"Please turn on SMTP Authentication in your mail client, or login to the IMAP/POP3 server before sending your message. mail.domain.com [*.*.*.*]:32568 is not permitted to relay through this server without authentication."
This happens to some exchange users and some automated emails that go through a relay connector.
Most emails do not bounce.
When sending test emails from the failing accounts to mailtest@unlocktheinbox.com to check authentication, it replies that. SPF, Sender ID Check, Domain Keys, DKIM, DMARC and ADSP all pass.
User connection is via Exchange mode.
Automated emails are via SMTP relay which is setup using a seperate local IP address to receive mail from a list of the servers that are allowed to send through the connector. Authentication is set to TLS, Externally secured. Permission group is set to Exchange servers.