Solved

Relay access denied when sending? #5.5.0 smtp;554

Posted on 2009-07-01
6
1,074 Views
Last Modified: 2012-05-07
I've run into a strange issue where we are getting a "relay access denied" NDR generated by our Exchange server while trying to send to someone outside of the domain.  The error can be easily recreated in Telnet.

The facts:
 - Exchange 2003
 - Windows Server 2003
 - Mail is hosted within domain.  Using Outlook XP - 2007
 - Authentication is required to send, however, authentication is handled through AD
 - Telnetting port 25 creates the same error message.
 - USER@YYY.com = My address -- XXX@XXX.COM = Recipient's address

I'm thinking this has something to do with the recipient's email server since they're the only domain that we cannot send to.

Here's what's happened:

 - One of my users complained about NDR when sending to XXX@XXX.COM

 - Telnetted into port 25 of my email server -- mail from: USER@YYY.COM - Sender OK (this is our sender in our domain)

 - RCPT TO: XXX@XXX.COM - 550 5.7.1 Unable to relay for XXX@XXX.COM

 - NDR text shows different error code: "There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. <mail.XYZ.com #5.5.0 smtp;554 <XXX@XXX.com>: Relay access denied>"

 - NDR is generated by my mail server.

Expert help needed:

 - Is this our issue or theirs?
 - If it's our issue, what steps can I take to resolve it?  We have authentication needed to send mail, but authentication should be happening through AD since we're all connected to the domain.  Plus, if I'm not mistaken, we're trying to relay for OUR user, NOT their user...which is weird to me.

If I had to take a guess:

 - MX record for XXX.COM (recipient's domain) shows that they have an external hosting firm.  
 - My guess, they've recently changed mail hosting firms and the rest of the world hasn't caught up yet.  The error in relaying is the old hosting firm saying "we don't handle this user"
 - I could be wrong...it wouldn't be the first time.

Thank you all for your future suggestions and input.
0
Comment
Question by:liscr
  • 3
  • 3
6 Comments
 
LVL 14

Expert Comment

by:RickEpnet
ID: 24756487
Are the Coldfusion and the Exchange server on the same network?

In the Exchange server go into the system manager and expand ot you server then expand protocols expand SMTP and click on Default SMTP virtual server right click and then click on properties then click on the access tab. Click on the relay button. I assume you have it set to  "Only the list below" if so then add the IP address of the Coldfusion server into that list.

See if that helps.

Regarding above: With out true domain names it is had to tell where the problem lies.
0
 
LVL 14

Expert Comment

by:RickEpnet
ID: 24756495
Sorry I was in the wrong category.

Still Regarding above: With out true domain names it is had to tell where the problem lies.

It would help to know the domain namse.
0
 

Author Comment

by:liscr
ID: 24756841
The sending domain is liscr.com
The recipient domain is merlinco.com
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 14

Accepted Solution

by:
RickEpnet earned 500 total points
ID: 24756937
Do you use any RBL's?

merlinco.com is listed on backscatterer.org.

Their low MX records are in0.armourplate.net, in1.armourplate.net and in2.armourplate.net
in0.armourplate.net.      A      IN      28800      195.167.168.83
0
 

Author Comment

by:liscr
ID: 24757356
I believe our firewall uses Spamhaus, and we have ninja spam filter by Sunbelt software on our exchange server.  I'm not sure if Exchange itself subscribes to any lists or if that's possible, I've been maintaining an already set up network.

I just went to DNSStuff and did a "send email" test to them and they got the same response, relay access denied.  I could call the client tomorrow and let them know that their email server is messed up...but at this point, I like trying to figure out what's wrong with it.

Thank you for your help, I'm convinced it's their issue.  Backscatter.org, I believe blacklists improperly configured email servers that don't handle NDR's properly (if I remember correctly what "backscatter" is in the IT world)  I think that's why we can't send to them.

Thanks for your help, solution accepted!
0
 

Author Closing Comment

by:liscr
ID: 31598858
Thank you for your prompt help!!
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now