Final Destination and MX record

I just setup my MX record on DNS server to receive my emails on this new machine. It is running an Exchange server.
When I send an email, it reject it and says relay access denyed!!

How can I fix MS exchange 2000  to accept the email and know that it is the final destination for the email.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Exchange management Console:
Setup a recipient policy or change the existing default recipient policy for your domain and make sur than a SMTP and X400 entry exists and is activated.

As far as your recipient update service has run or as far as you have run it manually, every user in your domain should have a valid e-mail address.

Go to your virtual smtp server and click
- "Access" and "Relay" and activate "All computers on the list", leave the list empty and activate "all computers with have authenticated..." at the bottom of the dialog.
 - "Access" and "Authentication" and activate "anonymous" and "windows integrated".

To receive e-mail from inside, just connect your clients to the "Exchange server". For clients using not exchange server but pop3 / smtp, you have to setup the server settings on the client and make sure, that the senders address is within the address space of your exchange server.
To receive e-mail from the internet, place your MX record on a public DNS, which can be found from servers at the internet (usually your provider). Also you should provide an DNS A-Record for your server on the same DNS.

Make sure, that no router or firewall blocks port 25 and you do not use a dial up connection or a dynamic IP address.  
Nav444Author Commented:
Hi Bembi
Thanks for your reply. I did all you said, but still I get relay access rejected!!

any clue?

I have following on my DNS.         MX    10
mail2   A        A
www             CNAME
ftp             CNAME
mail            CNAME

As you see IP on second line and third line are not same. Because as I said before, the exchange server is on other remote machine.
Do you think this DNS setting is correct?
When I ping I get responses and shows the correct IP.
[ps. and ip addresses are not real in my example]

I really appreciate it if you chould help.

You can check your server by:
Dos promt:
set type=mx

this should respond a MX record, which points to and an A Record pointing to

Yuur server (Exchange must have this IP and it must listen on port 25 for this ip.

Additionally you have to make sure, that mails are forwarded to this IP. Also make sure, that the same test from the internet shows the same results. As you must have a agreement with your provider to host your own (public DNS), your internal settings are irrelevant, as long as somewhere else exists a public MX record for your domain.

Make sure, your server is listening on port 25 on this IP (or all IPs =
Go to your exchange server and type at the dos promt:
netstat -na

you should get either

TCP - - Listening


TCP - - Listening

DNS Settings:
the do not have an A Record, additionally CNAME never points to a domain.
I assume you mean:

superior folder ... which simply points to your local machine (the DNS server)

and a CNAME should be

mail   CNAME

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Nav444Author Commented:
That is right. DNS server, a Mail server and web server are all on a Linux machine that is hosted in a remote location, and I have full administration access to it.
This machine was running for passed 3 years. We have about 20 different domains running on it and few of them using the same sendmail Mail server.

Now all I am trying is to move only the mail server for one of those domains to another location on a Exchange server, while the WebServer and rest are still on Linux machine.

The exchange server is also in running condition. We are using it over  WAN between two offices. Two offices are connected with VPN.

Well, exchange is listening to port 25. and when type the domain name in here, it can find MS and A record.

May be my problem is this: The IP of exchange server, does not have any Domain Name.
so I can not do what you said:
mail   CNAME is domain of Linux Machine, where I want to hold the web server.

do you think I should create a domain name for IP address of Exchange? then only I can set everything?

also I do not understand this:
"Additionally you have to make sure, that mails are forwarded to this IP" after DNS server, there should be Exchange server. So no need of forwarding!!

I hope I am not very confusing. I really appreciate if you could help me with this problem.


You mention your getting relay errors when sending mail.
Is this mail from your exchange clients to the outside world
Mail from the outside world to you exchange server
1.) You have a Windows 2000 Server with Exchange 2000 and Active Directory. That means, your server must have a domain name as your server must be a member of this domain.

nslookup IP_Address of Exchange Server

you should get back

Additionally you have a email-domain within your exchange server, which must not be the same than your W2K domain. But the mail, you send to your server, must include the email-domain of your exchange server, otherwise exchange assumes relay and will reject the mail (what is absolutely correct).

If you send a mail i.e. from yahoo to your server, you address your mail with The (public) MX record for points to the servername (i.e. and for this server ( you have an A-Record, so that external servers can get the IP. As you get relay messages, I would say, your server gets the mails.

If your server gets the mail, it first looks, if any user of your exchange server has a mailbox with this email domain ( If not, exchange searches for a routing advise and if there is no route to any other location it checks, if relay is open. If yes, your exchange server tries to find the responsible target server, and if not, the mail is rejected.

Note that you have to create a Recipient Policy for within your exchange server, so that the exchange server knows, which is its own email-domain. It is not enough to simply add an e-mail adress in active directory. The email domain gets valid, after the recipient update service of exchange has run (either automatically within the configured time scope or manually).

As long as this has not happened, your email-domain is unknown and has your server has not alternative route and relay is closed, the mail will be rejected.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Nav444Author Commented:
Thanks for your clear explanation, I think I should create the mailbox and recipient policy. But I do not know how to do it exactly.

This exchange already has a mail box that works internally. I want to have a different mailbox. Like first one works with and new one should work with

I just created a policy, and it did not worked. i think I should do some other settings too.
Can you give me some hint.

The policy may need some time if it is applied. Dependend from your settings and configuration, it may take about 15 minutes.

Each policy has a filter, where you can filter the users / mailboxes, which should be affected by the policy, and an address space for SMTP like "".

Within your filter (1st tab of the policy - button change) you have a "Search now" button to see the result of the filter
On the second tab (Email addresses) assign a name space for the affected users, you have seen before.

As you can not change the filter for the default policy (affects all users), you may have to create a new policy, if only a few users are affected. So you can i.e. create a policy for as well as for with different affected users.

If you want to assign both addresses to all users, you can add the second SMTP address to the default policy.

If you add an email address, there is a checkbox saying "This sever is responsible for all mails to this domain". This setting says, that the server is the only server, which is responsible for this email domain.

If both addresses should be reached from the internet, you have to provide a public mx record for each of your domains.
You can use to check your domain, if it can bee seen from the internet.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.