I've setup amazon SES to send to external email-addresses with no problem. My domain is verified, DKIM and spf are set and working, but when I try to send an email using SES to my own organisation that is running exchange-2010, I get a bounce with error:
550 5.7.1 Client does not have permissions to send as this sender
First thing I tried was to enable MAIL FROM domain in SES, using this guide: https://slecuona.wordpress.com/2016/04/28/configuring-a-custom-mail-from-on-aws-to-avoid-exchange-error/
This guide also describes my problem very well. But it didn't make any difference.
My hunch is that exchange is blocking it because the mailbox "send-as permission" are set to only NT Authority\Self.
Looking at the microsoft docs: https://learn.microsoft.com/en-us/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019 this seems to be a solution, but it's IP-based, while the solution should be DNS based. Are there other users or groups I can add to user's send-as permissions to solve this, or any other solution?
I think that using dedicated ip's You can achieve that using IP-based solution. Try to get IPs(https://docs.aws.amazon.com/ses/latest/DeveloperGuide/dedicated-ip.html) for sending email and whitelist them in your server. It is fully secure, as this ips belongs only to You, and only You will be able to use them as Your mailing service.