We had a customer complaining about a commonly seen error of the following type:
550 Please turn on SMTP Authentication in your mail client. mail-pf0-f172.google.com [220.127.116.11]:38632 is not permitted to relay through this server without authentication.
Diagnostic-Code: smtp; 550-Please turn on SMTP Authentication in your mail client. 550-mail-pf0-f172.google.com [18.104.22.168]:38632 is not permitted to relay 550 through this server without authentication.
reason: 550-Please turn on SMTP Authentication in your mail client.
550-mout.kundenserver.de [22.214.171.124]:49392 is not permitted to relay
550 through this server without authentication.
They were all basically the same error. This is a common error and the solution is pretty simple as it looks like. Enabling ‘SMTP Authentication’ on the outlook or the mail client should solve the problem. But interestingly, the client was smart and he wasn’t doing any mistake with ‘SMTP authentication’. The error was actually showing up when someone was trying to send the mail to him (As a receiver SMTP). We then tried digging the error further.
There is something we need to remember. SMTP is not only authenticated using username and password, it also goes through a dns authentication check too. If your dkim/domainkeys/spf/dmarc do not match as the mail server has advised, the mail will get denied with the same type of error (Error code 550). We then realized the customer account was transfered earlier from a different server and the old domainkeys were still there in it’s DNS zone file. As domainkeys are RSA keys generated per server, it is important to regenerate the keys after the server change. Otherwise, the old key check through the DNS can trigger the 550 error from the receiver relay. We had deleted and generated a new domainkeys for the customer and the error went off.