GlennCameron
asked on
Your message wasn't delivered because of security policies
Following a session with Symantec attempting to troubleshoot an exchange agent, we now find that we are unable to send email externally.
The NDR is as follows:
Delivery has failed to these recipients or distribution lists:
removed@gmail.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
The following organization rejected your message: ourdomain.com.
Sent by Microsoft Exchange Server 2007
========================== ========== ========== ===
Diagnostic information for administrators:
Generating server: exchangeBOX.ourdomain.loca l
removed@gmail.com
smtp.ourdomain.com #550 5.7.1 Unable to relay for removed@gmail.com ##
Original message headers:
Received: from exchangeBOX.ourdomain.loca l ([ip_01]) by exchangeBOX ([IP_01]) with
mapi; Thu, 7 May 2009 22:53:24 +1200
From: removed <removed@ourdomain.com>
To: "removed@gmail.com" <removed@gmail.com>
Date: Thu, 7 May 2009 22:53:23 +1200
Subject: sbsgb
Thread-Topic: sbsgb
Thread-Index: AcnPAgrKlKet+DeYTyW4CJxLBh wiqQ==
Message-ID: <914D37F0F1298E4E85F86BF5E AF35AE50A4 8180DAE@sv r-06>
Accept-Language: en-US, en-NZ
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-NZ
Content-Type: multipart/related;
boundary="_004_914D37F0F12 98E4E85F86 BF5EAF35AE 50A48180DA Esvr06_";
type="multipart/alternativ e"
MIME-Version: 1.0
I have attempted backtracking some of the tasks performed during the Symantec call, but to no avail.
The exchange server is on a Server 2008 64bit platform, and was working fine until today.
I have tried adding an additional smtp connector for the server range, but that had no effect. Nothing I do appears to have an effect and I am stumped.
The NDR is as follows:
Delivery has failed to these recipients or distribution lists:
removed@gmail.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
The following organization rejected your message: ourdomain.com.
Sent by Microsoft Exchange Server 2007
==========================
Diagnostic information for administrators:
Generating server: exchangeBOX.ourdomain.loca
removed@gmail.com
smtp.ourdomain.com #550 5.7.1 Unable to relay for removed@gmail.com ##
Original message headers:
Received: from exchangeBOX.ourdomain.loca
mapi; Thu, 7 May 2009 22:53:24 +1200
From: removed <removed@ourdomain.com>
To: "removed@gmail.com" <removed@gmail.com>
Date: Thu, 7 May 2009 22:53:23 +1200
Subject: sbsgb
Thread-Topic: sbsgb
Thread-Index: AcnPAgrKlKet+DeYTyW4CJxLBh
Message-ID: <914D37F0F1298E4E85F86BF5E
Accept-Language: en-US, en-NZ
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-NZ
Content-Type: multipart/related;
boundary="_004_914D37F0F12
type="multipart/alternativ
MIME-Version: 1.0
I have attempted backtracking some of the tasks performed during the Symantec call, but to no avail.
The exchange server is on a Server 2008 64bit platform, and was working fine until today.
I have tried adding an additional smtp connector for the server range, but that had no effect. Nothing I do appears to have an effect and I am stumped.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The send connetor is still there.
Does your server send email to a relay server, or directly to Internet?
Have you tried running the exchange tools such as message flow troubleshooter?
ASKER
It routes through the Firewall (ISA 2007)
ASKER
...i mean ISA 2006
Have you had a look at event logs on server too? Rebooted?
Try this command from Exchange Shell and post results
Get-SendConnector | fl
Get-SendConnector | fl
ASKER
I changed the Internet Send Connector to fix this. The Network tab had entries for how it sends mail. It was set to the firewall, and I changed it to "Use DNS MX records" and it fixed it. Thanks for your directing me to the solution Steven.
ASKER
This affects ALL domain users, but only for mail goin OUT.
Incoming works fine, and so does internal mail.
During the Symantec call, we made modifications to the following which I have tried to de-apply:
- C: drive root security. Added the Admin user account and attempted to apply full permissions. I removed this afterwards.
- Added the admin user to the local administrators group. I removed this afterwards
- Reinstalled the agent for Backup exec
- Added the telnet feature. I removed this afterwards.
- Modified the windows firewall. I have turned this off for the mean time.