Solved

Relaying Not Allowed errors

Posted on 2006-11-08
16
660 Views
Last Modified: 2008-02-01
It appears that some e-mail is being rejected by my SMTP server (Windows 2003), returns the 550 Relaying Not Allowed message. The majority of mail DOES go through, but a fair percentage is not due to this error.

Strangely enough, though, all mail is generated in the same way via ASP pages. I'm using ASPmail (Persits Software) which is configured to relay through smtp.bbdesign.com on port 25. DNS for smtp.bbdesign.com resolves to 207.106.201.83. From there, the SMTP server in IIS takes over.

When I view properties for the SMTP server, the IP address is set to an internal IP, 192.168.0.22. Relaying is allowed on 127.0.0.1, 192.168.0.20, 192.168.0.21, and 192.168.0.22. Masquerade domain is smtp.bbdesign.com. Fully-qualified domain name is blade4.bbdesign.com which resolves to 207.106.201.72.

I'm guessing there is a setting somewhere in this that I don't have quite right. I can't understand why only SOME mail is being rejected, though, as all mail is sent via nearly identical code.
0
Comment
Question by:bbdesign
  • 8
  • 8
16 Comments
 

Author Comment

by:bbdesign
ID: 17900426
I just figured something out that might be a clue. It appears that the messages that are failing (i.e., bouncing back with "550 Relaying not allowed") are ones where the delivery address is not an actual POP3 account, but an alias/forward that goes to some other account. This is the only difference I can see between ones that are failing and ones that are not... its hard to believe this is a coincidence.

I didn't think SMTP server would even know that the recipient address is an alias/forward. Is there a setting somewhere in IIS which will allow these messages to go through?
0
 
LVL 19

Expert Comment

by:feptias
ID: 17905568
Please clarify the following points:
1. Is the web server that is running the ASP pages on the same LAN as the SMTP server that you want to use for relaying? Is it even on the same PC?
2. Is the SMTP server only to be used for "relaying through" to the final destination or does it act as the host mail server for some domain(s). From the comment about POP3 accounts it sounds like it is hosting the mail for some domain, and yet IIS is not a serious contender for mail hosting on anything other than a small scale.
3. How does the ASP know it is supposed to be using this SMTP server - did you specify it using an IP address or a FQDN? (Perhaps you have already answered this as I think you are saying it uses smtp.bbdesign.com, but I just wanted to be sure).
0
 

Author Comment

by:bbdesign
ID: 17905869
1. Yes. Its all on the same computer.
2. Hosts outgoing SMTP for websites that are hosted on the server. Does not relay for any outside users, only for ASP pages on the computer. No incoming mail on the server.
3. ASPmail points to smtp.bbdesign.com, which points to the IP address of the server.
0
 
LVL 19

Expert Comment

by:feptias
ID: 17906049
I will do my best to help, but I'm still unclear about the issues in item 2 because I think you're using terminology slightly differently to the way I use it.

Let's start with the easier one, item 3: Please can you try changing your ASPmail code to use 127.0.0.1 instead of smtp.bbdesign.com. To explain - you stated that smtp.bbdesign.com resolves to 207.106.201.83. That appears to be an IP address that is not on the LAN, in which case the requests must be going via the Internet out and then back in again to the same server. That would be a heck of a long way to send the requests when all they need to do is go from one application to another on the same server! If you use 127.0.0.1 instead, then the requests will be sent directly to the SMTP server. Furthermore, you already said that relaying is permitted for 127.0.0.1 so there is a good chance this will fix your problems.

I'll post another comment about item 2 to keep things tidy and give you a chance to try that.
0
 
LVL 19

Expert Comment

by:feptias
ID: 17906169
Re item 2: SMTP is a protocol for sending mail from one server to another, so to talk about "hosting outgoing SMTP" confuses me (sorry).

I'll try to explain what I meant in my question. Mail is sent from a source to a destination. Along the way it may pass through one or more SMTP servers. Intermediate servers are "relaying" the mail - i.e. the mail is only passing through them and is not normally stored on them. Assuming all servers in the chain are operating ok, the mail would pass along until it reaches the server that represents the final destination. That last server is the one that is hosting the mail for whatever domain (e.g. all mail for bbdesign.com). The hosting mail server stores the mail for as long as is necessary (could be weeks or even months) and the user's mail clients connect to it so they can collect the mail using POP3, IMAP or some other protocol such as with Outlook linked to Exchange Server.

> "I'm using ASPmail (Persits Software) which is configured to relay through smtp.bbdesign.com on port 25."
That sounds like you are ONLY using this IIS smtp server for relaying and nothing else. This would be quite a common way to send mail from ASP.

> "It appears that the messages that are failing (i.e., bouncing back with "550 Relaying not allowed") are ones where the delivery address is not an actual POP3 account"
That now sounds like you are using the IIS smtp server as the final destination server to host the mail service for bbdesign.com, or some other domain, and the users pick up their mail from that server using POP3.

My question was to try and be clear which of these two was applicable.
0
 

Author Comment

by:bbdesign
ID: 17906216
Thank you for your comments and explanation. I will try a few things.

Sorry for the confusion. I am only using my SMTP server to send messages out from our server, messages that are generated by ASP pages. I am not hosting any e-mail accounts (POP3) on this server.

I was trying to figure out why some messages were getting to their destination and some were bouncing back with the Relay Not Allowed error. I couldn't see any difference between the two. I noticed that some were bouncing in the case where I happened to know that the recipient address was an alias and not a real POP3 account. The alias and POP3 account do not reside on my server.

Anyway, I'm not convinced that the alias issue is the reason for the bounces anymore, as I am able to get some e-mail to go through to them, just not all.
0
 

Author Comment

by:bbdesign
ID: 17907519
Just changing to a local IP address doesn't seem to fix it. This page will allow you to send yourself an e-mail from our server:

http://www.bibisbabywear.com/tellafriend2.asp

That way you could look at the headers, maybe there is something there that will give a clue as to what's going on.
0
 
LVL 19

Expert Comment

by:feptias
ID: 17907888
Does the IIS SMTP Virtual Server have any domains defined? If so, it will not relay mail for any of those domains, but will relay it for any other domain. Could that be the explanation?

I just tried sending myself an e-mail using that link. The headers show that it went from "blade4" (IP 192.168.0.22) to smtp.bbdesign.com (IP 207.106.201.83) to my mail server. That seems to fit with your description of the system. This confirms that an SMTP server is:
a) receiving the mail from blade4 over the LAN (it reports an internal IP address for blade4)
b) allowing relaying of messages received from blade4

It does not completely confirm that the smtp server doing all this is definitley the one you think it is. You should enable logging on the SMTP server and then look at the log files after sending a message. This will confirm that it really is using the one you think. The log files might also help you diagnose why some e-mails are not being relayed.

Go to IIS Manager. Right-click on "Default SMTP Virtual Server" and select Properties. At the bottom of the General tab is an option to enable logging. As well as ticking the logging option, also click the Properties button next to it and make a note of where the log file is written. I also recommend that you go onto the "Advanced" tab and tick lots of the boxes (including time and date) to make sure you get plenty of information in the log file.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:bbdesign
ID: 17908925
No domains.

Logging has been turned on for some time now. I setup a place where you could view the logs for November 9, 2006 here:

http://bbdesign.com/ex061109.txt

I don't really know how to read SMTP logs very well. Hopefully something in there will give you a good indication as to what's going on.

If you need me to log any additional fields, let me know. Thanks!
0
 
LVL 19

Expert Comment

by:feptias
ID: 17912604
ok, I've taken a copy of the log file. Please now disable that link (e.g. move the file it points to or replace the file with an empty one) as soon as possible because it contains email addresses.
0
 
LVL 19

Expert Comment

by:feptias
ID: 17912843
It looks as if the problems are happening because you are, in effect, trying to spoof the sender address. You are sending mail from your SMTP server and the sender details within the header have no connection with the SMTP server that you are using to send. The problems are not happening when your ASP code passes the message to your SMTP server blade4. The problems occur when the blade4 SMTP server tries to relay the message to the destination address. For some reason, it is quite often trying to send the message via another SMTP server - there are several examples of it trying to use mailpure.com which just happens to be the mail server for the domain bbdesign.com.

I have to admit that I don't quite understand the logic or mechanism that causes the blade4 SMTP server to select the wrong SMTP server to send the message to, but I suspect it has something to do with the spoofing of the sender's address or the use of the masquerade domain. Furthermore, it is very likely that such obviously spoofed mail would be rejected by spam filters (just supposing it does reach the intended destination).

You might have to re-think your strategy of allowing users of the web site to send mail as if it came from another address. Mail from your company web site should look like it came from your company. Anything else is sender address spoofing and that is what is done on the worst types of unsolicited spam.
0
 

Author Comment

by:bbdesign
ID: 17913738
I probably should have mentioned this before, but bbdesign.com should be the only exception to which SMTP server is used. We have a smart host setup for that particular domain. Everything else should be going through blade4, though.

So here is what I'm really trying to do:

1. I host a website such as www.domain.com, I do not host e-mail for the domain. Typically the client would have an alias such as sales@domain.com, or we might be transferring the MX records to some other mail server.

2. www.domain.com has e-commerce functions and requires the ability to send customers a receipt after they make a purchase.

3. I generate an e-mail message via ASP, put sales@domain.com as the sender address, customer's e-mail address as the recipient, and use our SMTP server to send the mail.

I understand that domain.com isn't part of the headers (it says blade4, bbdesign.com, etc.), and that is what you are saying is likely the problem. Given that, what is the correct way to do this? Do I need to setup separate SMTP servers for every website? I currently have 150+, so that would be a major task.

Thank you for your help so far, I will certainly give you the points for this one.
0
 
LVL 19

Accepted Solution

by:
feptias earned 500 total points
ID: 17915176
This is getting a bit complicated. Please confirm that you do not have anything in the box labelled "Smart host" on the "Advanced Delivery" form in the properties of the Default SMTP Virtual Server (in IIS). I don't think you do from looking at the log file, but you mentioned "smart host" in that last comment so I just want to be sure.

I have looked through that log file again in more detail. The first failed delivery that I could find in that log was at 02:54:30 to a user at the domain revenuer.com. When I check the MX record for that domain it says their mail server is mailhost.revenuer.com (216.219.254.203). However, the log file shows that it is trying to deliver this message by connecting to the SMTP server ragnarok.mailpure.com (66.109.52.101). I cannot see why it should be trying to use the mailpure server to deliver mail for a completely different domain. The only explanation I can think if is that you have a forward lookup zone defined on your DNS server for revenuer.com. Please confirm.
0
 

Author Comment

by:bbdesign
ID: 17915860
Smart Host is set to mx1.mailpure.com, I believe that is only used for mail going to the bbdesign.com domain (my e-mail address) because there were problems with regards to the server not knowing what to do with mail sent to the same domain as the fully-qualified domain name. I don't think it affects any other domains, though.

The checkbox is checked which says "attempt direct delivery before sending to smart host".

Under "domains", it says blade4 and bbdesign.com (which uses the smart host).

I think the revenuer.com domain was incorrectly assigned to mx1.mailpure.com yesterday (I have a server tech who also works on the server, I think he put that there mistakenly), but that it gone now.

I have not heard any complaints about e-mail yet today... so either things are improving on their own somehow, or clients are just getting tired of telling me. I could pull another log from today if you think that might help.
0
 
LVL 19

Expert Comment

by:feptias
ID: 17916113
The Smart host will be used for ANY delivery that cannot be sent direct. It will not just apply to bbdesign.com. That explains why some e-mails were being sent to mx1.mailpure.com and were failing. It all makes sense now. You will continue to get problems if you leave that smart host enabled.

You should definitely remove the entry for smarthost, unless you have arranged with the administrator of mx1.mailpure.com to allow your SMTP server to use their server for relaying. Instead you should add a domain in the Domains folder of the Default SMTP Virtual Server as follows: Domain Type is Remote, Domain Name is bbdesign.com. After creating it, right-click on the new domain and select Properties. Now tick the box that says "Allow incoming mail to be relayed to this domain" and then select the option just below to send the mail to a smart host. This is the correct place to put the smart host - it will ONLY be used for mail to bbdesign.com.

That should fix everything. Thanks for the points.
0
 

Author Comment

by:bbdesign
ID: 17916273
OK, thanks!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now