Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Relay access denied when sending? #5.5.0 smtp;554

Posted on 2009-07-01
6
Medium Priority
?
1,235 Views
Last Modified: 2012-05-07
I've run into a strange issue where we are getting a "relay access denied" NDR generated by our Exchange server while trying to send to someone outside of the domain.  The error can be easily recreated in Telnet.

The facts:
 - Exchange 2003
 - Windows Server 2003
 - Mail is hosted within domain.  Using Outlook XP - 2007
 - Authentication is required to send, however, authentication is handled through AD
 - Telnetting port 25 creates the same error message.
 - USER@YYY.com = My address -- XXX@XXX.COM = Recipient's address

I'm thinking this has something to do with the recipient's email server since they're the only domain that we cannot send to.

Here's what's happened:

 - One of my users complained about NDR when sending to XXX@XXX.COM

 - Telnetted into port 25 of my email server -- mail from: USER@YYY.COM - Sender OK (this is our sender in our domain)

 - RCPT TO: XXX@XXX.COM - 550 5.7.1 Unable to relay for XXX@XXX.COM

 - NDR text shows different error code: "There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. <mail.XYZ.com #5.5.0 smtp;554 <XXX@XXX.com>: Relay access denied>"

 - NDR is generated by my mail server.

Expert help needed:

 - Is this our issue or theirs?
 - If it's our issue, what steps can I take to resolve it?  We have authentication needed to send mail, but authentication should be happening through AD since we're all connected to the domain.  Plus, if I'm not mistaken, we're trying to relay for OUR user, NOT their user...which is weird to me.

If I had to take a guess:

 - MX record for XXX.COM (recipient's domain) shows that they have an external hosting firm.  
 - My guess, they've recently changed mail hosting firms and the rest of the world hasn't caught up yet.  The error in relaying is the old hosting firm saying "we don't handle this user"
 - I could be wrong...it wouldn't be the first time.

Thank you all for your future suggestions and input.
0
Comment
Question by:liscr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 14

Expert Comment

by:RickEpnet
ID: 24756487
Are the Coldfusion and the Exchange server on the same network?

In the Exchange server go into the system manager and expand ot you server then expand protocols expand SMTP and click on Default SMTP virtual server right click and then click on properties then click on the access tab. Click on the relay button. I assume you have it set to  "Only the list below" if so then add the IP address of the Coldfusion server into that list.

See if that helps.

Regarding above: With out true domain names it is had to tell where the problem lies.
0
 
LVL 14

Expert Comment

by:RickEpnet
ID: 24756495
Sorry I was in the wrong category.

Still Regarding above: With out true domain names it is had to tell where the problem lies.

It would help to know the domain namse.
0
 

Author Comment

by:liscr
ID: 24756841
The sending domain is liscr.com
The recipient domain is merlinco.com
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 14

Accepted Solution

by:
RickEpnet earned 2000 total points
ID: 24756937
Do you use any RBL's?

merlinco.com is listed on backscatterer.org.

Their low MX records are in0.armourplate.net, in1.armourplate.net and in2.armourplate.net
in0.armourplate.net.      A      IN      28800      195.167.168.83
0
 

Author Comment

by:liscr
ID: 24757356
I believe our firewall uses Spamhaus, and we have ninja spam filter by Sunbelt software on our exchange server.  I'm not sure if Exchange itself subscribes to any lists or if that's possible, I've been maintaining an already set up network.

I just went to DNSStuff and did a "send email" test to them and they got the same response, relay access denied.  I could call the client tomorrow and let them know that their email server is messed up...but at this point, I like trying to figure out what's wrong with it.

Thank you for your help, I'm convinced it's their issue.  Backscatter.org, I believe blacklists improperly configured email servers that don't handle NDR's properly (if I remember correctly what "backscatter" is in the IT world)  I think that's why we can't send to them.

Thanks for your help, solution accepted!
0
 

Author Closing Comment

by:liscr
ID: 31598858
Thank you for your prompt help!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question