Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Relay access denied when sending? #5.5.0 smtp;554

Posted on 2009-07-01
6
Medium Priority
?
1,274 Views
Last Modified: 2012-05-07
I've run into a strange issue where we are getting a "relay access denied" NDR generated by our Exchange server while trying to send to someone outside of the domain.  The error can be easily recreated in Telnet.

The facts:
 - Exchange 2003
 - Windows Server 2003
 - Mail is hosted within domain.  Using Outlook XP - 2007
 - Authentication is required to send, however, authentication is handled through AD
 - Telnetting port 25 creates the same error message.
 - USER@YYY.com = My address -- XXX@XXX.COM = Recipient's address

I'm thinking this has something to do with the recipient's email server since they're the only domain that we cannot send to.

Here's what's happened:

 - One of my users complained about NDR when sending to XXX@XXX.COM

 - Telnetted into port 25 of my email server -- mail from: USER@YYY.COM - Sender OK (this is our sender in our domain)

 - RCPT TO: XXX@XXX.COM - 550 5.7.1 Unable to relay for XXX@XXX.COM

 - NDR text shows different error code: "There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. <mail.XYZ.com #5.5.0 smtp;554 <XXX@XXX.com>: Relay access denied>"

 - NDR is generated by my mail server.

Expert help needed:

 - Is this our issue or theirs?
 - If it's our issue, what steps can I take to resolve it?  We have authentication needed to send mail, but authentication should be happening through AD since we're all connected to the domain.  Plus, if I'm not mistaken, we're trying to relay for OUR user, NOT their user...which is weird to me.

If I had to take a guess:

 - MX record for XXX.COM (recipient's domain) shows that they have an external hosting firm.  
 - My guess, they've recently changed mail hosting firms and the rest of the world hasn't caught up yet.  The error in relaying is the old hosting firm saying "we don't handle this user"
 - I could be wrong...it wouldn't be the first time.

Thank you all for your future suggestions and input.
0
Comment
Question by:liscr
  • 3
  • 3
6 Comments
 
LVL 14

Expert Comment

by:RickEpnet
ID: 24756487
Are the Coldfusion and the Exchange server on the same network?

In the Exchange server go into the system manager and expand ot you server then expand protocols expand SMTP and click on Default SMTP virtual server right click and then click on properties then click on the access tab. Click on the relay button. I assume you have it set to  "Only the list below" if so then add the IP address of the Coldfusion server into that list.

See if that helps.

Regarding above: With out true domain names it is had to tell where the problem lies.
0
 
LVL 14

Expert Comment

by:RickEpnet
ID: 24756495
Sorry I was in the wrong category.

Still Regarding above: With out true domain names it is had to tell where the problem lies.

It would help to know the domain namse.
0
 

Author Comment

by:liscr
ID: 24756841
The sending domain is liscr.com
The recipient domain is merlinco.com
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Accepted Solution

by:
RickEpnet earned 2000 total points
ID: 24756937
Do you use any RBL's?

merlinco.com is listed on backscatterer.org.

Their low MX records are in0.armourplate.net, in1.armourplate.net and in2.armourplate.net
in0.armourplate.net.      A      IN      28800      195.167.168.83
0
 

Author Comment

by:liscr
ID: 24757356
I believe our firewall uses Spamhaus, and we have ninja spam filter by Sunbelt software on our exchange server.  I'm not sure if Exchange itself subscribes to any lists or if that's possible, I've been maintaining an already set up network.

I just went to DNSStuff and did a "send email" test to them and they got the same response, relay access denied.  I could call the client tomorrow and let them know that their email server is messed up...but at this point, I like trying to figure out what's wrong with it.

Thank you for your help, I'm convinced it's their issue.  Backscatter.org, I believe blacklists improperly configured email servers that don't handle NDR's properly (if I remember correctly what "backscatter" is in the IT world)  I think that's why we can't send to them.

Thanks for your help, solution accepted!
0
 

Author Closing Comment

by:liscr
ID: 31598858
Thank you for your prompt help!!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
How to effectively resolve the number one email related issue received by helpdesks.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question