Relay Access Denied 5.7.64 Tenant Attribution

%3CLINGO-SUB%20id%3D%22lingo-sub-250681%22%20slang%3D%22en-US%22%3ERelay%20Access%20Denied%205.7.64%20Tenant%20Attribution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-250681%22%20slang%3D%22en-US%22%3E%3CP%3EWe%E2%80%99ve%20run%20into%20a%20problem%20were%20we%20are%20unable%20to%20set%20up%20an%20email%20relay%20within%20our%20network%20that%20will%20relay%20to%20Office%20365%20and%20then%20out%20from%20there.%20We%E2%80%99ve%20been%20through%20article%20after%20article%20found%20through%20Google%20but%20none%20have%20resolved.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20problem%20is%20that%20when%20relaying%20to%20an%20address%20outside%20our%20domain%2C%20we%20receive%20an%20error%20message%20stating%3A%3C%2FP%3E%3CP%3E%22Mailbox%20unavailable.%20The%20server%20response%20was%3A%205.7.64%20TenantAttribution%3B%20Relay%20Access%20Denied%20%5BCO1NAM04FT026.eop-NAM04.prod.protection.outlook.com%5D%22%3C%2FP%3E%3CP%3EThe%20original%20host%20name%20we%20connect%20to%20is%26nbsp%3B%20%5Bdomain%5D.mail.protection.outlook.com%20where%20%5Bdomain%5D%20is%20the%20specific%20host%20assigned%26nbsp%3Bto%20us.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20error%20is%20occurring%20when%20attempting%20to%20relay%20mail%20through%20the%20server%20from%20C%23.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECode%20looks%20as%20follows%3A%3C%2FP%3E%3CP%3Evar%20hostName%20%3D%20ConfigurationSettings.AppSettings%5BmailServerKey%5D%3B%3C%2FP%3E%3CP%3Eusing%20(SmtpClient%20client%20%3D%20new%20SmtpClient(hostName))%3C%2FP%3E%3CP%3E%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2F%2F%26nbsp%3B%20Have%20also%20tried%20without%20credentials%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20client.Credentials%20%3D%20new%20System.Net.NetworkCredential(%22MailAddress%22%2C%20%22Password%22)%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20client.Port%20%3D%2025%3B%26nbsp%3B%26nbsp%3B%20%2F%2F%20Have%20also%20used%20587%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20client.EnableSsl%20%3D%20false%3B%26nbsp%3B%26nbsp%3B%20%2F%2F%20Have%20used%20true%20with%20port%20587%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20for%20(int%20i%20%3D%200%3B%20i%20%26lt%3B%20mailArray.Count%3B%20i%2B%2B)%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20try%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%2F%2FRetrieve%20the%20MailMessage%20object%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20MailMessage%20mail%20%3D%20(MailMessage)mailArray%5Bi%5D%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20client.Send(mail)%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20catch%20(System.Exception%20e)%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20LogError(e)%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FP%3E%3CP%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20suggestions%20for%20a%20next%20step%20to%20take%20would%20be%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EJim%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-250681%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%20Email%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-250879%22%20slang%3D%22en-US%22%3ERe%3A%20Relay%20Access%20Denied%205.7.64%20Tenant%20Attribution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-250879%22%20slang%3D%22en-US%22%3EThanks%20Adam%2C%20I'll%20give%20your%20suggestions%20a%20try%20and%20let%20you%20know%20how%20it%20goes.%3CBR%20%2F%3E-%20Jim%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-250835%22%20slang%3D%22en-US%22%3ERe%3A%20Relay%20Access%20Denied%205.7.64%20Tenant%20Attribution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-250835%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F189144%22%20target%3D%22_blank%22%3E%40Jim%20Owen%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20I%20can%20help%20you%20out%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20short%2C%20you%20need%20to%20make%20sure%20you%20have%20a%20TLS%20connector%20configured%20for%20the%20server%20that%20is%20running%20CSharp%2C%20assuming%20that%20the%20IP%20is%20a%20dedicated%20IP.%20The%20error%20you%20are%20getting%20normally%20is%20related%20to%20the%20fact%20that%20you%20have%20a%20connector%20configured%20by%20either%20the%20cert%20of%20the%20IP%20do%20not%20match.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4051495%2F550-5-7-64-tenantattribution-relay-access-denied-smtp-error-when-users%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4051495%2F550-5-7-64-tenantattribution-relay-access-denied-smtp-error-when-users%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20does%20not%20like%20relaying%20through%20their%20clouud%2Fexchange%20online%20as%20a%20whole.%20They%20do%20however%20make%20an%20exception%20for%20when%20you%20are%20sending%20from%20a%20known%20trusted%20device%2C%20hence%20why%20a%20connector%20is%20needed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20if%20you%20do%20not%20have%20one%20setup%20a%20TLS%20connector%20to%20that%20server.%20If%20you%20do%2C%20check%20the%20cert%20and%20IP%20to%20be%20sure%20they%20are%20up%20to%20date%20and%20correct%20in%20your%20connector.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat%20should%20solve%20the%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdam%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We’ve run into a problem were we are unable to set up an email relay within our network that will relay to Office 365 and then out from there. We’ve been through article after article found through Google but none have resolved.

 

The problem is that when relaying to an address outside our domain, we receive an error message stating:

"Mailbox unavailable. The server response was: 5.7.64 TenantAttribution; Relay Access Denied [CO1NAM04FT026.eop-NAM04.prod.protection.outlook.com]"

The original host name we connect to is  [domain].mail.protection.outlook.com where [domain] is the specific host assigned to us.

 

This error is occurring when attempting to relay mail through the server from C#.

 

Code looks as follows:

var hostName = ConfigurationSettings.AppSettings[mailServerKey];

using (SmtpClient client = new SmtpClient(hostName))

{

    //  Have also tried without credentials

    client.Credentials = new System.Net.NetworkCredential("MailAddress", "Password");

    client.Port = 25;   // Have also used 587

    client.EnableSsl = false;   // Have used true with port 587

    for (int i = 0; i < mailArray.Count; i++)

    {

        try

        {

            //Retrieve the MailMessage object

            MailMessage mail = (MailMessage)mailArray[i];

            client.Send(mail);

        }

        catch (System.Exception e)

        {

            LogError(e);

        }

    }

}

 

Any suggestions for a next step to take would be appreciated.

 

Thanks,

Jim

2 Replies
Highlighted

Hello @Jim Owen,

 

I hope I can help you out here.

 

In short, you need to make sure you have a TLS connector configured for the server that is running CSharp, assuming that the IP is a dedicated IP. The error you are getting normally is related to the fact that you have a connector configured by either the cert of the IP do not match.

 

https://support.microsoft.com/en-us/help/4051495/550-5-7-64-tenantattribution-relay-access-denied-sm...

 

Microsoft does not like relaying through their clouud/exchange online as a whole. They do however make an exception for when you are sending from a known trusted device, hence why a connector is needed.

 

So if you do not have one setup a TLS connector to that server. If you do, check the cert and IP to be sure they are up to date and correct in your connector.

 

That should solve the issue.

 

Adam

Highlighted
Thanks Adam, I'll give your suggestions a try and let you know how it goes.
- Jim