Outbound messages returned - 550 Administrative prohibition - envelope blocked
These are order confirmations that our ordering system is sending out to customers (external email addresses) using the customers' email address in both the from and to fields. Thus they are outbound from external domains and spoofed, and mimecast is blocking them. How do I change this to allow these emails?
EMPLOYEEI’m confident1Hello Patrick,
The rule that is causing these messages to be blocked is one that gets put in place during your connection process with Mimecast to ensure that only approved relay messages are delivered and to prevent your network transmitting spoofed messages.
It is very simple to adjust the rule to adjust this behavior by going to "Secure Messaging Gateway" then "Policies" then "Blocked Senders".
In here you will see a rule that says "From External to External BLOCK"
There will also be an accompanying rule that says "From [Permitted Relay] to External ALLOW"
The Permitted relay is a group name and can vary from customer to customer.
Entering the name of the senders into the [Permitted Relay] group will allow them to be bypassed, but it sounds to me that that is going to be too large an admin task.
If the messages from this ordering system are being delivered to Mimecast from a unique IP address, you can create a rule that says "From External to External ALLOW if IP=xxx.xxx.xxx.xxx/32"
This is more specific than the default rule and will thus apply.
In truth you should look at your ordering system and see if you can stop the spoofing behavior as it is not best practice to send pretending to be someone else and your messages may have a much lower true delivery rate than you would like as many systems will not accept mail from addresses purporting to be internal unless there is a special rule set up to explicitly allow it for you.
I hope this has answered your question, please feel free to respond on this forum if you have any further queries about this or would like to discuss it further!
We are having a similar issue, but reversed. External emails to us from a listserv/relay are getting the 550 administration prohibition envelope blocked. Would I need to add a new policy that says "From [External] to [Internal] Take no action" with the source ip addresses defined?
EMPLOYEEI’m happy0Hello TFowler.
I think you need to provide a bit more detail.
"Would I need to add a new policy that says "From [External] to [Internal] Take no action" with the source ip addresses defined?"
"550 Administrative Prohibition - Envelope Blocked" means that there is a policy specifically blocking a mail.
When it is mail from outside to your users, this is usually because the listserv is sending mail as "email@example.com" where domain.com is your internal domain.
This is the same pattern as spoof attacks, so blocking this would be perfectly acceptable and usually recommended.
If you trust the sender, you can create a rule "from Internal to internal from IP address/range"
If your question is correct and you are blocking from External to Internal, then you need to identify exactly which rule is blocking them and why, BEFORE you start creating bypasses...