Microsoft
Software
Hardware
Network
Question : Relaying Denied errors
Hello, I know there are several questions/answers regarding email relaying denials but none of the proposed solutions seem to fix our specific problem. I apologize in advance for the long question but I want to cover all of the details.
My company recently acquired another company and we have since merged them into our network. Before the merger, the other company was sending out a monthly newsletter to subscribers (about 600 recipients) and everything was working smoothly. They were using an external mail host at that time. After we merged them into our network we added a Windows 2003 Server with Exchange 2003 Enterprise (Well call this Server B). We also left our old Windows 2000 server with Exchange 2000 in place as a Front End Exchange server (Well call this Server A). After the merger, when they send out this newsletter, they receive about 200 bounce backs with the majority of them having errors similar to the following:
Error 1
[email protected]
on 1/5/2005 4:17 PM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
... we do not relay
>
Error 2
[email protected]
on 1/5/2005 3:33 PM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
< server b.myco.com #5.7.1 smtp;550 5.7.1 <
[email protected]
>... Relaying denied>
Error 3
[email protected]
on 1/5/2005 3:39 PM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
< server b.myco.com #5.7.1 smtp;550 5.7.1 <
[email protected]
>... SMTP relay denied, authenticate via POP/IMAP first>
The SMTP error is always either 5.7.1 or 5.5.0
For what its worth, Server As SMTP Virtual Server has been disabled. The SMTP VS on Server B is started. I have configured the Relay Restrictions to:
Allow only the list below = 10.x.x.x (our subnet) / 255.255.255.0
I have also checked the box Allow all computers which successfully authenticate to relay
I have also checked our domain and public IP of our MX record on dnsstuff.com and DNSreports.com. Both came up clean. We are not on any blacklists and our PTR record for reverse DNS seems to be working as well.
I also checked the Hop Count of some of the problem domains and all of the ones I checked are fewer than 20 hops. The Advanced Delivery Options on Server B are set to:
Max 30 Hops
Masquerade Domain is Blank
FQDN is a public FQDN (this was set to an internal FQDN but I changed it thinking it may make a difference)
Smart Host is Blank.
I hope this is enough info. If I missed anything please dont hesitate to ask. Thanks in advance for your help.
Answer : Relaying Denied errors
Can you see any commonality in the bounce messages--i.e. they are all connected using the same ISP or they are all using similar email server types or same email provider? A stale DNS record or caching issue would be a likely culprit and in that case it would be limited to a common provider.
Everything you posted looks like you have the set-up done correctly. Reverse DNS would be my first thought. The domain you checked in dnsstuff, is it the same domain as is used to send the newsletter? If not, re-run the checks using that domain instead.
Another possibility, although you mentioned that you don't show up in any blacklists, some companies are now blocking email coming from IPs that are considered "dynamically assigned". This doesn't mean that your IP is dynamic, merely that either the reverse DNS or the ISP reports it as in an address block that is designated dynamic or broadband. AOL is one that blocks this way and I have several clients who have statically assigned IPs that are in a block reported byt the ISP as dynamic space. This possibility could be tested by asking your ISP for the address of a smart host you can use (most provide this free of charge) and seeing if that eliminates the bounces.
BTW, great information provided--so many people don't give all the necessary information and you did a great job of outlining the issue:)
Random Solutions
Download excel files from internet
Delegate ability to add computers to domain but not delete
Sort by only last digit in a column in excel
bad_pool_caller error when loading os
how to open a port on cisco 1700
Administrator account locked out every five minutes
Mac OSX + launchd and apache
Exchange 5.5 - How to setup a smarthost to provide Pop3 access, without mailboxes
Create unattended installation of Office 2003 Sp2,Winxp sp2,Win 2003 sp1 and sp2
Need help migrating to Access 2007 from 2003