason!
    Tuesday, October 4, 2016 5:55 PM