I have a successful and working 365 install (it's just family, but we're an Enterprise tenant because we have multiple domains.) Everything is working fine and I've recently been reviewing and tightening SPF/DKIM/DMARC practices and routing. (E.g. now the homelab systems all email via 365 SMTP so they get DKIM signatures.)
Today's question: User-me has a Gmail address; this Gmail address is forwarded using Gmail forwarding to end up at my canonical email address on 365. (Let's call these [email protected] and [email protected].)
I'd like to be able to use the Outlook or OWA clients (signed in as [email protected]) to send From [email protected], and have the outgoing email go via Google's email servers (thus getting the expected DKIM, etc.).
Based on some thinking and this Reddit thread I think I should be able to set up an outgoing connector that routes to aspmx.l.google.com and a transport rule that sends to the connector only when the From address is [email protected].
Creating the connector and the rule seems to work, but send attempts with [email protected] as the From address get rejected by Exchange, apparently before ever hitting the rule and the connector:
ROP Associated: ropTransportSend (74)
Microsoft.Exchange.Data.Storage.SendAsDeniedException: Can't send message.
---> Microsoft.Mapi.MapiExceptionSendAsDenied: MapiExceptionSendAsDenied: Unable to send message. (hr=0x80070005, ec=1244)
Do I need to add [email protected] as a permitted SendAs to the truefoo user, or to the [email protected] mailbox... somehow? Can I do it within EAC? Or do I have the wrong end of the stick entirely?