Solved

Relay access denied when sending? #5.5.0 smtp;554

Posted on 2009-07-01
6
1,096 Views
Last Modified: 2012-05-07
I've run into a strange issue where we are getting a "relay access denied" NDR generated by our Exchange server while trying to send to someone outside of the domain.  The error can be easily recreated in Telnet.

The facts:
 - Exchange 2003
 - Windows Server 2003
 - Mail is hosted within domain.  Using Outlook XP - 2007
 - Authentication is required to send, however, authentication is handled through AD
 - Telnetting port 25 creates the same error message.
 - USER@YYY.com = My address -- XXX@XXX.COM = Recipient's address

I'm thinking this has something to do with the recipient's email server since they're the only domain that we cannot send to.

Here's what's happened:

 - One of my users complained about NDR when sending to XXX@XXX.COM

 - Telnetted into port 25 of my email server -- mail from: USER@YYY.COM - Sender OK (this is our sender in our domain)

 - RCPT TO: XXX@XXX.COM - 550 5.7.1 Unable to relay for XXX@XXX.COM

 - NDR text shows different error code: "There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. <mail.XYZ.com #5.5.0 smtp;554 <XXX@XXX.com>: Relay access denied>"

 - NDR is generated by my mail server.

Expert help needed:

 - Is this our issue or theirs?
 - If it's our issue, what steps can I take to resolve it?  We have authentication needed to send mail, but authentication should be happening through AD since we're all connected to the domain.  Plus, if I'm not mistaken, we're trying to relay for OUR user, NOT their user...which is weird to me.

If I had to take a guess:

 - MX record for XXX.COM (recipient's domain) shows that they have an external hosting firm.  
 - My guess, they've recently changed mail hosting firms and the rest of the world hasn't caught up yet.  The error in relaying is the old hosting firm saying "we don't handle this user"
 - I could be wrong...it wouldn't be the first time.

Thank you all for your future suggestions and input.
0
Comment
Question by:liscr
  • 3
  • 3
6 Comments
 
LVL 14

Expert Comment

by:RickEpnet
ID: 24756487
Are the Coldfusion and the Exchange server on the same network?

In the Exchange server go into the system manager and expand ot you server then expand protocols expand SMTP and click on Default SMTP virtual server right click and then click on properties then click on the access tab. Click on the relay button. I assume you have it set to  "Only the list below" if so then add the IP address of the Coldfusion server into that list.

See if that helps.

Regarding above: With out true domain names it is had to tell where the problem lies.
0
 
LVL 14

Expert Comment

by:RickEpnet
ID: 24756495
Sorry I was in the wrong category.

Still Regarding above: With out true domain names it is had to tell where the problem lies.

It would help to know the domain namse.
0
 

Author Comment

by:liscr
ID: 24756841
The sending domain is liscr.com
The recipient domain is merlinco.com
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 14

Accepted Solution

by:
RickEpnet earned 500 total points
ID: 24756937
Do you use any RBL's?

merlinco.com is listed on backscatterer.org.

Their low MX records are in0.armourplate.net, in1.armourplate.net and in2.armourplate.net
in0.armourplate.net.      A      IN      28800      195.167.168.83
0
 

Author Comment

by:liscr
ID: 24757356
I believe our firewall uses Spamhaus, and we have ninja spam filter by Sunbelt software on our exchange server.  I'm not sure if Exchange itself subscribes to any lists or if that's possible, I've been maintaining an already set up network.

I just went to DNSStuff and did a "send email" test to them and they got the same response, relay access denied.  I could call the client tomorrow and let them know that their email server is messed up...but at this point, I like trying to figure out what's wrong with it.

Thank you for your help, I'm convinced it's their issue.  Backscatter.org, I believe blacklists improperly configured email servers that don't handle NDR's properly (if I remember correctly what "backscatter" is in the IT world)  I think that's why we can't send to them.

Thanks for your help, solution accepted!
0
 

Author Closing Comment

by:liscr
ID: 31598858
Thank you for your prompt help!!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange raw database size? 5 38
AD FSMO role placing consideration and best practice ? 3 50
Citrix NetScaler LoadBalancer 1 32
PowerShell:  Column widths won't expand 3 22
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question