Question

PERM_FAILURE: SMTP Error (state 9): 550 5.7.1 Unable to relay for USER@MYDOMAINNAME.COM

Asked by: paulatn

I have locked down relay and when some users outside my domain ex: user@yahoo.com email us they receive unable to relay(message below)
How do I allow these users to email us without relay denied

Delivery to the following recipient failed permanently:

    USER@MYDOMAINNAME.COM
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 550 5.7.1 Unable to relay for USER@MYDOMAINNAME.COM

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2006-03-14 at 13:21:54ID21773723
Tags

error

,

smtp

,

550

,

relay

,

unable

Topic

Exchange Email Server

Participating Experts
1
Points
500
Comments
15

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. SMTP and relaying
    I am attempting to send an email from my asp.net web app. SMTP service has been installed and configured for relaying, howver, when I have attempted to send an email, it chokes and I get the old Could not access 'CDO.Message' object. error. SO.. I reinstall SMTP, write...
  2. SMTP Relay
    Ok, I know this has probably been answered 1000 time here, but humor me as I make sure I understand Exchange 2000 SMTP Relay. I have and exchange server sitting on my active directory domain, domain1.com and domain2.com. My domain is behind a firewall via NAT. Domain1...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: SembeePosted on 2006-03-14 at 13:33:32ID: 16188290

What do you mean by "Lock Down Relay"? What did you do?
Exchange 2003 is relay secure out of the box - the only change that some people need to make is remove the authenticated relay setting. Nothing else needs to be done.

Simon.

 

by: paulatnPosted on 2006-03-14 at 13:39:04ID: 16188348

Done that.
I have removed the authenticated relay and have the default relay settings and some users outside my domain ex: user@yahoo.com email us they receive unable to relay(message below)
How do I allow these users to email us without relay denied

 

by: SembeePosted on 2006-03-14 at 14:10:00ID: 16188764

Did you do anything else to the SMTP settings?
Are you receiving external email at all?

Simon.

 

by: paulatnPosted on 2006-03-14 at 14:14:51ID: 16188829

I am receiving external email but not all... particularly @yahoo.com @hotmail.com @gmail.com
The settings are

only the list below radio button

nothing in the field computers:

and nothing else checked.



 

by: SembeePosted on 2006-03-14 at 14:22:50ID: 16188933

If you are getting some external email, then that would tend to rule out a problem with Exchange.
Normally if Exchange is not configured correctly then all email will fail.

Have you made any DNS changes recently?
Have you tried a telnet test in to the Exchange server to see if it throws back the same or similar error?

Simon.

 

by: paulatnPosted on 2006-03-14 at 17:04:44ID: 16190183

NO DNS changes what so ever
When I click the all except the list below radio button and restart the virtual server it works fine.
I have tested the exchange server and it responds back on port 25

 

by: SembeePosted on 2006-03-15 at 03:44:05ID: 16193274

Relay settings should be only the list below (with nothing listed below ideally).
Access settings should be all except the list below (with nothing listed below to start with).

If you have things the other way round, then you are an open relay.

Simon.

 

by: paulatnPosted on 2006-03-15 at 05:45:32ID: 16193977

Yes I would be open to relay and I am aware of the relay setting, so
how do I configure it where I am not open to relay and I can receive email from webmail like @yahoo.com, @hotmail.com?

 

by: SembeePosted on 2006-03-15 at 06:12:37ID: 16194177

You have to cut off the open relay first. I don't care if that is the only way that you receive email - anyone who knowingly puts an open relay server on the Internet should be fired. Yes I do feel that strongly about it. If your ISP finds that you are running an open relay you will probably have your connection cut off - most ISPs will not tolerate it either.

There should be no difference in receiving email from the webmail services to anyone else - as long as you or any application that you might be using haven't tried to restrict the senders in any way.

If you cannot receive any email with the relay options closed, and get the cannot relay messages, then that means Exchange doesn't know that it is responsible for delivery of email to that domain.
Check that recipient policy is configured correctly and is applying email addresses automatically to the user accounts. If you have to enter them manually then something isn't working correctly. You need to look at the event viewer to see if it flags anything about the recipient policy.

The other thing it might be is Exchange isn't updating the IIS Metabase with the new domain information. If that is happening then you have a more serious problem on your hands.

Simon.

 

by: paulatnPosted on 2006-03-16 at 07:38:13ID: 16206004

RE:
If you cannot receive any email with the relay options closed, and get the cannot relay messages, then that means Exchange doesn't know that it is responsible for delivery of email to that domain.

Check that recipient policy is configured correctly and is applying email addresses automatically to the user accounts. If you have to enter them manually then something isn't working correctly. You need to look at the event viewer to see if it flags anything about the recipient policy.

Can you step me through the entire config process to make sure I am matching what you are suggesting ?

 

by: SembeePosted on 2006-03-16 at 08:29:20ID: 16206608

Recipient Policy...

ESM, Recipients, Recipient Policies. You will have at least one policy in there - the default.
If you look at the properties of that policy, then click on the tab "Email Addresses (Policy)" you should find at least one domain listed. Depending on your Active Directory domain configuration, this may, or may not be the same as your external domain.

For example, if your AD domain is domain.local then you would have the domain @domain.local in the list.
If that is the case, then you should also have @domain.com (or whatever your email domain is) listed in there as well.

If you don't - then Exchange doesn't know it is responsible for email being delivered to that domain. Putting the email addresses on to the accounts manually is not enough.

If you do have to add a domain in there, don't remove the default domain that matches your internal AD domain. That can cause problems. Add the new domain (@domain.com or whatever) and then make it the default. Leave the existing domain in place.

User accounts should be getting email addresses in the new domain automatically. If you have to add the email addresses in by hand later on, then recipient update services isn't working correctly.

Simon.

 

by: paulatnPosted on 2006-04-11 at 09:46:50ID: 16428693

Here is the scenario:

We have two separate networks: 192.168.1.x and 192.168.2.x and an exchange server on each network.
Each network has its own Wan Address x.x.x.1 and x.x.x.2
One exchnage server domain is mail.contoso.com-mx record pointing to this address
Other exchange server domain is support.contoso.com with an MX record pointing to this address
Each Network hits the internet throught their own firewall on their segment.
The firewalls are switched via an internet switch and pass thru a Gateway Router which has everything open and travels on a single T1 circuit
Port 25 is open on each firewall
SMTP is open on each firewall to their respective WAN address and I can telnet to each address
NSLOOKUP - via each MX record yeilds a response from each exchange serveron their respective WAN address
Relay is not open

"when a user tries to email someone@contoso.com from an outside email ISP such as joe@yahoo.com emailing someone@contoso.com",  joe gets a PERM_FAILURE: SMTP Error (state 9): 550 5.7.1 Unable to relay for someone@contoso.com

How can this be resolved?

 

by: SembeePosted on 2006-04-11 at 10:07:52ID: 16428897

This question has now been closed.
If the problem hasn't been resolved then you should either open a new question or post to the Support TA and ask for it to be reopened.

Simon.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...