Question : Relaying Denied errors

Hello, I know there are several questions/answers regarding email relaying denials but none of the proposed solutions seem to fix our specific problem. I apologize in advance for the long question but I want to cover all of the details.

My company recently acquired another company and we have since merged them into our network. Before the merger, the other company was sending out a monthly newsletter to subscribers (about 600 recipients) and everything was working smoothly. They were using an external mail host at that time. After we merged them into our network we added a Windows 2003 Server with Exchange 2003 Enterprise (We’ll call this Server B). We also left our old Windows 2000 server with Exchange 2000 in place as a Front End Exchange server (We’ll call this Server A). After the merger, when they send out this newsletter, they receive about 200 bounce backs with the majority of them having errors similar to the following:


Error 1
     [email protected] on 1/5/2005 4:17 PM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            ... we do not relay >

Error 2
      [email protected] on 1/5/2005 3:33 PM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            < server b.myco.com #5.7.1 smtp;550 5.7.1 < [email protected] >... Relaying denied>

Error 3
      [email protected] on 1/5/2005 3:39 PM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            < server b.myco.com #5.7.1 smtp;550 5.7.1 < [email protected] >... SMTP relay denied, authenticate via POP/IMAP first>


The SMTP error is always either 5.7.1 or 5.5.0

For what its worth, Server A’s SMTP Virtual Server has been disabled. The SMTP VS on Server B is started. I have configured the Relay Restrictions to:

Allow only the list below  =  10.x.x.x (our subnet) / 255.255.255.0
I have also checked the box “Allow all computers which successfully authenticate to relay…”

I have also checked our domain and public IP of our MX record on dnsstuff.com and DNSreports.com. Both came up clean. We are not on any blacklists and our PTR record for reverse DNS seems to be working as well.

I also checked the Hop Count of some of the problem domains and all of the ones I checked are fewer than 20 hops. The Advanced Delivery Options on Server B are set to:

Max 30 Hops
Masquerade Domain is Blank
FQDN is a public FQDN (this was set to an internal FQDN but I changed it thinking it may make a difference)
Smart Host is Blank.

I hope this is enough info. If I missed anything please don’t hesitate to ask. Thanks in advance for your help.

Answer : Relaying Denied errors

Can you see any commonality in the bounce messages--i.e. they are all connected using the same ISP or they are all using similar email server types or same email provider? A stale DNS record or caching issue would be a likely culprit and in that case it would be limited to a common provider.

Everything you posted looks like you have the set-up done correctly. Reverse DNS would be my first thought. The domain you checked in dnsstuff, is it the same domain as is used to send the newsletter? If not, re-run the checks using that domain instead.

Another possibility, although you mentioned that you don't show up in any blacklists, some companies are now blocking email coming from IPs that are considered "dynamically assigned". This doesn't mean that your IP is dynamic, merely that either the reverse DNS or the ISP reports it as in an address block that is designated dynamic or broadband. AOL is one that blocks this way and I have several clients who have statically assigned IPs that are in a block reported byt the ISP as dynamic space. This possibility could be tested by asking your ISP for the address of a smart host you can use (most provide this free of charge) and seeing if that eliminates the bounces.

BTW, great information provided--so many people don't give all the necessary information and you did a great job of outlining the issue:)