[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

5.7.1 Relay Access Denied when replying to an email

Posted on 2009-07-06
8
Medium Priority
?
648 Views
Last Modified: 2012-08-14
Why do I get a NDR 5.7.1. Relay Access Denied message when replying to an email?  It does not happen all the time, only to some messages and is totally random.

My environment is Exchange 2003 Std on Windows 2003 Std.  Their environment is SBS 2003, whcih I manage!

Is it down to 3 MX records - primary pointing directly to their own server and 2 additional ones pointing to ISP's Mail Servers?

I am assuming the NDR messages are hitting the ISP mail servers and getting rejected.  Is this right?
0
Comment
Question by:Alan Hardisty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 24788746
Are you using the extra MX records as some sort of fail over in case the Exchange Server goes down? Can you actually send using the ISP's mail system if you were to log into it?

If you're using it as a fail over you need to have all of the same email addresses created at the ISP's servers or you'll get that message when that particular user doesn't live there. If you're not using it as a fail over you should remove the spare MX records.

Sounds like you've hit the nail on the head.
0
 
LVL 76

Author Comment

by:Alan Hardisty
ID: 24788869
The recipient has the multiple MX records on their domain and it is when replying to their emails, that I occasionally get a NDR.
One of their ex-members of staff tried to send an email to an existing employee and got an NDR today and seems to happen more often than not with them.
The ISP is setup as secondary and tertiary MX server but no accounts are setup on their server as far as I am aware - although we are about to switch from them as ISP as they recently upgraded their and my customer to ADSL2 without warning, the internet went down for 3 days and they tried to blame the relatively new router.  It was only when I pointed out to them that all was well until the upgrade and that this was the second mutual customer with a similar problem that they accepted they might have a problem and eventually fixed it.
As far as I am aware, the backup mail server only receive the email and then forward it on if the primary goes down.  his may not be the case though as I suspect and I think you are confirming.
I hope to take control of the domain in the next day or so so will strip the additional MX records away and see if that resolves the issue, which I think it will.
Watch this space.
Thanks
Alan
0
 
LVL 27

Accepted Solution

by:
shauncroucher earned 1200 total points
ID: 24788909
Alan,

What happens if you try to send a test email to the three mail servers? Do they all accept mail for a valid recipient at the customers domain name? They should all accept mail at all times regardless of whether the server with the highest priority is accessible or not.

Sounds like you are on the right track to me

Shaun
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 27

Expert Comment

by:shauncroucher
ID: 24788913
Telnet test that is.
0
 
LVL 76

Author Comment

by:Alan Hardisty
ID: 24788962
I'm firing up a dos prompt!
0
 
LVL 30

Assisted Solution

by:Britt Thompson
Britt Thompson earned 800 total points
ID: 24788988
I see now...makes sense.

This ISP is common to both customers? I've seen this when a customer had an email service setup with an ISP and later moved to hosting their own mail. After "canceling" the service at the ISP other people who were using that ISP's DNS servers with that same service were all sending mail directly to the old mailboxes on the ISP's servers. When new users were created on the in house mailbox and people would send to them the messages would bounce back as undeliverable since that mailbox didn't live at the ISP.

We had to eventually threaten the ISP to make them completely remove the DNS entries on their servers so they would reflect the new MX records. Sounds like a similar situation if the ISP in common to both customers.

In any case, killing the MX records is the way to go....even if it was a failover it would queue or deliver the message. Sounds like a dead end server to me.

Let's see how the telnet test turns out.
0
 
LVL 76

Author Comment

by:Alan Hardisty
ID: 24789088
ISP has not changed yet renazonse - but won't be long.
Shaun - after working out that the ISP's server was a postfix server and requires <> around the addresses!  I got a relay access denied message - well wasn't that a surprise?
Both ISP servers resolve to the same IP address!
Time to kill those MX records.
Thanks guys.
0
 
LVL 76

Author Closing Comment

by:Alan Hardisty
ID: 31600323
Thanks guys - appreciate the use of your grey cells to confirm that the ISP needs to be removed sooner rather than later!
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question