SMTP Relay with basic authentication resulting in smtp;550 5.7.1


  • Background-I want Sharepoint (on-prem) to send emails through our Exchange (on-prem) receive connector using basic authentication.


    - On the SP server, I installed/created an IIS SMTP Virtual Server that relays to our Exchange server using basic authentication.  The 'user' is a newly created service account for this very purpose (we called it abc\exchangerelay).

    - On Exchange, we created a receive connector that receives mail from the IP of the SP server with 'Basic Authentication' enabled.

    At this point... I initiate an email and it just sits in the queue of the IIS SMTP VS.

    As a test, I throw my service account (exchangerelay) into the 'Organization management' (OM) role group (on Exchange).  And taa daa.... it works.

    I proceed to remove 'exchangerelay' from the OM Role group and copy the OM group and rename it to 'Relay Group' it has all the same roles as the OM group.  I put the 'exchangerelay' service account in the newly created Relay Group.  And an email test results in a error.

    smtp;550 5.7.1 Client does not have permissions to send as this sender

    I've seen some posts about enabling the send-as permission on this account....but it appears as though it needs to be applied to the users' mailbox.  But this is a service account and doesn't have a mailbox...but perhaps I'm interpreting it wrong.

    That said.... the newly created Relay Group has all the same roles as the Organization Management group... so why is it not working?

    Any help is appreciated.

    Tuesday, March 20, 2018 3:24 PM


All replies

  • Hello

    check user smtp address and from: address

    sorry my english

    • Marked as answer by Eric Cho - Tuesday, March 20, 2018 7:57 PM
    Tuesday, March 20, 2018 3:46 PM
  • Interesting...

    The from address is configured in SharePoint's central admin....and we've assigned it a generic (which doesn't exist).

    As a test, I put in my email and then it worked.

    So the 'From' address has to be valid? 

    So we have to create a user and mailbox for this 'no reply' address? 

    Or can we just set it up as a contact? 

    Or is there another approach?

    Tuesday, March 20, 2018 4:04 PM
  • Hello

    set permission on recive connector:

    Get-ReceiveConnector "app recive conector" | Add-ADPermission -User "contoso\relay accounts" -ExtendedRights .....

    sorry my english

    Tuesday, March 20, 2018 6:38 PM
  • Thanks for the response Sneff..... 

    I tried:

    Get-ReceiveConnector "Sharepoint" | Add-ADPermission -User "abc\exchangerelay" -AccessRights ExtendedRight -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

    And still no joy. 

    But I did create a contact (ie and this seemed to have done the job.  A workaround and not the most elegant....but it works.

    Tuesday, March 20, 2018 7:20 PM