Sending to Distribution Groups with External Domain Recipients or Out of Offices

Situation – You want to configure Outbound Relay for domains utilizing Distribution Groups sending to external domain recipients but you receive a Relay Access Denied error.

Solution – At this time, this is not a supported configuration. Details below.

Sending To Distribution Groups With External Domain Recipients

  • Spambrella does not currently support the Outbound Relaying of mail to external domain recipients in a distribution group.
  • An external recipient consists of an email address that is not part of one of the customer’s listed domains.
  • You may also experience bounce-back messages containing Relay Access Denied with the external recipient address listed in the bounceback: #554 5.7.1>: Relay access denied ##

Mail sent to a distribution group containing external domains needs to be routed through a different outbound mail route because the Spambrella SmartHost will give the Relay Access Denied error. Contact your mail server’s routing guide/expert to set this up correctly.

Generally, there are two pieces…

Please note, these steps are within O365 and outside of Spambrella. Some steps or words may require approximation depending on what version of O365 you are using and any potential UI modifications they may make to their product.

Create an outbound connector that uses mx.

Open the Exchange Admin Center (EAC)

1. Click mail flow 

2. Click on connectors (on the right pane)

Proofpoint Essentials connector for auto responders

3. Click on the + sign

4.  In the connector Popup window:

5. in the From : chose  Office 365

6. TO: choose Partner Organization

7. Click NEXT

8. Fill in the Name of the RULE

9. Add a description (this is very important if you have many connectors) then click NEXT

10. Choose Only when i have a transport rule set up that redirects messages to this connector 

11. Choose to Use the MX record associated with the partner’s domain then click NEXT

12. Leave the setting by default and click NEXT

13. A recap of your configuration will be displayed, then click NEXT

14. Add and External email address i.e.: click Validate



Create a mail flow rule that triggers for a message type that is created by auto-forward

Always in the EAC, click the RULES on the top left

  1. Click on the + to create a new RULE
  2. Enter a name for the RULE
  3. Under Apply this rule if… chose The Sender... then  is Internal/External in the pop-up window
  4. A new pop-up will appear and select Outside the Organization
  5. Click Add Condition.
  6. Repeat the same step as above but using The Recipient then is Internal/External. When the new pop-up window confirms, also choose Outside the Organization.
  7. Under Do the following …choose Redirect the message to… then chose the following connector

Office 365 - Proofpoint Essentials - Set Up out of Office Rules

8. In the title pop-up window chose the connector you just created in our example Special outbound connector. You can also mention Spambrella/Proofpoint in the rule if that helps.

9. Check the box for Stop processing more rules.

10. SAVE – If the RULE  didn’t work on the first try you might need to restart the exchange hub transport service.

If this Rule is not triggering, you may want to change the Priority of this filter to the highest (0).

Additional help: 

If you are using Office 365, this Microsoft article will assist in creating outbound connectors to change mail routing

Rule Example For Out Of Office

Similar steps as above:


If you set up this option, please make sure that you enable DKIM on the domain. If you go to the Security admin center > Policies & Rules > Threat Policies > Email Authentication settings. Then choose the domain you are doing this for and when you go into the settings, Enable the radio button Sign Messages for this domain with DKIM signatures. As it has been explained to us, O365 signs all mail with DKIM. If this is disabled then this rule will fail.


Sending to distribution groups with external domain recipients

Setting up Outbound Email Relay