We are using exchange 2007 and sometimes gettings error in email delivery saying, Relaying denied. IP name possibly forged [*.*.*.*] ##

we are using exchange server 2007, and only sometimes we receives error msg Relaying denied. IP name possibly forged [*.*.*.180] ##
 while sending email out to some id's.  
we have leased line supplied by entanet and got dedicated ips,  we are using cisco router with allow all traffic as main gateway then draytek vigor router to do all port redirection stuff,
 [*.*.*.180]  this is our main network ip and thats also our mx records for domain.  mail.claim-today.com .  

any help in this would be much apppreciated.
H-SinghTechnical DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
let me try and understand. the error occours only when you send mail? or when you receive it??
also you have a router with the public ips and one draytec doing only port redirection, is this right? what smtp server is exchange using to relay mail to outside? his own?
H-SinghTechnical DirectorAuthor Commented:
Yea only when we send email and that comes back to us saying that error msg,  yea cisco router is our gateway *.*.*.177 , then draytek router doing port redirection and also assigned our public IP *.*.*.180 thats IP for our network and goes as public IP fromExchange server,

yea exchange default smtp connector using own DNS records to send mails
Is the IP address that you send mail from the same IP address listed as an MX record for your domain(s)?

Some anti-spam systems try to verify that the mail server sending mail out from a domain is "associated" with your domain by checking the IP against MX records.

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

H-SinghTechnical DirectorAuthor Commented:
yea its same as our MX records.
Sjef BosmanGroupware ConsultantCommented:
I know nothing about Exchange, but that may just be my advantage... :-P

If you look inside the bounced message, can you find out exactly where it got bounced? Was it Exchange, or your mail provider, or the receiver's provider, or the receiving server itself? It might shed some interesting light on this matter. For instance, you might be blaming your own server but what if the culprit is the receiving server...?
H-SinghTechnical DirectorAuthor Commented:
Here is the exact error msg that we gets:

Delivery has failed to these recipients or distribution lists:

Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

The following organization rejected your message: cluster-a.mailcontrol.com.


Sent by Microsoft Exchange Server 2007

Diagnostic information for administrators:

Generating server: CTS-Exchange.claim-today.local

cluster-a.mailcontrol.com #550 5.7.1 <x@sp-legal.co.uk>... Relaying denied. IP name possibly forged [] ##

Original message headers:

Received: from CTS-Exchange.claim-today.local ([fe80::3d36:c2be:ede3:814d]) by
 CTS-Exchange.claim-today.local ([fe80::3d36:c2be:ede3:814d%10]) with mapi;
 Thu, 6 Nov 2008 08:46:51 +0000
From: Y<y@claim-today.com>
To: "x@sp-legal.co.uk'" <x@sp-legal.co.uk>
Date: Thu, 6 Nov 2008 08:46:47 +0000
Subject: Clark v Queens Hotel
Thread-Topic: Clark v Queens Hotel
Thread-Index: Ack/7DPzcVJ0vjZHQD+KI1XiN+yGEQ==
Message-ID: <318FD8B63461F6419849C48AFB4B9AAE7AF10197AE@CTS-Exchange.claim-today.local>
Accept-Language: en-US, en-GB
Content-Language: en-US
acceptlanguage: en-US, en-GB
Content-Type: multipart/alternative;
MIME-Version: 1.0
Sjef BosmanGroupware ConsultantCommented:
If I do a reverse lookup for your IP-address, it says it is 78-33-55-180.static.enta.net instead of mail.claim-today.com, and that may be the same the receiving server checks.

I suppose you have an IP-address from some kind of pool at your provider's, and that the provider still owns the IP-address.

Maybe you can change your mail routing, in that it is always sent through your provider's mail server? If he has one, of course. It would be one additional hop, but your problems would be over.
H-SinghTechnical DirectorAuthor Commented:
I contacted our ISP regarding this, they said they can't help as our emails are not hosted with them.  is there anything we can change on our exchange server 2007
Sjef BosmanGroupware ConsultantCommented:
I don't think so, but I hope for you other prove me wrong. The reported address of 78-33-55-180.static.enta.net should be removed from the DNS, and that's where your Internet provider comes in. When a receiving server does a reverse lookup, it should find your domain and not your provider's. It might reiquire a different subscription with your provider, but IMHO you can not solve this problem on your server without his help.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I note you're using IPv6 on your internal network (at least on this server):

Received: from CTS-Exchange.claim-today.local ([fe80::3d36:c2be:ede3:814d]) by
 CTS-Exchange.claim-today.local ([fe80::3d36:c2be:ede3:814d%10]) with mapi;
 Thu, 6 Nov 2008 08:46:51 +0000

Also the header seems to indicate your server CTS-Exchange is passing mails "to itself" before sending them on to the destination.

Also your SMTP connector is set to use the "internal" name (cts-exchange.claim-today.local) .  You should set it to the name of your mx record (e.g. mailserver.claim-today.com).

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.