neomage23
asked on
550 unable to relay for secondary domain
Hello experts!@
I have set up exchange to receive email for a secondary domain, for simplicity sake let's say that my primary domain is:
abc.com
And the secondary domain is: foo.com
Well, in Active Directory Domains and trusts, I set up an alternate UPN suffix for foo.com and then created a user and a mailbox for this, and in exchange I set up a recipient policy to accept mail for foo.com
Earlier today a user reported that an email to @netzero.net was returned as "550 unable to relay for user@netzero.net" when they used the pop email server "mail.foo.com" however they were able to send the email through thier normal exchange account.
Any ideas on why this occurred?
(i'm happy to clarify further if this isn't enough info...just tell me what you need to know)
TIA,
neo
I have set up exchange to receive email for a secondary domain, for simplicity sake let's say that my primary domain is:
abc.com
And the secondary domain is: foo.com
Well, in Active Directory Domains and trusts, I set up an alternate UPN suffix for foo.com and then created a user and a mailbox for this, and in exchange I set up a recipient policy to accept mail for foo.com
Earlier today a user reported that an email to @netzero.net was returned as "550 unable to relay for user@netzero.net" when they used the pop email server "mail.foo.com" however they were able to send the email through thier normal exchange account.
Any ideas on why this occurred?
(i'm happy to clarify further if this isn't enough info...just tell me what you need to know)
TIA,
neo
ASKER
interesting...
Simon, I'm not exactly sure how to answer the question...
In an attempt to answer the question, I went into the system manager and opened the properties for the default SMTP Virtual Server and clicked on the access tab and then the relay button...in the "Relay Restrictions" section I have "only the list below" selected, and there are NO COMPUTERS in the list...but I have it checked where it says "Allow all computers which successfully authenticate to relay regardless of the list above"....
I thought that perhaps this situation was related to the fact that I have no "connectors" so I went ahead and put in a connector that relayed mail through the server based on the address space "foo.com"...
but I haven't tested it yet..
what do you think?
Simon, I'm not exactly sure how to answer the question...
In an attempt to answer the question, I went into the system manager and opened the properties for the default SMTP Virtual Server and clicked on the access tab and then the relay button...in the "Relay Restrictions" section I have "only the list below" selected, and there are NO COMPUTERS in the list...but I have it checked where it says "Allow all computers which successfully authenticate to relay regardless of the list above"....
I thought that perhaps this situation was related to the fact that I have no "connectors" so I went ahead and put in a connector that relayed mail through the server based on the address space "foo.com"...
but I haven't tested it yet..
what do you think?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I've removed the connector...but where do I "set it specifically" to authenticate to relay?
You already have it set on the server.
What you need to check is the client. That will vary depending on the client. Look for something that says "server requires authentication" or something like that.
Simon.
What you need to check is the client. That will vary depending on the client. Look for something that says "server requires authentication" or something like that.
Simon.
ASKER
Thanks for your help on this simon...you were ABSOLUTELY right...in outlook 2003 I set the outgoing message properties to "use the same credentials" or whatever and now it works fine. Just to be safe I did a "Open Relay" test through abuse.org and everything seems to be relatively secure and safe. Thanks again for your help.
By IP address? (bad)
Authentication? (good)
Exchange doesn't allow relaying to an external email address without one of the above being set - otherwise you are an open relay.
Simon.