dhoose
asked on
"Relay not permitted" error when replying to multiple recipeints
I think I have a tough one. We have Exchange Server 2003 and are having trouble replying to users from a couple of different domains. Here's the kicker: we only have the problem when the reply is sent to a group of multiple recipients including some from the afore mentioned domains.
The error is the old favorite "There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail1.ourdomainname.com #5.5.0 smtp;550 relay not permitted> "
As I said, we only have the problem under those circumstances so I doubt it's the usual communication problem between servers. I can see the MX record for the domains and telnet from our server to theirs with no problem. I have contacted the administrators from both domains and they cannot see the emails coming to their servers at all.
I have tried using a smart host which seemed to fix the problem for a short time for one of the domains but doesn't work anymore.
I set up an Exchange Contact in Active Directory with an email address for one of the domains and deleted him from my user's Contacts. That worked for a while as well but then stopped working.
This happens on more than one workstation as well as from OWA or a Blackberry.
I don't think it's connected but we do have Blackberry Enterprise Server installed on second server.
I need help, please!
The error is the old favorite "There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail1.ourdomainname.com #5.5.0 smtp;550 relay not permitted> "
As I said, we only have the problem under those circumstances so I doubt it's the usual communication problem between servers. I can see the MX record for the domains and telnet from our server to theirs with no problem. I have contacted the administrators from both domains and they cannot see the emails coming to their servers at all.
I have tried using a smart host which seemed to fix the problem for a short time for one of the domains but doesn't work anymore.
I set up an Exchange Contact in Active Directory with an email address for one of the domains and deleted him from my user's Contacts. That worked for a while as well but then stopped working.
This happens on more than one workstation as well as from OWA or a Blackberry.
I don't think it's connected but we do have Blackberry Enterprise Server installed on second server.
I need help, please!
peakpeak
Maybe you missed to mention it but have you actually tried to send to one of the failing recipients ONLY?
ASKER
Thanks for your quick response. As I said, we only have the problem when replying to an email with multiple recipients. We have no problem sending or replying to individual email addresses on either of the domains. Also, we can send a new email to multiple recipients that include addresses from the problem domains. It's only replying to a group that is giving us problems.
Then you need to investigate the headers of the messages from the failing domains. The Reply-To address is probably different from the email address you're using for sending a new mail.
ASKER
I'm not being clear. Let me try an example. User A is on the problem domain. He sends an email to User B on our domain and also to other users outside our domain. If User B replies to all, the reply will go to all the users except for any users on the domain that User A belongs to. User B gets the "Relay not permitted" NDR.
If User A sends an email to User B and User B replies to User A only, the email makes it to User A.
Sounds like a story problem from grade school!
The email addresses in the headers are correct.
If User A sends an email to User B and User B replies to User A only, the email makes it to User A.
Sounds like a story problem from grade school!
The email addresses in the headers are correct.
A couple of questions:
1. Is there any 3rd party software installed on your Exchange server, such as anti-spam, anti-virus etc?
2. Could this be in anyway linked to the Number of recipients in the email? E.g once you get over say 10 recipients the email fails but 9 works fine?
1. Is there any 3rd party software installed on your Exchange server, such as anti-spam, anti-virus etc?
2. Could this be in anyway linked to the Number of recipients in the email? E.g once you get over say 10 recipients the email fails but 9 works fine?
the domain portion in the non-working emails must be different to the company's advertised domain. it may only be slightly different.
eg
working: username123@domain.com
notworking: username123@gw.domain.com
eg
working: username123@domain.com
notworking: username123@gw.domain.com
ASKER
We do have Symantec Mail Security and Premium Antispam installed. I checked the logs and it doesn't appear that it's the problem. I entered the trouble domains into the whitelist of domains to send to just to be sure.
The number of recipients varies so it's hard to tell if that's it. I checked to see if there was a limit on recipients and there's not. How else could the number of recipients affect replying?
I checked the domain names. They are correct.
The number of recipients varies so it's hard to tell if that's it. I checked to see if there was a limit on recipients and there's not. How else could the number of recipients affect replying?
I checked the domain names. They are correct.
The recipient limits in Exchange as well as any anti-spam or mail filtering software is what I was aiming at, some software limits not only the total number of recipients but also the number of recipients in the TO: and or CC/BCC fields so that might be worth looking out for.
On to pinning down the cause i guess (I am resorting to a normal troubleshooting method that I would generally follow so please ignore or tut loudly at steps you may have done!)
- Is the problem related to user or computer in anyway? If a user gets the problem on one machine, can you replicate the error with the same user/email on another machine? I know you mentioned OWA and BES earlier but is this the same user/email?
- Are you able to disable all the Symantec software and try to replicate the problem to totally elimnate this?
- Do the number of addresses in the TO: field affect this in anyway? You mentioned that sending to same recipients worked fine but was this using the same addresses in the same fields?
On to pinning down the cause i guess (I am resorting to a normal troubleshooting method that I would generally follow so please ignore or tut loudly at steps you may have done!)
- Is the problem related to user or computer in anyway? If a user gets the problem on one machine, can you replicate the error with the same user/email on another machine? I know you mentioned OWA and BES earlier but is this the same user/email?
- Are you able to disable all the Symantec software and try to replicate the problem to totally elimnate this?
- Do the number of addresses in the TO: field affect this in anyway? You mentioned that sending to same recipients worked fine but was this using the same addresses in the same fields?
can you post a detailed header?
at some point in the delivery chain a mailserver is being asked to forward email for a domain it isn't responsible for, and generates "relay not permitted"
at some point in the delivery chain a mailserver is being asked to forward email for a domain it isn't responsible for, and generates "relay not permitted"
ASKER
Mark, I'll check some of the other messages that failed and find out the number of recipients. Because the email recipients that are having problems are big wigs in their respective companies, I can't really send them test messages so I can't disable the Symantec software because I don't know when the next email will go out to the problem domains.
I found out that the problem is only happening to one user. That user uses multiple computers, OWA and a Blackberry. His secretary also sends mail on his behalf from her computer. It doesn't seem to matter which computer or device the email is sent from.
x calibre, I think you might be on to something but which header should I be looking at? The original message that came into our server? If you mean the header from the reply, how do I find that? When I open the sent message and click on Tools and then Options, the Internet header is blank.
I found out that the problem is only happening to one user. That user uses multiple computers, OWA and a Blackberry. His secretary also sends mail on his behalf from her computer. It doesn't seem to matter which computer or device the email is sent from.
x calibre, I think you might be on to something but which header should I be looking at? The original message that came into our server? If you mean the header from the reply, how do I find that? When I open the sent message and click on Tools and then Options, the Internet header is blank.
you're looking in the right spot, but sent items won't have any header information (Outlook generally strips the header information for presentation and only forwards the message content in replies and forwards)
i meant from a message thats returned by the mailserver in question
ie when someone replies to an email that was sent to lots of people, and this error condition is generated, an NDR email should be sent back to the replying user - this is the email that we need to see the internet headers for
i meant from a message thats returned by the mailserver in question
ie when someone replies to an email that was sent to lots of people, and this error condition is generated, an NDR email should be sent back to the replying user - this is the email that we need to see the internet headers for
ASKER
When I open up the NDR email and click Tools, Options is missing. I just get Previous, Next and Toolbars. How can I see the header details? It appears that the NDR is coming from our server.
If the NDR is coming from your own server I dont think you will see any headers as technically it hasnt gone anywhere.
You mentioned earlier that you can telnet an email to the offending domains server, have you tried doing this with multiple recipients to see if you get a more specific error?
I still cant help feeling this is related to the number of recipients though, when you reply to the email that doesn't go how many addresses are in the the TO: field and how many in CC or BCC? If there are more than one in the TO field can you try moving all but one to the CC field and see if this makes a difference? Some systems block over a certain number of recipients in the TO field to help prevent mail storms on problematic servers.
You mentioned earlier that you can telnet an email to the offending domains server, have you tried doing this with multiple recipients to see if you get a more specific error?
I still cant help feeling this is related to the number of recipients though, when you reply to the email that doesn't go how many addresses are in the the TO: field and how many in CC or BCC? If there are more than one in the TO field can you try moving all but one to the CC field and see if this makes a difference? Some systems block over a certain number of recipients in the TO field to help prevent mail storms on problematic servers.
ASKER
I haven't commented recently because I thought it fixed itself but it's back. It happened once with 3 recipients in the To: field and none in CC or BCC. It happened again with 3 in the To: field and one in BCC. Both times, the addresses that failed were on the same domain (not the sender's domain).
ASKER
I sent a test message to the problem domain with my address also in the To: field and another domain in the CC: field. The domain in the CC: field works fine but I believe it could be part of the problem. It seems to always be one of the recipients in the emails that fail. This message made it to me and to the CC: recipient but bounced back going to the problem domain.
Here's the header. I've masked the domains and IP per request of my client.
Microsoft Mail Internet Headers Version 2.0
Received: from mail1.sendersdomain.com ([999.999.999.999]) by mydomain.com with Microsoft SMTPSVC(6.0.3790.1830);
Sun, 14 Oct 2007 11:46:12 -0400
Subject: test
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_
Date: Sun, 14 Oct 2007 11:46:10 -0400
Message-ID: <BC8E0511D2BD0D40A1DEB952C
Content-class: urn:content-classes:messag
X-MimeOLE: Produced By Microsoft Exchange V6.5
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test
Thread-Index: AcgOeVdDKL/2U7hxQ4icC7Wxc0
From: "Sender" <sender@sendersdomain.com>
To: <test@problemdomain.com>,
"dhoose" <dhoose@mydomain.com>
Cc: <test@thisdomainworks.com>
Return-Path: sender@sendersdomain.com
X-OriginalArrivalTime: 14 Oct 2007 15:46:12.0973 (UTC) FILETIME=[5928B1D0:01C80E7
------_=_NextPart_001_01C8
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding:
------_=_NextPart_001_01C8
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding:
------_=_NextPart_001_01C8
Here's the header. I've masked the domains and IP per request of my client.
Microsoft Mail Internet Headers Version 2.0
Received: from mail1.sendersdomain.com ([999.999.999.999]) by mydomain.com with Microsoft SMTPSVC(6.0.3790.1830);
Sun, 14 Oct 2007 11:46:12 -0400
Subject: test
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_
Date: Sun, 14 Oct 2007 11:46:10 -0400
Message-ID: <BC8E0511D2BD0D40A1DEB952C
Content-class: urn:content-classes:messag
X-MimeOLE: Produced By Microsoft Exchange V6.5
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test
Thread-Index: AcgOeVdDKL/2U7hxQ4icC7Wxc0
From: "Sender" <sender@sendersdomain.com>
To: <test@problemdomain.com>,
"dhoose" <dhoose@mydomain.com>
Cc: <test@thisdomainworks.com>
Return-Path: sender@sendersdomain.com
X-OriginalArrivalTime: 14 Oct 2007 15:46:12.0973 (UTC) FILETIME=[5928B1D0:01C80E7
------_=_NextPart_001_01C8
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding:
------_=_NextPart_001_01C8
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding:
------_=_NextPart_001_01C8
ASKER
I tried this hot fix from Microsoft http://support.microsoft.com/kb/915863/en-us but it didn't fix the problem.
Also, somewhere along the line the error message changed. It's now:
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail1.sendersdomain.com #5.5.0 smtp;530 authentication required for relay (#5.7.1)>
Also, somewhere along the line the error message changed. It's now:
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail1.sendersdomain.com #5.5.0 smtp;530 authentication required for relay (#5.7.1)>
ASKER
I might have found something. On emails that make it through to the problem domain, the message history shows "Message transferred to mailserver.problemdomain.l
ASKER
I think I fixed the problem. It looks like it was a DNS issue. I think that my ISP was using cached DNS and that's what the problem was. I switched to the OpenDNS servers and the problem hasn't come back yet. It's been about 3 weeks since I did it but I thought I had it working once before and it came back so I'm not completely convinced but so far, so good.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It was definitely the DNS issue. I haven't had the problem since I switched to OpenDNS.