Here is my scenario:
Architecture: on-premise to external mail is being routed from our internal MB/HT, through an Edge Transport server (in DMZ), out to Proofpoint (external mail filtering service) then on to the external mailbox (hotmail, gmail, etc.).
Problem: I need to re-route this flow so after messages are sent from MB/HT and on to the Edge, they are then routed through Office 365 and on to the external mailbox. The problem is, I'm getting a "550 5.7.1 Unable to relay" when the message hits
the Edge Transport server. These messages are unauthenticated and using a sending domain that is not registered in our Office 365 tenant (i.e. @NoReply.com, @RandomDomain.com, etc.)
The easy answer is to change the sending address to use sending domains which are registered in our Office 365 tenant, but we're talking about several hundred application servers sending these emails.
The certificate on the Office 365 inbound connector matches the certificate being used to send from the Edge, so I'm really not sure what else to do. I have a feeling a custom connector needs to be created on the Edge server to allow for for these unauthenticated
messages, but I don't know enough about creating connectors programatically.
My issue is exactly what appears in Important notice for Office 365 email customers who have configured connectors, and I have already configured an inbound connector in Exchange Online using a certificate.
Any help is much appreciated.