5.7.57 Client not authenticated to send mail. Google to O365

Question

I have an issue with mail delivery

We have a split domain where we have users in O365 and mailboxes in Google. Both sides are set to route through O365.

O365 mailboxes work as expected and can send and receive emails, Google mailbox can receive emails and send externally.

The issue is when they try to send an email to a user in the same domain (internally). I always get...

5.7.57 Client not authenticated to send mail.

I know this is because the message routes through to O365 to deliver but it see it as an internal domain and rejects it but I don't know what setting I have missed. I have read many article and tried lots of different settings in the antispam policies but I don't think it is getting that far as the messages seems to say it is when it starts the delivery. I have also checked and updated SPF to include both O365 and Google and updated DMARC but nothing seems to be working

Any suggestion

TIA Andy

Answer 1

To address this issue please verify the Connector Between O365 and Google and ensure that a connector exists and is correctly configured in O365 to accept mail from Google's servers.

Please follow the below steps.

1. Configure or edit an existing connector. Go to the Exchange Admin Center in O365 > Mail flow > Connectors, create or edit a connector.

2. Set internal relay. Navigate to Exchange Admin Center > Mail flow > Accepted domains and edit the domain in question. Please set it to Internal Relay instead of Authoritative. This ensures that O365 will forward emails it cannot deliver internally to the Google Workspace users.

3. Configure and double-check SPF, DKIM, and DMARC Alignment While you've updated SPF and DMARC, please double-check once.

SPF should include the IP ranges for both O365 and Google.

For an example,

v=spf1 include:spf.protection.outlook.com include:_spf.google.com -all

DKIM must be configured for both O365 and Google.

Please ensure your DMARC policy allows flexibility during this troubleshooting phase (e.g., p=none).

4. Review SMTP Authentication for Google Workspace Ensure that Google is authenticating correctly when sending through O365.

In Google Admin Console, confirm that outgoing mail routes are properly set to send via O365.

5. Bypass Sender Authentication for Internal Emails You may configure an exception for emails from Google Workspace servers to avoid authentication issues.

Answer 2

Error code 5.7.57 in a non-delivery report (also known as an NDR, bounce message, delivery status notification, or DSN). This bounce message indicates a problem in the configuration of the connecting application or device.

Some things you could check:

• Triple-check the email/password.

• Change password - it could be that the password is "corrupted" or "prematurely expired".

• Turn on SMTP for the sending email account.

• Multi-Factor Authentication is turned "OFF" for the sending email account.

Things to try:

• Use the Microsoft 365 admin center to enable or disable SMTP AUTH on specific mailboxes.

• A DMARC reporting service is very helpful for identifying email sources and SPF failures for the domain. Ensure you are properly setting up SPF and DMARC.

• You may try to enable network tracing. Review Network Tracing in the .NET Framework to see if it gives any additional information.

Troubleshooting & workarounds shared by the community members and external support:

• 5.7.57 SMTP - Client was not authenticated - some answers are dated but could still be applicable.

• SMTP Authentication Failure - 5.7.57