Approvals for distribution lists not working for Office 365 users in Hybrid mode

%3CLINGO-SUB%20id%3D%22lingo-sub-910477%22%20slang%3D%22en-US%22%3EApprovals%20for%20distribution%20lists%20not%20working%20for%20Office%20365%20users%20in%20Hybrid%20mode%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-910477%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20use%20dynamic%20distribution%20lists%20on-prem.%20After%20activating%20Hybrid%20mode%2C%20we%20have%20created%20contacts%20for%20these%20in%20Exchange%20Online%20and%20they%20work%20just%20fine%20now%20for%20Office%20365%20users.%20However%2C%20there%20are%20a%20few%20DLs%20which%20are%20moderated.%20Therefore%20we%20have%20enabled%20TNEF%20on%20both%20sides%2C%20created%20contacts%20for%20the%20System%20and%20Approval%20Assistant%20mailboxes%20in%20Exchange%20Online%20and%20set%20RequireSenderAuthenticationEnabled%20%3D%20%24true%20for%20those%20two%20mailboxes%20as%20well.%20But%20we%20still%20cannot%20get%20approval%20to%20work%2C%20answer%20mails%20bounce%20for%20Office%20365%20with%20the%20following%20NDR%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EDelivery%20has%20failed%20to%20these%20recipients%20or%20groups%3A%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3ESystemMailbox%20(SystemMailbox%7Bbb558c35-97f1-4cb9-8ff7-xxxxxxxxxxx%7D%40ourdomain.com)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EYour%20message%20wasn't%20delivered%20due%20to%20a%20permission%20or%20security%20issue.%20It%20may%20have%20been%20rejected%20by%20a%20moderator%2C%20the%20address%20may%20only%20accept%20email%20from%20certain%20senders%2C%20or%20another%20restriction%20may%20be%20preventing%20delivery.%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EThe%20following%20organization%20rejected%20your%20message%3A%20exchangeserver.ourdomain.com.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20else%20do%20I%20need%20to%20set%20to%20make%20this%20work%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-910477%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2013%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

We use dynamic distribution lists on-prem. After activating Hybrid mode, we have created contacts for these in Exchange Online and they work just fine now for Office 365 users. However, there are a few DLs which are moderated. Therefore we have enabled TNEF on both sides, created contacts for the System and Approval Assistant mailboxes in Exchange Online and set RequireSenderAuthenticationEnabled = $true for those two mailboxes as well. But we still cannot get approval to work, answer mails bounce for Office 365 with the following NDR:

 

Delivery has failed to these recipients or groups:
SystemMailbox (SystemMailbox{bb558c35-97f1-4cb9-8ff7-xxxxxxxxxxx}@ourdomain.com)
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
The following organization rejected your message: exchangeserver.ourdomain.com.

 

What else do I need to set to make this work?

0 Replies