Relaying Not Allowed errors

I just figured something out that might be a clue. It appears that the messages that are failing (i.e., bouncing back with "550 Relaying not allowed") are ones where the delivery address is not an actual POP3 account, but an alias/forward that goes to some other account. This is the only difference I can see between ones that are failing and ones that are not... its hard to believe this is a coincidence.

I didn't think SMTP server would even know that the recipient address is an alias/forward. Is there a setting somewhere in IIS which will allow these messages to go through?

Please clarify the following points:
1. Is the web server that is running the ASP pages on the same LAN as the SMTP server that you want to use for relaying? Is it even on the same PC?
2. Is the SMTP server only to be used for "relaying through" to the final destination or does it act as the host mail server for some domain(s). From the comment about POP3 accounts it sounds like it is hosting the mail for some domain, and yet IIS is not a serious contender for mail hosting on anything other than a small scale.
3. How does the ASP know it is supposed to be using this SMTP server - did you specify it using an IP address or a FQDN? (Perhaps you have already answered this as I think you are saying it uses smtp.bbdesign.com, but I just wanted to be sure).

1. Yes. Its all on the same computer.
2. Hosts outgoing SMTP for websites that are hosted on the server. Does not relay for any outside users, only for ASP pages on the computer. No incoming mail on the server.
3. ASPmail points to smtp.bbdesign.com, which points to the IP address of the server.

I will do my best to help, but I'm still unclear about the issues in item 2 because I think you're using terminology slightly differently to the way I use it.

Let's start with the easier one, item 3: Please can you try changing your ASPmail code to use 127.0.0.1 instead of smtp.bbdesign.com. To explain - you stated that smtp.bbdesign.com resolves to 207.106.201.83. That appears to be an IP address that is not on the LAN, in which case the requests must be going via the Internet out and then back in again to the same server. That would be a heck of a long way to send the requests when all they need to do is go from one application to another on the same server! If you use 127.0.0.1 instead, then the requests will be sent directly to the SMTP server. Furthermore, you already said that relaying is permitted for 127.0.0.1 so there is a good chance this will fix your problems.

I'll post another comment about item 2 to keep things tidy and give you a chance to try that.

Re item 2: SMTP is a protocol for sending mail from one server to another, so to talk about "hosting outgoing SMTP" confuses me (sorry).

I'll try to explain what I meant in my question. Mail is sent from a source to a destination. Along the way it may pass through one or more SMTP servers. Intermediate servers are "relaying" the mail - i.e. the mail is only passing through them and is not normally stored on them. Assuming all servers in the chain are operating ok, the mail would pass along until it reaches the server that represents the final destination. That last server is the one that is hosting the mail for whatever domain (e.g. all mail for bbdesign.com). The hosting mail server stores the mail for as long as is necessary (could be weeks or even months) and the user's mail clients connect to it so they can collect the mail using POP3, IMAP or some other protocol such as with Outlook linked to Exchange Server.

> "I'm using ASPmail (Persits Software) which is configured to relay through smtp.bbdesign.com on port 25."
That sounds like you are ONLY using this IIS smtp server for relaying and nothing else. This would be quite a common way to send mail from ASP.

> "It appears that the messages that are failing (i.e., bouncing back with "550 Relaying not allowed") are ones where the delivery address is not an actual POP3 account"
That now sounds like you are using the IIS smtp server as the final destination server to host the mail service for bbdesign.com, or some other domain, and the users pick up their mail from that server using POP3.

My question was to try and be clear which of these two was applicable.

Thank you for your comments and explanation. I will try a few things.

Sorry for the confusion. I am only using my SMTP server to send messages out from our server, messages that are generated by ASP pages. I am not hosting any e-mail accounts (POP3) on this server.

I was trying to figure out why some messages were getting to their destination and some were bouncing back with the Relay Not Allowed error. I couldn't see any difference between the two. I noticed that some were bouncing in the case where I happened to know that the recipient address was an alias and not a real POP3 account. The alias and POP3 account do not reside on my server.

Anyway, I'm not convinced that the alias issue is the reason for the bounces anymore, as I am able to get some e-mail to go through to them, just not all.

Just changing to a local IP address doesn't seem to fix it. This page will allow you to send yourself an e-mail from our server:

http://www.bibisbabywear.com/tellafriend2.asp

That way you could look at the headers, maybe there is something there that will give a clue as to what's going on.

Does the IIS SMTP Virtual Server have any domains defined? If so, it will not relay mail for any of those domains, but will relay it for any other domain. Could that be the explanation?

I just tried sending myself an e-mail using that link. The headers show that it went from "blade4" (IP 192.168.0.22) to smtp.bbdesign.com (IP 207.106.201.83) to my mail server. That seems to fit with your description of the system. This confirms that an SMTP server is:
a) receiving the mail from blade4 over the LAN (it reports an internal IP address for blade4)
b) allowing relaying of messages received from blade4

It does not completely confirm that the smtp server doing all this is definitley the one you think it is. You should enable logging on the SMTP server and then look at the log files after sending a message. This will confirm that it really is using the one you think. The log files might also help you diagnose why some e-mails are not being relayed.

Go to IIS Manager. Right-click on "Default SMTP Virtual Server" and select Properties. At the bottom of the General tab is an option to enable logging. As well as ticking the logging option, also click the Properties button next to it and make a note of where the log file is written. I also recommend that you go onto the "Advanced" tab and tick lots of the boxes (including time and date) to make sure you get plenty of information in the log file.

No domains.

Logging has been turned on for some time now. I setup a place where you could view the logs for November 9, 2006 here:

http://bbdesign.com/ex061109.txt

I don't really know how to read SMTP logs very well. Hopefully something in there will give you a good indication as to what's going on.

If you need me to log any additional fields, let me know. Thanks!

ok, I've taken a copy of the log file. Please now disable that link (e.g. move the file it points to or replace the file with an empty one) as soon as possible because it contains email addresses.

It looks as if the problems are happening because you are, in effect, trying to spoof the sender address. You are sending mail from your SMTP server and the sender details within the header have no connection with the SMTP server that you are using to send. The problems are not happening when your ASP code passes the message to your SMTP server blade4. The problems occur when the blade4 SMTP server tries to relay the message to the destination address. For some reason, it is quite often trying to send the message via another SMTP server - there are several examples of it trying to use mailpure.com which just happens to be the mail server for the domain bbdesign.com.

I have to admit that I don't quite understand the logic or mechanism that causes the blade4 SMTP server to select the wrong SMTP server to send the message to, but I suspect it has something to do with the spoofing of the sender's address or the use of the masquerade domain. Furthermore, it is very likely that such obviously spoofed mail would be rejected by spam filters (just supposing it does reach the intended destination).

You might have to re-think your strategy of allowing users of the web site to send mail as if it came from another address. Mail from your company web site should look like it came from your company. Anything else is sender address spoofing and that is what is done on the worst types of unsolicited spam.

I probably should have mentioned this before, but bbdesign.com should be the only exception to which SMTP server is used. We have a smart host setup for that particular domain. Everything else should be going through blade4, though.

So here is what I'm really trying to do:

1. I host a website such as www.domain.com, I do not host e-mail for the domain. Typically the client would have an alias such as sales@domain.com, or we might be transferring the MX records to some other mail server.

2. www.domain.com has e-commerce functions and requires the ability to send customers a receipt after they make a purchase.

3. I generate an e-mail message via ASP, put sales@domain.com as the sender address, customer's e-mail address as the recipient, and use our SMTP server to send the mail.

I understand that domain.com isn't part of the headers (it says blade4, bbdesign.com, etc.), and that is what you are saying is likely the problem. Given that, what is the correct way to do this? Do I need to setup separate SMTP servers for every website? I currently have 150+, so that would be a major task.

Thank you for your help so far, I will certainly give you the points for this one.

Smart Host is set to mx1.mailpure.com, I believe that is only used for mail going to the bbdesign.com domain (my e-mail address) because there were problems with regards to the server not knowing what to do with mail sent to the same domain as the fully-qualified domain name. I don't think it affects any other domains, though.

The checkbox is checked which says "attempt direct delivery before sending to smart host".

Under "domains", it says blade4 and bbdesign.com (which uses the smart host).

I think the revenuer.com domain was incorrectly assigned to mx1.mailpure.com yesterday (I have a server tech who also works on the server, I think he put that there mistakenly), but that it gone now.

I have not heard any complaints about e-mail yet today... so either things are improving on their own somehow, or clients are just getting tired of telling me. I could pull another log from today if you think that might help.

The Smart host will be used for ANY delivery that cannot be sent direct. It will not just apply to bbdesign.com. That explains why some e-mails were being sent to mx1.mailpure.com and were failing. It all makes sense now. You will continue to get problems if you leave that smart host enabled.

You should definitely remove the entry for smarthost, unless you have arranged with the administrator of mx1.mailpure.com to allow your SMTP server to use their server for relaying. Instead you should add a domain in the Domains folder of the Default SMTP Virtual Server as follows: Domain Type is Remote, Domain Name is bbdesign.com. After creating it, right-click on the new domain and select Properties. Now tick the box that says "Allow incoming mail to be relayed to this domain" and then select the option just below to send the mail to a smart host. This is the correct place to put the smart host - it will ONLY be used for mail to bbdesign.com.

That should fix everything. Thanks for the points.

OK, thanks!