Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Final Destination and MX record

Posted on 2003-11-05
Medium Priority
Last Modified: 2010-03-05
I just setup my MX record on DNS server to receive my emails on this new machine. It is running an Exchange server.
When I send an email, it reject it and says relay access denyed!!

How can I fix MS exchange 2000  to accept the email and know that it is the final destination for the email.

Question by:Nav444
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 35

Expert Comment

ID: 9689960
Exchange management Console:
Setup a recipient policy or change the existing default recipient policy for your domain and make sur than a SMTP and X400 entry exists and is activated.

As far as your recipient update service has run or as far as you have run it manually, every user in your domain should have a valid e-mail address.

Go to your virtual smtp server and click
- "Access" and "Relay" and activate "All computers on the list", leave the list empty and activate "all computers with have authenticated..." at the bottom of the dialog.
 - "Access" and "Authentication" and activate "anonymous" and "windows integrated".

To receive e-mail from inside, just connect your clients to the "Exchange server". For clients using not exchange server but pop3 / smtp, you have to setup the server settings on the client and make sure, that the senders address is within the address space of your exchange server.
To receive e-mail from the internet, place your MX record on a public DNS, which can be found from servers at the internet (usually your provider). Also you should provide an DNS A-Record for your server on the same DNS.

Make sure, that no router or firewall blocks port 25 and you do not use a dial up connection or a dynamic IP address.  

Author Comment

ID: 9690719
Hi Bembi
Thanks for your reply. I did all you said, but still I get relay access rejected!!

any clue?

I have following on my DNS.

foo.com.         MX    10 mail2.foo.com.
mail2   A
foo.com.        A
www             CNAME   foo.com.
ftp             CNAME   foo.com.
mail            CNAME   foo.com.

As you see IP on second line and third line are not same. Because as I said before, the exchange server is on other remote machine.
Do you think this DNS setting is correct?
When I ping mail2.foo.com. I get responses and shows the correct IP.
[ps. foo.com and ip addresses are not real in my example]

I really appreciate it if you chould help.

LVL 35

Expert Comment

ID: 9690940
You can check your server by:
Dos promt:
set type=mx

this should respond a MX record, which points to mail2.foo.com and an A Record pointing to

Yuur server (Exchange must have this IP and it must listen on port 25 for this ip.

Additionally you have to make sure, that mails are forwarded to this IP. Also make sure, that the same test from the internet shows the same results. As you must have a agreement with your provider to host your own (public DNS), your internal settings are irrelevant, as long as somewhere else exists a public MX record for your domain.

Make sure, your server is listening on port 25 on this IP (or all IPs =
Go to your exchange server and type at the dos promt:
netstat -na

you should get either

TCP - - Listening


TCP - - Listening

DNS Settings:
the foo.com do not have an A Record, additionally CNAME never points to a domain.
I assume you mean:

superior folder ... which simply points to your local machine (the DNS server)

and a CNAME should be

mail   CNAME   myreallyservername.foo.com

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!


Author Comment

ID: 9691636
That is right. DNS server, a Mail server and web server are all on a Linux machine that is hosted in a remote location, and I have full administration access to it.
This machine was running for passed 3 years. We have about 20 different domains running on it and few of them using the same sendmail Mail server.

Now all I am trying is to move only the mail server for one of those domains to another location on a Exchange server, while the WebServer and rest are still on Linux machine.

The exchange server is also in running condition. We are using it over  WAN between two offices. Two offices are connected with VPN.

Well, exchange is listening to port 25. and when type the domain name in here http://www.dnsstuff.com/, it can find MS and A record.

May be my problem is this: The IP of exchange server, does not have any Domain Name.
so I can not do what you said:
mail   CNAME   myreallyservername.foo.com

www.foo.com is domain of Linux Machine, where I want to hold the web server.

do you think I should create a domain name for IP address of Exchange? then only I can set everything?

also I do not understand this:
"Additionally you have to make sure, that mails are forwarded to this IP" after DNS server, there should be Exchange server. So no need of forwarding!!

I hope I am not very confusing. I really appreciate if you could help me with this problem.



Expert Comment

ID: 9694021
You mention your getting relay errors when sending mail.
Is this mail from your exchange clients to the outside world
Mail from the outside world to you exchange server
LVL 35

Accepted Solution

Bembi earned 80 total points
ID: 9695852
1.) You have a Windows 2000 Server with Exchange 2000 and Active Directory. That means, your server must have a domain name as your server must be a member of this domain.

nslookup IP_Address of Exchange Server

you should get back mymailserver.mydomain.com

Additionally you have a email-domain within your exchange server, which must not be the same than your W2K domain. But the mail, you send to your server, must include the email-domain of your exchange server, otherwise exchange assumes relay and will reject the mail (what is absolutely correct).

If you send a mail i.e. from yahoo to your server, you address your mail with myuser.foo.com. The (public) MX record for foo.com points to the servername (i.e. mail.mydomain.com) and for this server (myserver.mydomain.com) you have an A-Record, so that external servers can get the IP. As you get relay messages, I would say, your server gets the mails.

If your server gets the mail, it first looks, if any user of your exchange server has a mailbox with this email domain (myuser.foo.com). If not, exchange searches for a routing advise and if there is no route to any other location it checks, if relay is open. If yes, your exchange server tries to find the responsible target server, and if not, the mail is rejected.

Note that you have to create a Recipient Policy for foo.com within your exchange server, so that the exchange server knows, which is its own email-domain. It is not enough to simply add an e-mail adress in active directory. The email domain gets valid, after the recipient update service of exchange has run (either automatically within the configured time scope or manually).

As long as this has not happened, your email-domain is unknown and has your server has not alternative route and relay is closed, the mail will be rejected.


Author Comment

ID: 9719124
Thanks for your clear explanation, I think I should create the mailbox and recipient policy. But I do not know how to do it exactly.

This exchange already has a mail box that works internally. I want to have a different mailbox. Like first one works with username@myfirstsite.com and new one should work with username@foo.com

I just created a policy, and it did not worked. i think I should do some other settings too.
Can you give me some hint.

LVL 35

Expert Comment

ID: 9726815
The policy may need some time if it is applied. Dependend from your settings and configuration, it may take about 15 minutes.

Each policy has a filter, where you can filter the users / mailboxes, which should be affected by the policy, and an address space for SMTP like "@foo.com".

Within your filter (1st tab of the policy - button change) you have a "Search now" button to see the result of the filter
On the second tab (Email addresses) assign a name space for the affected users, you have seen before.

As you can not change the filter for the default policy (affects all users), you may have to create a new policy, if only a few users are affected. So you can i.e. create a policy for foo.com as well as for myfirstsite.com with different affected users.

If you want to assign both addresses to all users, you can add the second SMTP address to the default policy.

If you add an email address, there is a checkbox saying "This sever is responsible for all mails to this domain". This setting says, that the server is the only server, which is responsible for this email domain.

If both addresses should be reached from the internet, you have to provide a public mx record for each of your domains.
You can use http://www.checkdns.net/ to check your domain, if it can bee seen from the internet.


Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question