We use an e-shot mailer called swiftpage to send out newsletters to customers and internal employees. Swiftpage sends on our behalf so mail doesn't come from our server. SPF records are set up for their IPs. E-Mails are sent on my balf from my e-mail address so customers can reply and it comes to me.
Problem is when we get an e-shot to an internal (From: email@example.com, To: employee<_at_>my-domain.com) I get a "Undelivered Mail" mail back to me with the error
<employee<_at_>my-domain.com : host blah blah said:
550 5.7.1 Authentication Required (in reply to end of DATA command)
In the Kerio security logs I see:
[08/Jun/2016 17:37:43] SMTP: Message from IP address 184.108.40.206 was rejected because of missing authentication for local domain sender <me<_at_>my-domain.com>.
I have added security -> sender policy to "Never reject from IPs" with the swiftpage IPs. I'm not sure what else I need to do to allow swiftpage to send to my own domain but using my address as the from address.