Undelivered Mail Returned to Sender

Im getting a lot of of “Undelivered Mail Returned to Sender” tickets being generated from my RT server.

Here is the info:

This is the mail system at host my.rt.server.com

I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

user1@myitdomain.com: host smtp.host.com[IP.ADDRESS] said: 550
5.7.60 SMTP; Client does not have permissions to send as this sender
[BN7PR07MB4644.hosted.email.com] (in reply to end of DATA command)

user2@myitdomain.com: host smtp.host.com[IP.ADDRESS] said:
550 5.7.60 SMTP; Client does not have permissions to send as this sender
[BN7PR07MB4644.hosted.email.com] (in reply to end of DATA command)


Is there something in RT that I need to add to the users to grant them access? Is this an issue with postfix?

Any help is appreciated.

Thanks in advance.

It looks to me as though your mail system requires RT to authenticate to send as a particular user or be on a “white list”, rather than just accepting SMTP traffic from it. Looks like something you’ll need to tweak in your mail transfer agent config rather than RT, or talk to the mail gateway administrator if you don’t admin the MTA yourself.

1 Like

Thanks for the response.

I have postfix setup using sasl to send the secure credentials.

The system sends email fine. It just seems when we get a new ticket in, we are sometimes getting these messages.

I have whitelisted the rt server IP on my hosted email service.

I have two users that are watchers on this queue (user1 and user2 respectively). I wonder if the following line means that the system is trying to send mail as those users?

user1@myitdomain.com: host smtp.host.com[IP.ADDRESS] said: 550
5.7.60 SMTP; Client does not have permissions to send as this sender
[BN7PR07MB4644.hosted.email.com] (in reply to end of DATA command)

user2@myitdomain.com: host smtp.host.com[IP.ADDRESS] said:
550 5.7.60 SMTP; Client does not have permissions to send as this sender
[BN7PR07MB4644.hosted.email.com] (in reply to end of DATA command)

Ive include the full log message below. It mentions DNS. Would a SFP record be in order?

This is the mail system at host my.rt.server.com

I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

user1@myitdomain.com: host smtp.host.com[IP.ADDRESS] said: 550
5.7.60 SMTP; Client does not have permissions to send as this sender
[BN7PR07MB4644.hosted.email.com] (in reply to end of DATA command)

user2@myitdomain.com: host smtp.host.com[IP.ADDRESS] said:
550 5.7.60 SMTP; Client does not have permissions to send as this sender
[BN7PR07MB4644.hosted.email.com] (in reply to end of DATA command)
Download (untitled)

message/delivery-status 849B
Reporting-MTA: dns; my.rt.server.com
X-Postfix-Queue-ID: DF45F3EF65
X-Postfix-Sender: rfc822; support@myitdomain.com
Arrival-Date: Thu, 17 May 2018 22:30:25 +0000 (UTC)

Final-Recipient: rfc822; user1@myitdomain.com
Original-Recipient: rfc822; user1@myitdomain.com
Action: failed
Status: 5.7.60
Remote-MTA: dns; smtp.host.com
Diagnostic-Code: smtp; 550 5.7.60 SMTP; Client does not have permissions to
send as this sender [SN6PR07MB4654.hosted.email.com]

Final-Recipient: rfc822; user2@myitdomain.com
Original-Recipient: rfc822; user2@myitdomain.com
Action: failed
Status: 5.7.60
Remote-MTA: dns; smtp.host.com
Diagnostic-Code: smtp; 550 5.7.60 SMTP; Client does not have permissions to
send as this sender [SN6PR07MB4654.hosted.email.com]

Thanks again.

From the error codes it looks a bit like Microsoft MTAs may be involved in this (not on your RT server necessarily, but downstream at hosted.email.com), so this thread may be of help. Its not so much an RT problem as a mail configuration issue - you might find it easier to debug by hand crafting mail messages on your server and checking what happens, so that you’re not having to fiddle/worry about the RT system config.

Agree with GreenJim. I’m willing to bet you’re using Office365.

Assuming you are using Postfix, to assist with debug, try creating/editing ‘/etc/postfix/header_checks’.

Add the following to the header_checks file: -
/^subject:/ WARN
/^to:/ WARN
/^from:/ WARN
/^Subject:/ WARN
/^To:/ WARN
/^From:/ WARN

You’ll have to make postfix aware of the header checks file in /etc/postfix/main.cf by adding the following line: -
header_checks = regexp:/etc/postfix/header_checks

Restart postfix and look at your mail log. You should see mail envelope details in there when a mail is sent. Hopefully this will let you see what’s going wrong.

If the mail envelope headers mismatch in any way, or from/sender envelopes don’t match the email address actually used by RT to log into Office365, it will return this message.

You say you are only seeing the issue when someone replied to a ticket, which is when RT will try to send comments to your queue watchers.

Perhaps the email is ‘sent from’ your main queue email address, however it’s from/sender envelopes are for the comment address?

As GreenJim alluded to, try writing your own template with hardcoded headers.

For example, make a new template based (on a global one), and add the following text to the start of the template (a blank line is required after it) : -

Subject: {$Ticket->Subject}
From: my-rt@company.com
Sender: my-rt@company.com
Reply-To: my-rt-comment@company.com

The above is obviously just an example - don’t expect randomly changing envelope headers will work. You’ll need to look very carefully at the mail log for the envelope headers when it fails, and try to correct in the template.