exchange 2003, added new domain to existing ones, unable to relay for...


the setup:

running ex2k3, packed out, everything was working fine.  we receive email for, and  these work fine, have been working fine for years... even before the upgrade to exchange 2003...

now, we have the requirement to add 2 more domains to the mix.  call them and

the problem:

i've set settings the same as the other domains as far as i can remember... but when sending mail to the 'new' domains, we always get "unable to relay for:"... same for

the background:
the mx and a records for all of these domains resolve to the same internet ip address, with different hostnames (,,, etc...)

the recipient addresses do actually exist and are assigned to individual users in active directory.  

in exchange system manager, in the smtp1 connector all of the domains are listed, with variuos priorities.  also, * is listed, and the checkmark at the bottom is not checked (allow relaying to these domains).  as this, everything works fine for domain1,2,3... and we're not an open relay.

if i put a checkmark there, they get their mail just fine... but leaving the * there, i assume makes us an open relay.  so i removed the *.  we can still send email as a company, to wherever... and everyone seems to get their mail ok now.

in the course of troubleshooting, i get many errors about metabase update not being able to find the specified path, like 1 error per minute, for a long time.  i have a potential fix for that, will try later tonight.  i assume that exchange just isnt talking with active directory as well as it can be, and one of them doesnt understand that domain4 and domain5 are ours.

and now, the question:

by having the * gone, and a checkmark there for relay to these domains, does this make us less secure, create a less secure environment, or have a better way of happening?

thoughts would be appreciated.
Who is Participating?
Manually adding the recipient addresses to users in Active Directory wont allow your organization to recieve emails for these two new domains.
You need to add these two new domain addresses on one of your recipient policy.
check your default policy or if you have manually created other policies.

Amit Aggarwal.
This should be helpful for you -->

Amit Aggarwal.
hack-4-goodAuthor Commented:
thank you for the link...

i've created a new (additional) recipient policy for these domains... i opted to add a new one rather than change the default because only a few users will have these new domains.

i applied the policies, and rebooted the server for the heck of it...

but.. i still get 'unable to relay' if i remove the checkmark for 'allow relaying to these domains'.  if i remove that checkmark, the unable to relay error comes back...

with that checkmarked, emails get routed properly.  with that checkmarked, i  remove the * from the address space, so we're not an open relay...

is this 'by the book' ? am i missing something else?  that link was very detailed and i followed it to a T...
You appear to be mixing up SMTP Connectors and Recipient Policy.

You do NOT have to have these domains listed on any SMTP Connectors. If you have them listed then remove them. SMTP Connectors have nothing to do with inbound email, just outbound.

The recipient policy controls inbound email and you should ensure that the policy is set for the new domains and enabled. I usually recommend copying the format of the default policy to ensure that you have got it right.

hack-4-goodAuthor Commented:
very helpful, thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.