550 unable to relay for secondary domain

Hello experts!@

I have set up exchange to receive email for a secondary domain, for simplicity sake let's say that my primary domain is:

abc.com

And the secondary domain is: foo.com

Well, in Active Directory Domains and trusts, I set up an alternate UPN suffix for foo.com and then created a user and a mailbox for this, and in exchange I set up a recipient policy to accept mail for foo.com

Earlier today a user reported that an email to @netzero.net was returned as "550 unable to relay for user@netzero.net" when they used the pop email server "mail.foo.com" however they were able to send the email through thier normal exchange account.

Any ideas on why this occurred?

(i'm happy to clarify further if this isn't enough info...just tell me what you need to know)

TIA,

neo
LVL 6
neomage23Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SembeeCommented:
What mechanism do you use for allowing your users to relay?
By IP address? (bad)
Authentication? (good)

Exchange doesn't allow relaying to an external email address without one of the above being set - otherwise you are an open relay.

Simon.
neomage23Author Commented:
interesting...

Simon, I'm not exactly sure how to answer the question...

In an attempt to answer the question, I went into the system manager and opened the properties for the default SMTP Virtual Server and clicked on the access tab and then the relay button...in the "Relay Restrictions" section I have "only the list below" selected, and there are NO COMPUTERS in the list...but I have it checked where it says "Allow all computers which successfully authenticate to relay regardless of the list above"....

I thought that perhaps this situation was related to the fact that I have no "connectors" so I went ahead and put in a connector that relayed mail through the server based on the address space "foo.com"...

but I haven't tested it yet..

what do you think?

SembeeCommented:
The SMTP Connector only deals with outbound email.
Therefore if you have created an SMTP connected with the second domain listed then you haven't fixed the problem. Remove it as it is of no use to you.

What I was more interested in was what you are entering in to the clients.
In most cases you need to authenticate to relay - that is the most secure way of dealing with relaying. You do need to set it specifically - as authentication on POP3 isn't enough.

Simon.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

neomage23Author Commented:
Ok, I've removed the connector...but where do I "set it specifically" to authenticate to relay?

SembeeCommented:
You already have it set on the server.
What you need to check is the client. That will vary depending on the client. Look for something that says "server requires authentication" or something like that.

Simon.
neomage23Author Commented:
Thanks for your help on this simon...you were ABSOLUTELY right...in outlook 2003 I set the outgoing message properties to "use the same credentials" or whatever and now it works fine. Just to be safe I did a "Open Relay" test through abuse.org and everything seems to be relatively secure and safe. Thanks again for your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.