telecosfl
asked on
Relaying denied. IP name possibly forged
I have seen a resolution to this question but it does not fix my situation. We are using Exchange on a Small Bus Server 2003 with al lthe latest SP's and updates. We are using a Cisco PIX 501 firewall. DNSSTUFF comes back clean on all reports except the SPF which I have been unsuccesful in correcting.
The IP address the email rejection error is pointing to as being forged is one number off the actaul mail server / MX record IP which is the PIX. I found one article that said the PIX MailSecurity feature was the cause but our PIX has no such feature.
Another intersting item is that several users from inside the same office can email to the email address that is being rejected by another employee in the same network.
Any ideas are appreciated.
The IP address the email rejection error is pointing to as being forged is one number off the actaul mail server / MX record IP which is the PIX. I found one article that said the PIX MailSecurity feature was the cause but our PIX has no such feature.
Another intersting item is that several users from inside the same office can email to the email address that is being rejected by another employee in the same network.
Any ideas are appreciated.
Jejin Joseph
Could you post the exact error message or the content of the NDR ?
ASKER
You do not have permission to send to this recipient. For assistance, contact your system administrator. <xyzdomain.com #5.7.1 smtp;550 5.7.1 <Oneal@abcdomain.org>... Relaying denied. IP name possibly forged [72.158.241.4]
The PIX mode you have does have the FIXUP SMTP feature. It is part of all Cisco PIX software.
You should ensure that it is not enabled. However if I telnet to that IP address then I don't get any response at all. Do you have multiple IP addresses? Are you sure that you have the NAT configured correctly so that the server appears to come out of the correct IP address when sending email?
Simon.
You should ensure that it is not enabled. However if I telnet to that IP address then I don't get any response at all. Do you have multiple IP addresses? Are you sure that you have the NAT configured correctly so that the server appears to come out of the correct IP address when sending email?
Simon.
ASKER
I am confident we have the NAT setup properly. We do have multiple IP's x.x.x.5 is the Exchange Server and x.x.x.4 is the PIX to the outside world. Our MX ispointing to .4
Why would email send OK to 99% of the recepients and not to just one or two. AND for the one or two it is only happening for one employee where all other employees in the same LAN can email fine to the same person?
Thanks,
Why would email send OK to 99% of the recepients and not to just one or two. AND for the one or two it is only happening for one employee where all other employees in the same LAN can email fine to the same person?
Thanks,
ASKER
Sorry - the last post should have read:
I am confident we have the NAT setup properly. We do have multiple IP's x.x.x.5 is the Exchange Server and x.x.x.4 is the PIX to the outside world. Our MX ispointing to .5
Why would email send OK to 99% of the recepients and not to just one or two. AND for the one or two it is only happening for one employee where all other employees in the same LAN can email fine to the same person?
Thanks,
I am confident we have the NAT setup properly. We do have multiple IP's x.x.x.5 is the Exchange Server and x.x.x.4 is the PIX to the outside world. Our MX ispointing to .5
Why would email send OK to 99% of the recepients and not to just one or two. AND for the one or two it is only happening for one employee where all other employees in the same LAN can email fine to the same person?
Thanks,
The answer to your question about why it happens to some users and not others is a question you have to ask the operators of the server rejecting the message. The message you are getting is not an Exchange message.
Simon.
Simon.
try to contact the pix administrator and ask him to enable dns fix protocol from the pix firewall , i think this will help you to override this problem
ASKER
The company rejecting the server does not feel there are any issues on their side and are not interested in trying to help. Apparently this is the only person that cannot send emails to them - they say ot is our issue.
DNS Fixup did not correct the error.
We found if we send an email through OWA it goes through fine - Regular Outllok it rejects.
DNS Fixup did not correct the error.
We found if we send an email through OWA it goes through fine - Regular Outllok it rejects.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Why would the issue exist from Exchange over Outlook 2003 but not over the Outlook Web from the same server?
No idea.
The messages should be identical, they are both using MAPI. It could be a message that says one thing but means another.
I am sure that this has been discussed before on this site. Perhaps if you search the database you might find it.
Simon.
The messages should be identical, they are both using MAPI. It could be a message that says one thing but means another.
I am sure that this has been discussed before on this site. Perhaps if you search the database you might find it.
Simon.
ASKER
Thanks - I really appreciate your help and advice.