Setting up an internal relay from one exchange forest to another. E-mail is flowing fine from a to b and going to the correct mailbox. The problem lies in sending from the mailbox in domain b with domain a address on it. Domain B uses Office 365 SPAM filter and when a message is sent out from domain A from Domain B it blocks it. We added domain A to the domain list on 365 and it seemed to fix it. Then after a few hours anyone sending to domain A from domain B were getting bounce backs (error below) : I'm guessing it is as simple as not setting the SPF record correctly to allow mail from domain a to be allowed to originate from domain b? Once I migrate all users from Domain a to b I will redirect the MX record to point to office 365 but I want to keep it where it is for now. Anyone have any experience with this?

cas1.domainb.com #<cas1.domainb.com #5.7.1 smtp;550 5.7.1 Unable to relay> #SMTP#
Original message headers:
Received: from sever.protection.gbl (xxx.xxx.xxx.31) by
BN1BFFO11HUB039.protection.gbl (xxx.xxx.xxx.186) with Microsoft SMTP Server
(TLS) id xxx.xxx.xxx.14; Tue, 19 May 2015 01:42:55 +0000
Authentication-Results: spf=permerror (sender IP is xxx.xxx.xxx.17)
smtp.mailfrom=domainb.com; domaina.com; dkim=none (message not signed)
header.d=none;
Received-SPF: PermError (protection.outlook.com: domain of domainb.com used an
invalid SPF mechanism)

Hi,

According to you post, I understand that you want to migrate forest A to Forest B with internal relay, Forest B send message to Forest A cannot work with error 5.7.1 smtp;550 5.7.1 Unable to relay, however it works Forest A to Forest B.
If I misunderstand your concern, please do not hesitate to let me know.

Please ensure both sides have this shared SMTP address space defined in the accepted domains. The address space needs to be listed as an Internal Relay, same as send connector. Please run below command:
Get-AcceptDomain | FL  (the DomainType is InternalRelay)
Get-SendConnector | FL (the connector type is Internal usage)

Because SPF record is used by destination email systems, SPF records validate the origin of email messages by verifying the IP address of the sender against the alleged owner of the sending domain. We need to ensure SPF record for Forest B is valid.
If the issue persists, we can check the protocol log to get more detailed information.

Thanks

Once I got the SPF record in place everything started working. I knew it needed to be done, but I didn't think outgoing mail would be blocked. Makes sense though.