'554 5.7.1 : Recipient address rejected: NO-DOMAIN' error message -Hosted Email Security 3.0

"554 5.7.1 : Recipient address rejected: NO-DOMAIN" error shows when Google Drive sends notification e-mail in Hosted Email Security (HES)

- Updated:
- 30 Jul 2020
- Product/Version:
- Hosted Email Security 3.0
- Platform:
- N/A N/A

Summary

When you set up your HES Outbound Filtering, the recipients will not be able to receive the notification e-mail to their gmail account once a file is shared.

This happens when the "message from:" is drive-shares-noreply@google.com and the "envelope from:" is *@doclist.bounces.google.com since Mail forwarding to an external address will not work when an outbound mail was scanned by HES as stated in KB 1054008.

You will get the following bounced message from G Suite E-mail log Search:

Bounced
Google tried to deliver your message, but it was rejected by the server for the recipient domain <a href="http://relay.hes.trendmicro.com" target="_blank">relay.hes.trendmicro.com</a> [54.219.191.109]. The error that the other server returned was: 554 5.7.1 : Recipient address rejected: NO-DOMAIN.

Details

Since safelisting of the sender drive-shares-noreply@google.com is a potential risk to other HES users, it is not possible to allow the sender domain from: *@doclist.bounces.google.com to HES relay service.

Creating a custom compliance template from G Suite for this type of google drive notification will resolve the issue of the bounced messages and able to receive the notification e-mail, to do this:

On Your Google Admin console (at admin.google.com), go to Apps > G Suite > G-mail > Advanced Settings.
Scroll to the Content compliance setting in the Compliance section, hover over the setting then click Configure. If the setting is already configured, hover over the setting then click Edit or Add another.
For each new setting, enter a unique description then modify the following:
1. Under Email messages to affect, select the following:
  - Outbound
  - Internal - Sending
  Click image to enlarge
2. Add expressions that describe the content you want to search for in each message:
  - Select If ANY of the following match the message.
  - Under Expressions select Advanced Content Match.
  - Under Location select Sender header.
  - Match type select contains text then type drive-shares-noreply@google.com
  - Click Save.
  Click image to enlarge
If the above expressions match, do the following:
- Select Modify message.
- Under Route, tick the Change Route checkbox then select Normal Routing.
Click image to enlarge

Save all the changes.

Rating:

Category:

Configure; Troubleshoot

Solution Id:

1118864

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

Need More Help?

"554 5.7.1 : Recipient address rejected: NO-DOMAIN" error shows when Google Drive sends notification e-mail in Hosted Email Security (HES)