Hello all: We have a need to use an external web site that manages a time share arrangement. The site sends out emails whenever someone makes a change to the schedule. The site wants to make the email look like it is coming from our internal user's email address. The problem is that Exchange 2010 thinks this is a spoofed email and blocks it, sending a copy to the admin (me). Then I have to go in and manually forward these messages. I tried using the Set-SenderIDConfig command as followsfor the true sender but it did not seem to work: Set-SenderIDConfig -BypassedSenderDomains reservations@acme.com Set-SenderIDConfig -BypassedSenderDomains app.server.externalisp.com A representative message that I receive is as follows (names and addresses changed): Delivery has failed to these recipients or groups: user@ourdomain.com A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk. The following organization rejected your message: mail.ourdomain.com. Diagnostic information for administrators: Generating server: app.server.externalisp.com user@ourdomain.com mail.ourdomain.com #<mail.ourdomain.com #5.0.0 smtp; 550 rejecting spoofed message> #SMTP# Original message headers: Received: by app.server.externalisp.com (Postfix, from userid 48) id DDWWEED163; Thu, 28 Jul 2011 09:28:59 -0500 (CDT) Reply-To: <user@ourdomain.com> To: <somebody@gmail.com> From: Acme Reservation System <reservations@acme.com> Subject: Acme Reservation System - Updated User Record CC: <user@ourdomain.com> X-Mailer: Acme Mail Generator X-Originator-IP: 168.192.11.54 Message-ID: <314159@app.server.externalisp.com> Date: Thu, 28 Jul 2011 09:28:59 -0500 MIME-Version: 1.0 Content-Type: text/plain Can someone tell me what I'm doing wrong? Regards,

Are you sure this is Exchange throwing the error? Sounds like a 3rd party program or server. I also see postfix in your NDR. As you can see, this is what actually happens when a message is spoofed (and senderID is enforced): 220 exchange.demolab.local Microsoft ESMTP MAIL Service ready at Thu, 28 Jul 2 011 17:42:27 -0400 ehlo 250-Exchange-A.demolab.local Hello [::1] 250-SIZE 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-X-ANONYMOUSTLS 250-AUTH NTLM LOGIN 250-X-EXPS GSSAPI NTLM 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250-XEXCH50 250-XRDST 250 XSHADOW mail from:mikecrowley@mikecrowley.us 250 2.1.0 Sender OK rcpt to:mikecrowley@mikecrowley.us 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> hello! . 550 5.7.1 Sender ID (PRA) Not Permitted Mike Crowley | MVP My Blog -- Planet Technologies

To answer your question: you'd create a special receive connector for the web site with "externally secured" as the authentication mechanism. This bypasses anti-spam and other checks. As you can see, I’ve spoofed my address again, but this time it works: 220 web-site Microsoft ESMTP MAIL Service ready at Thu, 28 Jul 2011 17:57:19 -0400 ehlo 250-web-site-connector Hello [10.123.123.6] 250-SIZE 10485760 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-AUTH 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250-XEXCH50 250 XSHADOW mail from:mikecrowley@mikecrowley.us 250 2.1.0 Sender OK rcpt to:mikecrowley@mikecrowley.us 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> Hello again! . 250 2.6.0 <0b43e3e4-75d1-4a73-b02c-129625536f83@EXCHANGE-A.demolab.local> [Inter nalId=1] Queued mail for delivery Sample commands to create the connector: new-ReceiveConnector -Name 'Web Site Submissions' -Usage 'Custom' -Bindings '0.0.0.0:25' -RemoteIPRanges '<web site’s IP>' -Server '<your server>' Set-ReceiveConnector -AuthMechanism 'Tls, ExternalAuthoritative' -PermissionGroups 'AnonymousUsers, ExchangeServers' -Identity 'Your server>\Web Site Submissions' Mike Crowley | MVP My Blog -- Planet Technologies

Much thanks Mike, I'll give it a try.

How did this work out? Mike Crowley | MVP My Blog -- Planet Technologies