Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

550 5.7.1 Access denied when sending to certain domains

Posted on 2006-11-02
8
Medium Priority
?
6,299 Views
Last Modified: 2008-02-20
We have an exchange small business server (2003, sp1).  It controls email for a few domains, namely mp3car.com.
We recently moved email for streetdeck.com from an external host to our exchange server.  I added this to the default recipient policy and email is working fine.  The problem came when I changed a few users to have @streetdeck as their primary email address.  It works fine for almost all domains, but we are having a problem with one of them: goldsys.com.  When streetdeck is the primary email it bounces, when mp3car is it goes through fine.  

Here is the bounce back email:
      postmaster@goldsys.com on 11/2/2006 2:10 PM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <exchange.innovateusa.com #5.7.1 smtp;550 5.7.1 Access denied>

I get even 7004 in the event viewer:
This is an SMTP protocol error log for virtual server ID 1, connection #247. The remote host "199.45.177.9", responded to the SMTP command "mail" with "550 5.7.1 Access denied  ". The full command sent was "MAIL FROM:<mikehall@streetdeck.com>  ".  This will probably cause the connection to fail.

I tried telneting to mx1.goldys.com, I can connect but I get 550 5.7.1 access denied whenever I try any address using the "MAIL FROM:" command.  I don't see how they could be blocking our server if the same server can successfully send email with one domain, but not the other.  
0
Comment
Question by:innovateusa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 8

Expert Comment

by:xxgenius
ID: 17861167
They are blocking your domain name.  The  SMTP primary alias is what the mail server sees that alias as the from address.  It doesn't know about other addresses.  

Do you manage the server 199.45.117.9?  This is the server blocking the domain name.
0
 

Author Comment

by:innovateusa
ID: 17861248
199.45.177.9 is goldsys.com, this is who we are trying to send to so I don't manage it.
So I need to get a hold of whoever manages their email server?  
0
 
LVL 27

Expert Comment

by:Exchange_Admin
ID: 17861990
There are many reasons why they could be blocking you.
1) You don't have a Reverse DNS record. Many companies block email from anyone without RDNS records. This is happening more and more. Have your ISP create the RDNS record for you.
2) You have an ADSL connection. Many companys are block from these also. If this is your case then you may have to send email to them through an SMTP connector that forwards the messages to your ISP's SMTP server.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 27

Expert Comment

by:Exchange_Admin
ID: 17862006
These problems are discussed here several times a week. If you do a search then you will likely find links to resolve your problem.
0
 

Author Comment

by:innovateusa
ID: 17863623
I have a T1 connection.  I do have reverse dns record's here is what they are configured to:
138.170.234.205.in-addr.arpa mx1.dnsmadeeasy.com. [TTL=26]
234.13.16.66.in-addr.arpa static-66-16-13-234.dsl.cavtel.net.

dnsmadeeasy is my backup mx server,
cavtel is my T1 provider.  

Since I'm sending from these from the same server and it works with a different default email address, I don't think it's a reverse dns issue.  I also have ptr records in place.  
0
 
LVL 8

Expert Comment

by:xxgenius
ID: 17865959
No Reverse DNS exits for those 2 IP addresses.  Reserver DNS is not the same as setting that you control from your DNS servers.  This is a name mapped to your public IP.  This is done via your ISP.  You can check if you have a reverse DNS at sites such as www.dnsstuff.com and postmaster.info.aol.com where you can do your own tests.
0
 

Author Comment

by:innovateusa
ID: 17866599
Okay, so should the reverse dns report back the name of our exchange server (exchange.innovateusa.com)?  
0
 
LVL 8

Accepted Solution

by:
xxgenius earned 2000 total points
ID: 17866654
it should have a fully qualifies domain name.  the name can be any you chose, but yes, exchange.innovateusa.com would work.  this way, an smtp server, which verifies incoming IP connections to fully qualified domain neame, can pass the email as comming from a valid email server.  the server that should have the reverse DNS should be any server which send smtp to other smtp servers.  many companies are now denying mail that comes from a server that doesn't ahve resersve DNS in order to prohibit spam.  since spam originates from PCs and servers not set up as legit email servers, this is an easy way to screen for spam.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question