Solved

550 5.7.1 Unable to relay error on Windows 2003 Server

Posted on 2006-07-05
35
9,216 Views
Last Modified: 2008-01-09
I have looked at the threads and cannot resolve this common problem from those I have read relating to this so I am posting.

I have a Windows 2003 Server running POP3/SMTP mail servives (NO EXCHANGE, at least not at the moment). Inbound mail comes into the client fine. Outbound is the problem.

IF I do a test on the clent by going to Control Panel|Mail|E-mail Accounts|View or change existing e-mail accounts|Change|Test Account Settings, all tests are successful and I receive an e-mail stating so. I guess I assume that if I can run the tests then I am able to send out.

However, if I try to send to other domains, I get the "550 5.7.1 Unable to relay to domain" error. I need help in pinpointing how to solve this.
0
Comment
Question by:habanagold
  • 16
  • 11
  • 4
  • +2
35 Comments
 
LVL 5

Expert Comment

by:Amitspeedstar
ID: 17049054
Follow the article below ,

http://support.microsoft.com/kb/262354/en-us

Amit.
0
 
LVL 1

Author Comment

by:habanagold
ID: 17051900
I don't think this is the problem. I have tried to send to several different addresses and they all deny. My domain was just created a few months ago and this is the first time we have attempted to send mail. Are you saying my domain needs to be put on a white list somewhere before anyone will allow mail to be sent to them from us?
0
 
LVL 1

Author Comment

by:habanagold
ID: 17056092
I started getting mail to go out but it seems to one domian at the moment. If I send to other domains I get the same error. At the moment, I can send mail to user@domain1.com but if I send to user@domain2.com or domain3.com, I still get the error with the corresponding domain appended to the end of the error message.
0
 
LVL 1

Author Comment

by:habanagold
ID: 17056161
I should add that when the mail did go out to the one domain, it only did so after I removed restrictions on relaying. Thought this might help in the diagnosis. I have since re-instated restrictions to relaying via authentication.
0
 
LVL 1

Author Comment

by:habanagold
ID: 17072659
Still lookin for some help.
0
 
LVL 1

Author Comment

by:habanagold
ID: 17075166
Okay. I have narrowed the problem down to authentication to the e-mail server. If I remove restrictions for relaying on my server, the mail is sent out fine. Of course, I can't leave the server like this but it does so that it is able to send mail.

SO WHAT could the problem be. Where is the authentication break down occuring?
0
 
LVL 1

Author Comment

by:habanagold
ID: 17075424
More clues. I have granted relay access to my subnet in the Relay Restrictions options and found that I now can sent mail out. However, if I change this to my domain, it won't work, nor does it work if I pull the subnet out.

How can this be correct since I may have clients that are not on my subnet that need to send Mail?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17077322
Have you checked with your ISP to see if they block port 25?  Often that's the case.

You can test it by using telnet.  http://support.microsoft.com/kb/323350

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17077351
Otherwise, please review http://support.microsoft.com/kb/323436

Jeff
TechSoEasy
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17077438
In order to set it to your domain you need to make sure your DNS is configured correctly and the all internal clients (including the server) use only your DNS server.  No ISP DNS should be on any NIC setting anywhere inside your LAN.  Set this on the Forwarder tab of your DNS server.

0
 
LVL 97

Expert Comment

by:war1
ID: 17078072
Greetings, habanagold !

Looks like you have done some troubleshooting and narrowed it down to authentication. I assume you are using Outlook. Here are some troubleshooting steps to try:

1. Register an important send/receive library file.  Go to Start > Run and type regsvr32 inetcomm.dll

2. Check if antivirus email check is slowing sending and receiving.  Disable it.

3. In the account settings, Advanced settings, change the server timeout time from 1 min to 5 min

4. Check if outgoing mail server authentication is required. Select that option in account settings and use same settings as incoming server

5. Your ISP may be blocking port 25. Try using alternate port 587.

6.  Check with email provider Tech Support to determine if server is having trouble.

7. See this troubleshooter for not sending
http://www.slipstick.com/problems/nosend.htm

Best wishes!
0
 
LVL 1

Author Comment

by:habanagold
ID: 17078418
First of all, thanks for all of the responses. Perhaps I didn't post this in the correct area to begin with. I am in the process of migrating my company to Exhcange. However, before I do that, I want to make sure that SMTP/POP services are working correctly before this.

I have a test domain that I am working with. Currently I am at home and have just ran a telnet session to test SMTP services. Below are the results. I changed my domain name for security reasons. If those of you that responded and chew this over, perhaps we could narrow this down.

It just seems that I can not get the appropiate credentials for relaying. As I mentioned earlier, adding my subnet resolved the problem for clients sending mail from the office. However, attempts outiside the office fail with the 550 5.7.1 error.

The other odd thing is that the same client outside the office that cannot send mail, succeeds with the OUtlook client test.

220 DHWZT21.MYDOMAIN.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830
ready at  Mon, 10 Jul 2006 21:58:56 -0400
EHLO MYDOMAIN.com
250-DHWZT21.MYDOMAIN.COM Hello [74.133.6.36]
250-TURN
250-SIZE 2097152
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250 OK
mail from:tcpip@MYDOMAIN.COM
250 2.1.0 tcpip@MYDOMAIN.COM ....Sender OK
rcpt to:sisqo@insightbb.com
550 5.7.1 Unable to relay for sisqo@insightbb.com
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17078766
Okay, then you are getting this because you haven't enabled relaying even from your own machine.  You have to at least allow it for 127.0.0.1, or any other PRIVATE IP address range within your LAN.  But deny it for anything outside.

See http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/58f05ef9-55a3-42b3-9f57-27fdc8723b8a.mspx?mfr=true for all thie info.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:habanagold
ID: 17085845
Okay. I think I have not been clear on my last comment. The telnet log was run from my home office to the mail server I am trying to get running. I know that the unable to relay message will appear because of the restrictions I have imposed. This is what I want so that my server will not be abused with relaying spam.

If I run the Telnet session on the network the mail server resides, I can successfully send mail to outside domains.
The only way my test clients can successfully send mail inside my network is if I grant access to my subnet in the Relay Restrictions option for the SMTP service. The box is checked for "Allow all computer which successfully authenticate to relay, regardless of the list above", but my test clients would get the same 550 5.7.1 error if the subnet was left out.

This is where my problem is because it doesn't appear that the authentication is working properly. How will my clients outside of my network be able to use the Mail server. I can't possibly added networks to this list. I thought that is what the "Allow all computer which successfully authenticate to relay, regardless of the list above" box was for.
 
When testing my Outlook client outside of the network, the test is successful for testing configuration settings as well as receiving mail. However, when I try to send mail out the client recieves the 550 5.7.1 error message.

WHY aren't these remote client able to authenticate to my server???????????????
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17094316
Do you have Active Directory configured?  Because the "successfully authenticate" requires that the client machines to be members of the domain.  As for external clients, you would either configure RPC over HTTPS, use a VPN, or have them use Outlook Web Access.

In your test of Outlook outside the network, were you connected via VPN? or using RPC over HTTPS?

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:habanagold
ID: 17103988
YES AD. This server is a member server in a Domain. I checked the use of AD authentication when I setup the POP3 Service. I think because I posted this here there may be confusion. This is NOT an Exchange Server. This is Windows 2003 employing the SMTP mail services. Therefore RPC over HTTPS, VPN or Oulook WEB access is irrelevant.

Before I go to Exchange, I want to make sure that we SMTP service is fully funcitonal. Currently our company has SMTP services out sourced to a 3rd party. We want to get away from them because of performance issues.

Clients can connect to their Mail servers from anywhere. It doesn't have to be on their network. Why can't I do the same. I hope I have explained this completely now. Please remove Exchange from your thinking when considering this problem.
0
Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17104401
Well, I think your method of testing is a bit obtuse... all you need to do is telnet into the server to test.  Please see http://www.petri.co.il/test_smtp_service.htm

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:habanagold
ID: 17104421
Please see previouse posts on Telnet Tests. Inside network - successful. Outside Network fails and it should because open relay is prohibited.

I just removed all restrictions on relaying and was successfully able to use an external client to send out mail. THIS is telling me that there is something wrong in the authentication part for relaying mail. Let's concentrate on this.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17104524
Fine, but when you install Exchange you won't configure authentication in the SMTP service.  That gets configured in Exchange.  So I don't understand what you are trying to test for.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:habanagold
ID: 17104915
I have moved this post over to the Windows 2003 Server area. I guess I put this in the wrong place and it just doesn't seem I can make it clear on what I am trying to do.

1. We are using POP mail services from and 3rd party. We want to move to Exchange 2003.
2. First step it to move POP mail services in house to ensure that DNS, receive and send work properly before adding on the Exchange overhead.
3. I know Exchange will handle things a little differently but I thought it prudent to make gradual changes before doing a "pulll and jerk" switch from our existing environment to a new one and then have a something go wrong and have a complex situation to resolve and our company's email out.

If there is a better way to do this then someone let me know.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 17112105
I'm sorry, but that still doesn't make sense to me.  You currently using an ISP to handle your email... so, then that would be your "stable" configuration until you get Exchange installed.  Configuring the Windows Server SMTP and POP3 service really won't have a lot do do with how you will be able to handle Exchange and it's configuration.  Since even though Exchange will use the native SMTP service it handles all of the configuration of that service... so all you need to do is make sure the service is operational, the rest won't have anything to do with Exchange's settings.

I do understand that you want to learn about these protocols and how they interact...  this is why setting up servers in a lab environment is recommended.  That way you can install Exchange without disrupting your business processes (keeping your email at the ISP as it is currently configured) and then once you have Exchange running smoothly you can move it into the production environment.

I'm really not trying to stonewall you here... and I know that you aren't happy with my responses... but I am really trying to tell you that there is a better way to do what you are attempting.  I hope that I am being helpful and explaining the reasons for my comments... please let me know if you still don't understand where I'm coming from.

Jeff
TechSoEasy

P. S.  If your company is small, (under 50 users) then you probably don't have the time or resources to set up a lab environment.  This is why Windows Small Business Server 2003 was created which has Exchange installed and configured as part of its basic deployment.  If this is the case, please advise and I can offer more information about that.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17112157
I agree with Jeff here.

Configuring your server with POP and SMTP is wasting your time and effort.  As soon as Exchange is installed then everything you have done up to now is gone.

You can configure Exchange to use the POP3 mail source you have now and then move over to your own mail store - this much can be done safely.

0
 
LVL 1

Author Comment

by:habanagold
ID: 17114899
I guess I forgort to mention that I do have a lab. My company is small so I brought in my own equipment and created a trust from their production domain to my test domain. My test domain is the domain where I have been referring to in all my entries. So, I am not worried about jeapordizing the production domain.

I guess I thought that setting up POP/SMTP mail would be a simple approach to weaning them off of the 3rd party system we have. We have inconsistent performance with our 3rd party and they don't appear to want to make any improvements for us.

Getting to Exchange will be the ultimate goal, but currently, the company has not afforded me with the additional budget to do this. Although I have a legal copy of Exchange, I do not have the backup add-ons I want to ensure a safe environment for disaster recovery. I do not want to have a single Exchange Server running without a budge for a second one for backup.

With that background aside, perhaps you can see why I was moving the way I was. I just want to get them off of the current 3rd party e-mail ASAP and then when the budget is available, I would graduate them to Exchange.

If you are telling me that it is not available to setup Windows 2003 SMTP/POP3 mail for internal and external use then I will quit beating my head against the wall. As I have stated, my clients can send and receive e-mail (in my test domain) when they are on the network. I just have a problem with them sending mail outside the network.

I appreciate your time.
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
ID: 17114910
Having a second Exchange server isn't affording you any redundancy for the sake of DR.

Having backup agents for a third party backup program is prudent, but in the interim NTBACKUP works fine for DR.  When Exchange is installed it modifies NTBACKUP so that is can backup Exchange-related files and the stores.

As long as you backup consistently, you can recover fairly quickly.

0
 
LVL 1

Author Comment

by:habanagold
ID: 17117432
My concern with backups is that restoring a single mailbox is somewhat complicated without additional tools isn't it?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17117520
No.  Exhange has a built-in Recovery Store that you use to do this.

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17118987
I think it's important to point out that the Windows 2003 SMTP and POP3 services are really there to support IIS Web Applications, and are not intended to be used as a company's mail service... which is what Exchange is for.  I wouldn't move them off the 3rd party mail service unless it's causing problems.  The Windows SMTP/POP service without Exchange is probably not as good as what they have.  

Also, as for restoring a single mailbox it isn't complicated at all... other than the built-in recovery store, there are also two methods to recover a mailbox.  One is if Cached Exchange mode is used, then a full copy of the mailbox is cached on the user's workstation and that can be migrated from an .ost file to a .pst file by opening Outlook up offline and exporting everything from the .ost file and then importing it back into a .pst file.

The other way is by using EXMerge http://support.microsoft.com/kb/823176.

And I'll second the use of NTBackup... plus Exchange has a Deleted Item Recovery function that will store deleted items for a specified length of time that can be recovered by users themselves.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:habanagold
ID: 17120901
I suppose these answers put an end to my question. I don't know why I get the 550 error outside the network but it appears that it is a direction not worth pursuing. I guess it's frustrating to have wasted so much of my time, and this thread, pursuing something that is pointless.

With that said, I wll pursue installing Excahnge this week and hopefully the 550 error will be non-existent. I will respond when I have completed this.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17127106
I took one last glance over this whole thread and the only thing we didn't discuss that I can think would have an effect on any of this is the firewalls you have in place.  

What hardware or softrware firewalls are there both on the source and target networks?

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:habanagold
ID: 17127316
I have NetGEAR Firewalls in place and rules setup to allow ports 110 and 25 open. They forward into the mail server runinng at a NAT address of 192.168.1.3. I just about given this exercise up. It all works except for external clients can sent mail. They are refused everytime.

I really thought this was a couple of hours work but this has been a wasted effort to even try it. I just can't believe no one has ever tried to do this and not run into the same problems and resolved it.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17127910
I'm sure someone has tried to do this, but it wouldn't really be for the reasons you are.  As I mentioned earlier, the Windows STMP service on its own would normally be used to support IIS, and in that case remote relay authentication would be handled by some kind of ASP script.

I wouldn't think it was a wasted effort unless you haven't learned ANYTHING from the exercise... I generally find that even if my efforts do not result in the expected outcome, I still have accomplished something by just making the attempt.

Good luck with your Exchange install when you get to that!

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:habanagold
ID: 17292923
All I can tell you now is that the server has been working fine since my last comment. Internal client have no problem sending mail. However, it is the external aspect that doesn't seem to work. Somehow the credenitals sent to the server from clients an external network are not being parsed properly or what. As it has been mentioned, once I move to Exchange, I suppose this won't be an issue. It just bugs me that I can't find out why external clients can not send mail through the server.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17304844
Because Windows SMTP Service is not a MAIL SERVER.  It's a service to send and receive email messages for the server itself.  It does not have any way to authenticate external clients.

Jeff
TechSoEasy
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now