5.7.1 Relay Access Denied when replying to an email

Why do I get a NDR 5.7.1. Relay Access Denied message when replying to an email?  It does not happen all the time, only to some messages and is totally random.

My environment is Exchange 2003 Std on Windows 2003 Std.  Their environment is SBS 2003, whcih I manage!

Is it down to 3 MX records - primary pointing directly to their own server and 2 additional ones pointing to ISP's Mail Servers?

I am assuming the NDR messages are hitting the ISP mail servers and getting rejected.  Is this right?
LVL 76
Alan HardistyCo-OwnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Britt ThompsonSr. Systems EngineerCommented:
Are you using the extra MX records as some sort of fail over in case the Exchange Server goes down? Can you actually send using the ISP's mail system if you were to log into it?

If you're using it as a fail over you need to have all of the same email addresses created at the ISP's servers or you'll get that message when that particular user doesn't live there. If you're not using it as a fail over you should remove the spare MX records.

Sounds like you've hit the nail on the head.
0
Alan HardistyCo-OwnerAuthor Commented:
The recipient has the multiple MX records on their domain and it is when replying to their emails, that I occasionally get a NDR.
One of their ex-members of staff tried to send an email to an existing employee and got an NDR today and seems to happen more often than not with them.
The ISP is setup as secondary and tertiary MX server but no accounts are setup on their server as far as I am aware - although we are about to switch from them as ISP as they recently upgraded their and my customer to ADSL2 without warning, the internet went down for 3 days and they tried to blame the relatively new router.  It was only when I pointed out to them that all was well until the upgrade and that this was the second mutual customer with a similar problem that they accepted they might have a problem and eventually fixed it.
As far as I am aware, the backup mail server only receive the email and then forward it on if the primary goes down.  his may not be the case though as I suspect and I think you are confirming.
I hope to take control of the domain in the next day or so so will strip the additional MX records away and see if that resolves the issue, which I think it will.
Watch this space.
Thanks
Alan
0
shauncroucherCommented:
Alan,

What happens if you try to send a test email to the three mail servers? Do they all accept mail for a valid recipient at the customers domain name? They should all accept mail at all times regardless of whether the server with the highest priority is accessible or not.

Sounds like you are on the right track to me

Shaun
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

shauncroucherCommented:
Telnet test that is.
0
Alan HardistyCo-OwnerAuthor Commented:
I'm firing up a dos prompt!
0
Britt ThompsonSr. Systems EngineerCommented:
I see now...makes sense.

This ISP is common to both customers? I've seen this when a customer had an email service setup with an ISP and later moved to hosting their own mail. After "canceling" the service at the ISP other people who were using that ISP's DNS servers with that same service were all sending mail directly to the old mailboxes on the ISP's servers. When new users were created on the in house mailbox and people would send to them the messages would bounce back as undeliverable since that mailbox didn't live at the ISP.

We had to eventually threaten the ISP to make them completely remove the DNS entries on their servers so they would reflect the new MX records. Sounds like a similar situation if the ISP in common to both customers.

In any case, killing the MX records is the way to go....even if it was a failover it would queue or deliver the message. Sounds like a dead end server to me.

Let's see how the telnet test turns out.
0
Alan HardistyCo-OwnerAuthor Commented:
ISP has not changed yet renazonse - but won't be long.
Shaun - after working out that the ISP's server was a postfix server and requires <> around the addresses!  I got a relay access denied message - well wasn't that a surprise?
Both ISP servers resolve to the same IP address!
Time to kill those MX records.
Thanks guys.
0
Alan HardistyCo-OwnerAuthor Commented:
Thanks guys - appreciate the use of your grey cells to confirm that the ISP needs to be removed sooner rather than later!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.