[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 365
  • Last Modified:

550 unable to relay for secondary domain

Hello experts!@

I have set up exchange to receive email for a secondary domain, for simplicity sake let's say that my primary domain is:

abc.com

And the secondary domain is: foo.com

Well, in Active Directory Domains and trusts, I set up an alternate UPN suffix for foo.com and then created a user and a mailbox for this, and in exchange I set up a recipient policy to accept mail for foo.com

Earlier today a user reported that an email to @netzero.net was returned as "550 unable to relay for user@netzero.net" when they used the pop email server "mail.foo.com" however they were able to send the email through thier normal exchange account.

Any ideas on why this occurred?

(i'm happy to clarify further if this isn't enough info...just tell me what you need to know)

TIA,

neo
0
neomage23
Asked:
neomage23
  • 3
  • 3
1 Solution
 
SembeeCommented:
What mechanism do you use for allowing your users to relay?
By IP address? (bad)
Authentication? (good)

Exchange doesn't allow relaying to an external email address without one of the above being set - otherwise you are an open relay.

Simon.
0
 
neomage23Author Commented:
interesting...

Simon, I'm not exactly sure how to answer the question...

In an attempt to answer the question, I went into the system manager and opened the properties for the default SMTP Virtual Server and clicked on the access tab and then the relay button...in the "Relay Restrictions" section I have "only the list below" selected, and there are NO COMPUTERS in the list...but I have it checked where it says "Allow all computers which successfully authenticate to relay regardless of the list above"....

I thought that perhaps this situation was related to the fact that I have no "connectors" so I went ahead and put in a connector that relayed mail through the server based on the address space "foo.com"...

but I haven't tested it yet..

what do you think?

0
 
SembeeCommented:
The SMTP Connector only deals with outbound email.
Therefore if you have created an SMTP connected with the second domain listed then you haven't fixed the problem. Remove it as it is of no use to you.

What I was more interested in was what you are entering in to the clients.
In most cases you need to authenticate to relay - that is the most secure way of dealing with relaying. You do need to set it specifically - as authentication on POP3 isn't enough.

Simon.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
neomage23Author Commented:
Ok, I've removed the connector...but where do I "set it specifically" to authenticate to relay?

0
 
SembeeCommented:
You already have it set on the server.
What you need to check is the client. That will vary depending on the client. Look for something that says "server requires authentication" or something like that.

Simon.
0
 
neomage23Author Commented:
Thanks for your help on this simon...you were ABSOLUTELY right...in outlook 2003 I set the outgoing message properties to "use the same credentials" or whatever and now it works fine. Just to be safe I did a "Open Relay" test through abuse.org and everything seems to be relatively secure and safe. Thanks again for your help.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now