[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1489
  • Last Modified:

We are using exchange 2007 and sometimes gettings error in email delivery saying, Relaying denied. IP name possibly forged [*.*.*.*] ##

we are using exchange server 2007, and only sometimes we receives error msg Relaying denied. IP name possibly forged [*.*.*.180] ##
 while sending email out to some id's.  
we have leased line supplied by entanet and got dedicated ips,  we are using cisco router with allow all traffic as main gateway then draytek vigor router to do all port redirection stuff,
 [*.*.*.180]  this is our main network ip and thats also our mx records for domain.  mail.claim-today.com .  

any help in this would be much apppreciated.
0
H-Singh
Asked:
H-Singh
  • 4
  • 3
  • 2
  • +1
1 Solution
 
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
let me try and understand. the error occours only when you send mail? or when you receive it??
also you have a router with the public ips and one draytec doing only port redirection, is this right? what smtp server is exchange using to relay mail to outside? his own?
0
 
H-SinghAuthor Commented:
Yea only when we send email and that comes back to us saying that error msg,  yea cisco router is our gateway *.*.*.177 , then draytek router doing port redirection and also assigned our public IP *.*.*.180 thats IP for our network and goes as public IP fromExchange server,

yea exchange default smtp connector using own DNS records to send mails
0
 
SCarrisonCommented:
Is the IP address that you send mail from the same IP address listed as an MX record for your domain(s)?

Some anti-spam systems try to verify that the mail server sending mail out from a domain is "associated" with your domain by checking the IP against MX records.

0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows PowershellĀ® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
H-SinghAuthor Commented:
yea its same as our MX records.
0
 
Sjef BosmanGroupware ConsultantCommented:
I know nothing about Exchange, but that may just be my advantage... :-P

If you look inside the bounced message, can you find out exactly where it got bounced? Was it Exchange, or your mail provider, or the receiver's provider, or the receiving server itself? It might shed some interesting light on this matter. For instance, you might be blaming your own server but what if the culprit is the receiving server...?
0
 
H-SinghAuthor Commented:
Here is the exact error msg that we gets:
______________________________________________________________________________________


Delivery has failed to these recipients or distribution lists:

'*@sp-legal.co.uk'
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

The following organization rejected your message: cluster-a.mailcontrol.com.

  _____  

Sent by Microsoft Exchange Server 2007

Diagnostic information for administrators:

Generating server: CTS-Exchange.claim-today.local

x@sp-legal.co.uk
cluster-a.mailcontrol.com #550 5.7.1 <x@sp-legal.co.uk>... Relaying denied. IP name possibly forged [78.33.55.180] ##

Original message headers:

Received: from CTS-Exchange.claim-today.local ([fe80::3d36:c2be:ede3:814d]) by
 CTS-Exchange.claim-today.local ([fe80::3d36:c2be:ede3:814d%10]) with mapi;
 Thu, 6 Nov 2008 08:46:51 +0000
From: Y<y@claim-today.com>
To: "x@sp-legal.co.uk'" <x@sp-legal.co.uk>
Date: Thu, 6 Nov 2008 08:46:47 +0000
Subject: Clark v Queens Hotel
Thread-Topic: Clark v Queens Hotel
Thread-Index: Ack/7DPzcVJ0vjZHQD+KI1XiN+yGEQ==
Message-ID: <318FD8B63461F6419849C48AFB4B9AAE7AF10197AE@CTS-Exchange.claim-today.local>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: multipart/alternative;
      boundary="_000_318FD8B63461F6419849C48AFB4B9AAE7AF10197AECTSExchangecl_"
MIME-Version: 1.0
______________________________________________________________________________________
0
 
Sjef BosmanGroupware ConsultantCommented:
If I do a reverse lookup for your IP-address, it says it is 78-33-55-180.static.enta.net instead of mail.claim-today.com, and that may be the same the receiving server checks.

I suppose you have an IP-address from some kind of pool at your provider's, and that the provider still owns the IP-address.

Maybe you can change your mail routing, in that it is always sent through your provider's mail server? If he has one, of course. It would be one additional hop, but your problems would be over.
0
 
H-SinghAuthor Commented:
I contacted our ISP regarding this, they said they can't help as our emails are not hosted with them.  is there anything we can change on our exchange server 2007
0
 
Sjef BosmanGroupware ConsultantCommented:
I don't think so, but I hope for you other prove me wrong. The reported address of 78-33-55-180.static.enta.net should be removed from the DNS, and that's where your Internet provider comes in. When a receiving server does a reverse lookup, it should find your domain and not your provider's. It might reiquire a different subscription with your provider, but IMHO you can not solve this problem on your server without his help.
0
 
SCarrisonCommented:
I note you're using IPv6 on your internal network (at least on this server):

Received: from CTS-Exchange.claim-today.local ([fe80::3d36:c2be:ede3:814d]) by
 CTS-Exchange.claim-today.local ([fe80::3d36:c2be:ede3:814d%10]) with mapi;
 Thu, 6 Nov 2008 08:46:51 +0000

Also the header seems to indicate your server CTS-Exchange is passing mails "to itself" before sending them on to the destination.

Also your SMTP connector is set to use the "internal" name (cts-exchange.claim-today.local) .  You should set it to the name of your mx record (e.g. mailserver.claim-today.com).

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now