Solved

5.7.1 Relay Access Denied when replying to an email

Posted on 2009-07-06
8
630 Views
Last Modified: 2012-08-14
Why do I get a NDR 5.7.1. Relay Access Denied message when replying to an email?  It does not happen all the time, only to some messages and is totally random.

My environment is Exchange 2003 Std on Windows 2003 Std.  Their environment is SBS 2003, whcih I manage!

Is it down to 3 MX records - primary pointing directly to their own server and 2 additional ones pointing to ISP's Mail Servers?

I am assuming the NDR messages are hitting the ISP mail servers and getting rejected.  Is this right?
0
Comment
Question by:Alan Hardisty
  • 4
  • 2
  • 2
8 Comments
 
LVL 30

Expert Comment

by:renazonse
ID: 24788746
Are you using the extra MX records as some sort of fail over in case the Exchange Server goes down? Can you actually send using the ISP's mail system if you were to log into it?

If you're using it as a fail over you need to have all of the same email addresses created at the ISP's servers or you'll get that message when that particular user doesn't live there. If you're not using it as a fail over you should remove the spare MX records.

Sounds like you've hit the nail on the head.
0
 
LVL 76

Author Comment

by:Alan Hardisty
ID: 24788869
The recipient has the multiple MX records on their domain and it is when replying to their emails, that I occasionally get a NDR.
One of their ex-members of staff tried to send an email to an existing employee and got an NDR today and seems to happen more often than not with them.
The ISP is setup as secondary and tertiary MX server but no accounts are setup on their server as far as I am aware - although we are about to switch from them as ISP as they recently upgraded their and my customer to ADSL2 without warning, the internet went down for 3 days and they tried to blame the relatively new router.  It was only when I pointed out to them that all was well until the upgrade and that this was the second mutual customer with a similar problem that they accepted they might have a problem and eventually fixed it.
As far as I am aware, the backup mail server only receive the email and then forward it on if the primary goes down.  his may not be the case though as I suspect and I think you are confirming.
I hope to take control of the domain in the next day or so so will strip the additional MX records away and see if that resolves the issue, which I think it will.
Watch this space.
Thanks
Alan
0
 
LVL 27

Accepted Solution

by:
shauncroucher earned 300 total points
ID: 24788909
Alan,

What happens if you try to send a test email to the three mail servers? Do they all accept mail for a valid recipient at the customers domain name? They should all accept mail at all times regardless of whether the server with the highest priority is accessible or not.

Sounds like you are on the right track to me

Shaun
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 24788913
Telnet test that is.
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 76

Author Comment

by:Alan Hardisty
ID: 24788962
I'm firing up a dos prompt!
0
 
LVL 30

Assisted Solution

by:renazonse
renazonse earned 200 total points
ID: 24788988
I see now...makes sense.

This ISP is common to both customers? I've seen this when a customer had an email service setup with an ISP and later moved to hosting their own mail. After "canceling" the service at the ISP other people who were using that ISP's DNS servers with that same service were all sending mail directly to the old mailboxes on the ISP's servers. When new users were created on the in house mailbox and people would send to them the messages would bounce back as undeliverable since that mailbox didn't live at the ISP.

We had to eventually threaten the ISP to make them completely remove the DNS entries on their servers so they would reflect the new MX records. Sounds like a similar situation if the ISP in common to both customers.

In any case, killing the MX records is the way to go....even if it was a failover it would queue or deliver the message. Sounds like a dead end server to me.

Let's see how the telnet test turns out.
0
 
LVL 76

Author Comment

by:Alan Hardisty
ID: 24789088
ISP has not changed yet renazonse - but won't be long.
Shaun - after working out that the ISP's server was a postfix server and requires <> around the addresses!  I got a relay access denied message - well wasn't that a surprise?
Both ISP servers resolve to the same IP address!
Time to kill those MX records.
Thanks guys.
0
 
LVL 76

Author Closing Comment

by:Alan Hardisty
ID: 31600323
Thanks guys - appreciate the use of your grey cells to confirm that the ISP needs to be removed sooner rather than later!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now