• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1665
  • Last Modified:

Relaying denied. IP name possibly forged

I have seen a resolution to this question but it does not fix my situation.  We are using Exchange on a Small Bus Server 2003 with al lthe latest SP's and updates.  We are using a Cisco PIX 501 firewall.  DNSSTUFF comes back clean on all reports except the SPF which I have been unsuccesful in correcting.

The IP address the email rejection error is pointing to as being forged is one number off the actaul mail server / MX record IP which is the PIX.  I found one article that said the PIX MailSecurity feature was the cause but our PIX has no such feature.

Another intersting item is that several users from inside the same office can email to the email address that is being rejected by another employee in the same network.

Any ideas are appreciated.
0
telecosfl
Asked:
telecosfl
1 Solution
 
Jejin JosephCommented:
Could you post the exact error message or the content of the NDR ?
0
 
telecosflAuthor Commented:
You do not have permission to send to this recipient.  For assistance, contact your system administrator.  <xyzdomain.com #5.7.1 smtp;550 5.7.1 <Oneal@abcdomain.org>... Relaying denied. IP name possibly forged [72.158.241.4]
0
 
SembeeCommented:
The PIX mode you have does have the FIXUP SMTP feature. It is part of all Cisco PIX software.
You should ensure that it is not enabled. However if I telnet to that IP address then I don't get any response at all. Do you have multiple IP addresses? Are you sure that you have the NAT configured correctly so that the server appears to come out of the correct IP address when sending email?

Simon.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
telecosflAuthor Commented:
I am confident we have the NAT setup properly.  We do have multiple IP's x.x.x.5 is the Exchange Server and x.x.x.4 is the PIX to the outside world.  Our MX ispointing to .4

Why would email send OK to 99% of the recepients and not to just one or two.  AND for the one or two it is only happening for one employee where all other employees in the same LAN can email fine to the same person?

Thanks,
0
 
telecosflAuthor Commented:
Sorry - the last post should have read:

I am confident we have the NAT setup properly.  We do have multiple IP's x.x.x.5 is the Exchange Server and x.x.x.4 is the PIX to the outside world.  Our MX ispointing to .5

Why would email send OK to 99% of the recepients and not to just one or two.  AND for the one or two it is only happening for one employee where all other employees in the same LAN can email fine to the same person?

Thanks,
0
 
SembeeCommented:
The answer to your question about why it happens to some users and not others is a question you have to ask the operators of the server rejecting the message. The message you are getting is not an Exchange message.

Simon.
0
 
kmotawehCommented:
try to contact the pix administrator and ask him to enable dns fix protocol from the pix firewall , i think this will help you to override this problem
0
 
telecosflAuthor Commented:
The company rejecting the server does not feel there are any issues on their side and are not interested in trying to help.  Apparently this is the only person that cannot send emails to them - they say ot is our issue.

DNS Fixup did not correct the error.

We found if we send an email through OWA it goes through fine - Regular Outllok it rejects.
0
 
SembeeCommented:
Ah you are stuck in a finger pointing exercise. What usually happens is that the other side doesn't know that there is a problem because no one tells them.

If it is just one domain with the problem then route the email for that domain through your ISPs SMTP Server using an SMTP Connector.

Simon.
0
 
telecosflAuthor Commented:
Why would the issue exist from Exchange over Outlook 2003 but not over the Outlook Web from the same server?
0
 
SembeeCommented:
No idea.
The messages should be identical, they are both using MAPI. It could be a message that says one thing but means another.
I am sure that this has been discussed before on this site. Perhaps if you search the database you might find it.

Simon.
0
 
telecosflAuthor Commented:
Thanks - I really appreciate your help and advice.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now