Sending to distribution groups with external domain recipients

Sending to Distribution Groups with external domain recipients

Situation – You want to configure Outbound Relay for domains utilizing Distribution Groups sending to external domain recipients but you receive a Relay Access Denied error.

Solution – At this time, this is not a supported configuration. Details below.

Sending To Distribution Groups With External Domain Recipients

– Spambrella does not currently support the Outbound Relaying of mail to external domain recipients in a distribution group.

– An external recipient consists of an email address that is not part of one of the customer’s listed domains.

– You may also experience bounce-back messages containing Relay Access Denied with the external recipient’s address listed in the bounceback: #554 5.7.1>: Relay access denied ##


Mail sent to a distribution group containing external domains needs to be routed through a different outbound mail route because the SmartHost will give the Relay Access Denied error. Contact your mail server’s routing guide/expert to set this up correctly.

Generally, there are two pieces

Please note, these steps are within O365 and outside of Spambrella. Some steps or words may require approximation depending on what version of O365 you are using and any potential UI modifications they may make to their product.

Create an outbound connector that uses mx.

  1. Open the Exchange Admin Center (EAC)
  2. Click mail flow 
  3. Click on connectors (on the right pane)
  4. Click on the + sign
  5. in the From : chose  Office 365
  6. TO: chose Partner Organization

  7. Click NEXT
  8. Fill in the Name of the RULE
  9. Add a description (this is very important if you have many connectors) then click NEXT 

  10. Chose Only when I have a transport rule set up that redirects messages to this connector 

  11. Use the MX record associated with the partner’s domain then click NEXT 

  12. Leave the setting by default and click NEXT 

  13. A recap of your configuration will be displayed, then click NEXT
  14. Add an External email address i.e.: click Validate 


Create a mail flow rule that triggers a message type that is created by auto-forward/OOO

Always in the EAC, click the RULES on the top left

  1. Click on the + to create a new RULE
  2. Enter a name for the RULE
  3. Under Apply this rule if… chose The Sender... then  is Internal/External in the pop-up window
  4. A new pop-up will appear and select Outside the Organization
  5. Click Add Condition.
  6. Repeat the same step as above but using The Recipient then is Internal/External.  When the new pop-up window confirms, also choose Outside the Organization.
  7. Under Do the following … chose to Redirect the message to then chose the following connector

  1. In the title pop-up window chose the connector you just created in our example Special outbound connector. You can also mention Spambrella/Proofpoint in the rule if that helps.

  1. Check the box for Stop processing more rules.
  2. SAVE – If the RULE  didn’t work at first, you might need to restart the exchange hub transport service.

If this Rule is not triggering, you may want to change the Priority of this filter to the highest (0).

MSP Email Security Solutions