Emails are being rejected by the DLP Cloud Service with 550 "Relay Access Denied"
search cancel

Emails are being rejected by the DLP Cloud Service with 550 "Relay Access Denied"


Article ID: 211845


Updated On:


Data Loss Prevention Cloud Service for Email


You have a newly configured setup for DLP Cloud Service for Email, which is integrated with O365, in Reflecting mode:

Email Client => O365 => DLP Cloud Service for Email => O365

However, emails are being rejected with 550 "Relay Access Denied" errors, and the errors seem to come from DLP.


The error may state one of the following:

"550 5.7.64 TenantAttribution; Relay Access Denied"

It's possibly due to the configuration of the Connectors.


Check the configuration of both the "Outbound to DLP" and "Inbound from DLP" Connectors in O365 Admin Portal.

The DLP documentation for the Cloud Service for Email implementation suggests that these connectors should be configured as the following types in O365:

Connector Purpose DLP Documentation description of "Type"  Microsoft Powershell setting for type Setting with regard to Microsoft Hybrid Configuration
Outbound to DLP Cloud Service "from Office 365 and to Partner organization" Partner "CloudServicesMailEnabled" is "false"
Inbound from DLP Cloud Service (reflecting back to O365) "Your organization's email server and to Office 365" OnPremises "CloudServicesMailEnabled" is "true"


Note that the Inbound Connector should NOT be "Partner" but the Outbound one should be.

If the Inbound Connector is not set as "Your organization's email service" but was configured as a "Partner" instead this could be the problem.

Set the Inbound Connector to "Your organization's email service" and wait for the changes to cascade throughout the hosted email services (~30 minutes), then retest.


Additional Information

For more information about the settings in the last column of the table above, see this Microsoft doc defining the configuration parameters for Connectors in Exchange Online:

New-OutboundConnector (ExchangePowerShell) | Microsoft Docs