Final Destination and MX record

Posted on 2003-11-05
Last Modified: 2010-03-05
I just setup my MX record on DNS server to receive my emails on this new machine. It is running an Exchange server.
When I send an email, it reject it and says relay access denyed!!

How can I fix MS exchange 2000  to accept the email and know that it is the final destination for the email.

Question by:Nav444
  • 4
  • 3
LVL 35

Expert Comment

ID: 9689960
Exchange management Console:
Setup a recipient policy or change the existing default recipient policy for your domain and make sur than a SMTP and X400 entry exists and is activated.

As far as your recipient update service has run or as far as you have run it manually, every user in your domain should have a valid e-mail address.

Go to your virtual smtp server and click
- "Access" and "Relay" and activate "All computers on the list", leave the list empty and activate "all computers with have authenticated..." at the bottom of the dialog.
 - "Access" and "Authentication" and activate "anonymous" and "windows integrated".

To receive e-mail from inside, just connect your clients to the "Exchange server". For clients using not exchange server but pop3 / smtp, you have to setup the server settings on the client and make sure, that the senders address is within the address space of your exchange server.
To receive e-mail from the internet, place your MX record on a public DNS, which can be found from servers at the internet (usually your provider). Also you should provide an DNS A-Record for your server on the same DNS.

Make sure, that no router or firewall blocks port 25 and you do not use a dial up connection or a dynamic IP address.  

Author Comment

ID: 9690719
Hi Bembi
Thanks for your reply. I did all you said, but still I get relay access rejected!!

any clue?

I have following on my DNS.         MX    10
mail2   A        A
www             CNAME
ftp             CNAME
mail            CNAME

As you see IP on second line and third line are not same. Because as I said before, the exchange server is on other remote machine.
Do you think this DNS setting is correct?
When I ping I get responses and shows the correct IP.
[ps. and ip addresses are not real in my example]

I really appreciate it if you chould help.

LVL 35

Expert Comment

ID: 9690940
You can check your server by:
Dos promt:
set type=mx

this should respond a MX record, which points to and an A Record pointing to

Yuur server (Exchange must have this IP and it must listen on port 25 for this ip.

Additionally you have to make sure, that mails are forwarded to this IP. Also make sure, that the same test from the internet shows the same results. As you must have a agreement with your provider to host your own (public DNS), your internal settings are irrelevant, as long as somewhere else exists a public MX record for your domain.

Make sure, your server is listening on port 25 on this IP (or all IPs =
Go to your exchange server and type at the dos promt:
netstat -na

you should get either

TCP - - Listening


TCP - - Listening

DNS Settings:
the do not have an A Record, additionally CNAME never points to a domain.
I assume you mean:

superior folder ... which simply points to your local machine (the DNS server)

and a CNAME should be

mail   CNAME


Author Comment

ID: 9691636
That is right. DNS server, a Mail server and web server are all on a Linux machine that is hosted in a remote location, and I have full administration access to it.
This machine was running for passed 3 years. We have about 20 different domains running on it and few of them using the same sendmail Mail server.

Now all I am trying is to move only the mail server for one of those domains to another location on a Exchange server, while the WebServer and rest are still on Linux machine.

The exchange server is also in running condition. We are using it over  WAN between two offices. Two offices are connected with VPN.

Well, exchange is listening to port 25. and when type the domain name in here, it can find MS and A record.

May be my problem is this: The IP of exchange server, does not have any Domain Name.
so I can not do what you said:
mail   CNAME is domain of Linux Machine, where I want to hold the web server.

do you think I should create a domain name for IP address of Exchange? then only I can set everything?

also I do not understand this:
"Additionally you have to make sure, that mails are forwarded to this IP" after DNS server, there should be Exchange server. So no need of forwarding!!

I hope I am not very confusing. I really appreciate if you could help me with this problem.


PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Expert Comment

ID: 9694021
You mention your getting relay errors when sending mail.
Is this mail from your exchange clients to the outside world
Mail from the outside world to you exchange server
LVL 35

Accepted Solution

Bembi earned 20 total points
ID: 9695852
1.) You have a Windows 2000 Server with Exchange 2000 and Active Directory. That means, your server must have a domain name as your server must be a member of this domain.

nslookup IP_Address of Exchange Server

you should get back

Additionally you have a email-domain within your exchange server, which must not be the same than your W2K domain. But the mail, you send to your server, must include the email-domain of your exchange server, otherwise exchange assumes relay and will reject the mail (what is absolutely correct).

If you send a mail i.e. from yahoo to your server, you address your mail with The (public) MX record for points to the servername (i.e. and for this server ( you have an A-Record, so that external servers can get the IP. As you get relay messages, I would say, your server gets the mails.

If your server gets the mail, it first looks, if any user of your exchange server has a mailbox with this email domain ( If not, exchange searches for a routing advise and if there is no route to any other location it checks, if relay is open. If yes, your exchange server tries to find the responsible target server, and if not, the mail is rejected.

Note that you have to create a Recipient Policy for within your exchange server, so that the exchange server knows, which is its own email-domain. It is not enough to simply add an e-mail adress in active directory. The email domain gets valid, after the recipient update service of exchange has run (either automatically within the configured time scope or manually).

As long as this has not happened, your email-domain is unknown and has your server has not alternative route and relay is closed, the mail will be rejected.


Author Comment

ID: 9719124
Thanks for your clear explanation, I think I should create the mailbox and recipient policy. But I do not know how to do it exactly.

This exchange already has a mail box that works internally. I want to have a different mailbox. Like first one works with and new one should work with

I just created a policy, and it did not worked. i think I should do some other settings too.
Can you give me some hint.

LVL 35

Expert Comment

ID: 9726815
The policy may need some time if it is applied. Dependend from your settings and configuration, it may take about 15 minutes.

Each policy has a filter, where you can filter the users / mailboxes, which should be affected by the policy, and an address space for SMTP like "".

Within your filter (1st tab of the policy - button change) you have a "Search now" button to see the result of the filter
On the second tab (Email addresses) assign a name space for the affected users, you have seen before.

As you can not change the filter for the default policy (affects all users), you may have to create a new policy, if only a few users are affected. So you can i.e. create a policy for as well as for with different affected users.

If you want to assign both addresses to all users, you can add the second SMTP address to the default policy.

If you add an email address, there is a checkbox saying "This sever is responsible for all mails to this domain". This setting says, that the server is the only server, which is responsible for this email domain.

If both addresses should be reached from the internet, you have to provide a public mx record for each of your domains.
You can use to check your domain, if it can bee seen from the internet.


Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now