Solved

Exchange 2003 do not have permission to send to this recipient; rejected by user Open Relay? I checked

Posted on 2004-10-14
9
634 Views
Last Modified: 2012-08-13
500 POINTS HERE, this is URGENT

I have recently set up an exchange server 2003, everything works great, except when we try to send to one particular email address, We immediately get the following bounceback.

The following recipient(s) could not be reached:

  'USERNAME@umn.edu' on 10/14/2004 12:40 PM
  You do not have permission to send to this recipient. For assistance, contact your system administrator.
  <mailserver.qualityforum.org #5.7.1 smtp;550 5.7.1 <USERNAME@umn.edu>... Rejected by user; see: <http://umn.edu/mc/p?EAxF35zhbdHzNdTyv6TG8CNknYgRdfMR9$HqK7FRoWdTjrp2rczX3KTPq5sJ5N6QanneyGAGADrv7o8dwwf1wgA>>

The recipient said they ran us through open relay databases, and we came up dirty. I ran it before I rolled it out, and thoroughly checked it, and found no evidence of an open relay. Today I did the same thing after reading the response from the recipient and they all came up clean.

PLEASE HELP, I need this fixed like it was yesterday.

Thanks ahead of time,
Devon
0
Comment
Question by:devruiz
  • 4
  • 3
  • 2
9 Comments
 
LVL 26

Expert Comment

by:Vahik
ID: 12313175
try dnsstuff.com it seems u are blcklisted.
0
 
LVL 26

Expert Comment

by:Vahik
ID: 12313208
forgot to say u could ask the other end user or admin to put u on white list which will
override the blacklist.then create an smtp connector for that domain and send all ur email
straight to their public address.
0
 
LVL 1

Author Comment

by:devruiz
ID: 12313386
Where in dnsstuff.com does it say I am blacklisted? Think only hint I have it says in the Spam SBBl has a DNS lookup issue. I was thinking the whitelist route, but If I have an open relay issue, I want that fire put out now before it starts. They are a royal PITA. I thought I had the server locked down, but I kind of think it's a UMN issue. Am I right? Or am I just not seeing how blacklisted I am becoming as I write this?

Thanks
Devon

I also want to add that when I go to dnsreport.com it says "[ERROR: The parent servers say that the domain mail.qualityforum.org does not have any NS records (although they may have some other information on that zone). I can not do a DNS report on a hostname (such as mail.example.com) or a domain name that does not have its own zone.]"

make any sense? when I ran it on DNSREPORTS Sunday, it worked fine.....puzzled....

0
 
LVL 3

Assisted Solution

by:nalanbar
nalanbar earned 250 total points
ID: 12313548
http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21141277.html

I had the same problem, and this was the start of how I cleaned it out.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 26

Assisted Solution

by:Vahik
Vahik earned 250 total points
ID: 12314302
exchange 2000 and 2003 are relay proof in the default instalation.
what u should do ?
1-call ur isp and make sure u have an A record and a PTR record cretaed in ur zone
2-if u dont allow folks from outside to use ur exchange to send mail to other domains
then uncheck   "Allow all computers which successfully authenticate to relay regardless
of the list above".
this two simple steps will ensure no relaying from ur server.
if u allow outside folks(users,salesman,bla bla)to send email through ur
exchange then u may have a problem with some nice folks who try all day
long to guess the password and username of ur internal users and sometime
they do get lucky.to prevent this happening u must enable complex password
policy and make sure passwordsa are changed at a regular intervals.
0
 
LVL 3

Expert Comment

by:nalanbar
ID: 12314399
They are NOT relay proof with a fresh install. That is just a ludicrous thing to say.
0
 
LVL 26

Assisted Solution

by:Vahik
Vahik earned 250 total points
ID: 12314712
nalanbar in exchange 2000 and 2003 there is only one click that prevents relaying
on ur exchange server and that is on ur smtp relay section which states
select which computer may relay through this virtual server
only list below
all except the list below

with the first option checked and list below empty.that is all to it .this is the default
setting when u set up ur exchange 2000 and 2003.Is it possible for this option
not to be ticked?yes it is and u must always check ur settings when u install exchange
server.

the second option that i talked about in my last comment is a diffrent animal.With
that option u allow relaying intentionally to ur external users that authenticate
against ur AD.if the geeek who tries to guess the password is not successfull
then no relay.if he is then u are outof luck.to prevent this u can enable complex password policy but that initself creates other problems......old ladies forgeting
their password or writting them on stickers stuck on their computers so everyone can see.
since this is my last post let me tell u that successfull relaying is diffrent than spam and folks who
crash ur server trying to relay.there are ways to stop them also but that is another
story for another night(my grandma used to say that when i was a kid).
Take care and good luck.

0
 
LVL 3

Accepted Solution

by:
nalanbar earned 250 total points
ID: 12314832
There is a difference between relay proof and "there is only one place you have to look to make sure you don't relay." That being said, the rest of your information is correct.
Devon,
Once you have shut off relaying, or even before hand for a little fun, go to www.mail-abuse.com, click on rss link on the right side, and check your ip address against them. If you  are on any of their lists, they will give you instructions as to how to get off the list, and will do a very comprehensive open relay test.
0
 
LVL 1

Author Comment

by:devruiz
ID: 12322269
Didn't mean to give a grade B guys, I apologize. It was an A, because you enlightened me to a few things. The problem wound up being that we were blacklisted Januray 2004 for excessive outgoing virus'. This was unbeknownst to ANY of us in the organization because we never had any issues. Our virus tables were always up to date, and our Trend Scanmail had performed flawlessly <so I thought>. Nonetheless, I made a request to the "SysOp" at UMN.EDU and told him that information was false, and he added us to their "list".

I still don't understand why this just arose from the new installation. The dates were ANCIENT (6 months ago) . I guess it's one of those blackhole effect thingy's........dunno....I like to think logically, so this throws me.

Thanks for all of your help Vahik and nalanbar! I will use those techniques for other clients in the future.

Take care,
Devon
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now