Office 365 Public Folder Problems
When trying to migrate mail enabled Public Folders into Office 365 you may find that external senders get an NDR returned of the format:
Remote Server returned '550 5.4.1 [firstname.lastname@example.org]: Recipient address rejected: Access denied'
The resolution to this problem still seems to be undocumented at the time of writing.
How do I fix this?
This issue seems to have been brought about by recent changes to the way Public Folders are implemented and as yet the solution hasn't made it into Microsoft articles. If you need to allow external senders to email a Public Folder there are a few steps you need to go through. Importantly you need to mail enable the folder and then allow anonymous users to create items in the folder. To do this connect to your Office 365 account from Powershell - instructions here:
Then use the following commands to apply the necessary changes, using the relevant folder names:
Enable-MailPublicFolder -Identity "\ExampleFolder"
Add-PublicFolderClientPermission "\ExampleFolder" -AccessRights CreateItems -
You can also set the primary SMTP address using this command:
Set-MailPublicFolder -Identity "\ExampleFolder" -PrimarySmtpAddress
However the above information is easily found with a quick web search and still does not fix the problem! The secret is to change your primary domain type in Office 365 from Authoritative to Internal Relay, if you don't do this Office 365 bounces the message before it even checks whether a valid Public Folder address exists.
To do this login to the Office 365 web interface as an administrator and launch Exchange Admin Centre. Under Mail Flow select Accepted Domains and use the radio buttons to change the domain type.
You will get a warning about connectors, it is safe to dismiss this if you're only making this change to mail enable your Public Folders.
You should now find that mail will be successfully delivered.