We use Freshbooks to do some invoicing, and they send the invoices from email@example.com, with a Reply-To and Return-Path of one of our local addresses. The Freshbooks include is in our SPF record. For years, this worked just fine. However, after recent migration and upgrade, Freshbooks now gets a 550 Authentication required for relay error on invoices that need to be delivered on our server. (Invoices to external addresses are received fine.) Does the authentication look at the Reply-To and/or Return-Path?
We don't even see any connection attempts in the logs, which are set to detailed. Freshbooks just sends the 550 bounces to the Reply-To address.