Password recovery fails with error "550 5.7.1 Unable to relay for <email>" in "SecurityNotifyTask-0.log"

A forgotten password needs to be recovered using the option "Forgot your password ?" on the Symantec Endpoint Protection Manager (SEPM) console logon screen.

The username for the password recovery and SEPM domain are typed correctly.

After enabling Apache Tomcat debugging for SEPM Server with the parameter described in TECH230072, the debug log titled, "SecurityNotifyTask-0.log" shows the following error after SEPM sends the email for password recovery:

<email> 22/03/2018 01:11 PM

550 5.7.1 Unable to relay for <email>

The Exchange server does not forward your password reset link from the SEPM's built-in SMTP server to the expected user.

Allow relaying of email from SEPM server on the Exchange Server. 

To achieve this, you need to use an Exchange System Manager. You can allow a computer hosting SEPM to relay email via Exchange Server using the options described in following articles:

https://support.microsoft.com/en-ie/help/324958/how-to-block-open-smtp-relaying-and-clean-up-exchange-server-smtp-queu

https://technet.microsoft.com/en-us/library/dd277329.aspx

Please note that options may vary depending on the Exchange System Manager versions. For more details please ask the Exchange System Manager manufacturer.