Solved

Your message wasn't delivered because of security policies

Posted on 2009-05-07
10
2,510 Views
Last Modified: 2013-12-04
Following a session with Symantec attempting to troubleshoot an exchange agent, we now find that we are unable to send email externally.

The NDR is as follows:
Delivery has failed to these recipients or distribution lists:

removed@gmail.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

The following organization rejected your message: ourdomain.com.

Sent by Microsoft Exchange Server 2007
=================================================
Diagnostic information for administrators:

Generating server: exchangeBOX.ourdomain.local

removed@gmail.com
smtp.ourdomain.com #550 5.7.1 Unable to relay for removed@gmail.com ##

Original message headers:

Received: from exchangeBOX.ourdomain.local ([ip_01]) by exchangeBOX ([IP_01]) with
 mapi; Thu, 7 May 2009 22:53:24 +1200
From: removed <removed@ourdomain.com>
To: "removed@gmail.com" <removed@gmail.com>
Date: Thu, 7 May 2009 22:53:23 +1200
Subject: sbsgb
Thread-Topic: sbsgb
Thread-Index: AcnPAgrKlKet+DeYTyW4CJxLBhwiqQ==
Message-ID: <914D37F0F1298E4E85F86BF5EAF35AE50A48180DAE@svr-06>
Accept-Language: en-US, en-NZ
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-NZ
Content-Type: multipart/related;
      boundary="_004_914D37F0F1298E4E85F86BF5EAF35AE50A48180DAEsvr06_";
      type="multipart/alternative"
MIME-Version: 1.0

I have attempted backtracking some of the tasks performed during the Symantec call, but to no avail.

The exchange server is on a Server 2008 64bit platform, and was working fine until today.

I have tried adding an additional smtp connector for the server range, but that had no effect. Nothing I do appears to have an effect and I am stumped.
0
Comment
Question by:GlennCameron
  • 5
  • 5
10 Comments
 
LVL 12

Accepted Solution

by:
Steven Wells earned 500 total points
ID: 24324304
Do you still have a send connector setup on your server?

http://msexchangeteam.com/archive/2006/11/17/431555.aspx
0
 

Author Comment

by:GlennCameron
ID: 24324307
More info:

This affects ALL domain users, but only for mail goin OUT.

Incoming works fine, and so does internal mail.

During the Symantec call, we made modifications to the following which I have tried to de-apply:
- C: drive root security. Added the Admin user account and attempted to apply full permissions. I removed this afterwards.
- Added the admin user to the local administrators group. I removed this afterwards
- Reinstalled the agent for Backup exec
- Added the telnet feature. I removed this afterwards.
- Modified the windows firewall. I have turned this off for the mean time.
0
 

Author Comment

by:GlennCameron
ID: 24324318
The send connetor is still there.
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 24324322
Does your server send email to a relay server, or directly to Internet?
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 24324339
Have you tried running the exchange tools such as message flow troubleshooter?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:GlennCameron
ID: 24324343
It routes through the Firewall (ISA 2007)
0
 

Author Comment

by:GlennCameron
ID: 24324348
...i mean ISA 2006
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 24324363
Have you had a look at event logs on server too? Rebooted?
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 24324412
Try this command from Exchange Shell and post results
Get-SendConnector | fl
0
 

Author Closing Comment

by:GlennCameron
ID: 31578949
I changed the Internet Send Connector to fix this. The Network tab had entries for how it sends mail. It was set to the firewall, and I changed it to "Use DNS MX records" and it fixed it. Thanks for your directing me to the solution Steven.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now