I've run into a strange issue where we are getting a "relay access denied" NDR generated by our Exchange server while trying to send to someone outside of the domain. The error can be easily recreated in Telnet.
- Exchange 2003
- Windows Server 2003
- Mail is hosted within domain. Using Outlook XP - 2007
- Authentication is required to send, however, authentication is handled through AD
- Telnetting port 25 creates the same error message.
- USER@YYY.com = My address -- XXX@XXX.COM = Recipient's address
I'm thinking this has something to do with the recipient's email server since they're the only domain that we cannot send to.
Here's what's happened:
- One of my users complained about NDR when sending to XXX@XXX.COM
- Telnetted into port 25 of my email server -- mail from: USER@YYY.COM - Sender OK (this is our sender in our domain)
- RCPT TO: XXX@XXX.COM - 550 5.7.1 Unable to relay for XXX@XXX.COM
- NDR text shows different error code: "There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. <mail.XYZ.com #5.5.0 smtp;554 <XXX@XXX.com>: Relay access denied>"
- NDR is generated by my mail server.
Expert help needed:
- Is this our issue or theirs?
- If it's our issue, what steps can I take to resolve it? We have authentication needed to send mail, but authentication should be happening through AD since we're all connected to the domain. Plus, if I'm not mistaken, we're trying to relay for OUR user, NOT their user...which is weird to me.
If I had to take a guess:
- MX record for XXX.COM (recipient's domain) shows that they have an external hosting firm.
- My guess, they've recently changed mail hosting firms and the rest of the world hasn't caught up yet. The error in relaying is the old hosting firm saying "we don't handle this user"
- I could be wrong...it wouldn't be the first time.
Thank you all for your future suggestions and input.