5.7.1 Relay Access Denied when replying to an email

Why do I get a NDR 5.7.1. Relay Access Denied message when replying to an email?  It does not happen all the time, only to some messages and is totally random.

My environment is Exchange 2003 Std on Windows 2003 Std.  Their environment is SBS 2003, whcih I manage!

Is it down to 3 MX records - primary pointing directly to their own server and 2 additional ones pointing to ISP's Mail Servers?

I am assuming the NDR messages are hitting the ISP mail servers and getting rejected.  Is this right?
LVL 76
Alan HardistyCo-OwnerAsked:
Who is Participating?
shauncroucherConnect With a Mentor Commented:

What happens if you try to send a test email to the three mail servers? Do they all accept mail for a valid recipient at the customers domain name? They should all accept mail at all times regardless of whether the server with the highest priority is accessible or not.

Sounds like you are on the right track to me

Britt ThompsonSr. Systems EngineerCommented:
Are you using the extra MX records as some sort of fail over in case the Exchange Server goes down? Can you actually send using the ISP's mail system if you were to log into it?

If you're using it as a fail over you need to have all of the same email addresses created at the ISP's servers or you'll get that message when that particular user doesn't live there. If you're not using it as a fail over you should remove the spare MX records.

Sounds like you've hit the nail on the head.
Alan HardistyCo-OwnerAuthor Commented:
The recipient has the multiple MX records on their domain and it is when replying to their emails, that I occasionally get a NDR.
One of their ex-members of staff tried to send an email to an existing employee and got an NDR today and seems to happen more often than not with them.
The ISP is setup as secondary and tertiary MX server but no accounts are setup on their server as far as I am aware - although we are about to switch from them as ISP as they recently upgraded their and my customer to ADSL2 without warning, the internet went down for 3 days and they tried to blame the relatively new router.  It was only when I pointed out to them that all was well until the upgrade and that this was the second mutual customer with a similar problem that they accepted they might have a problem and eventually fixed it.
As far as I am aware, the backup mail server only receive the email and then forward it on if the primary goes down.  his may not be the case though as I suspect and I think you are confirming.
I hope to take control of the domain in the next day or so so will strip the additional MX records away and see if that resolves the issue, which I think it will.
Watch this space.
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Telnet test that is.
Alan HardistyCo-OwnerAuthor Commented:
I'm firing up a dos prompt!
Britt ThompsonConnect With a Mentor Sr. Systems EngineerCommented:
I see now...makes sense.

This ISP is common to both customers? I've seen this when a customer had an email service setup with an ISP and later moved to hosting their own mail. After "canceling" the service at the ISP other people who were using that ISP's DNS servers with that same service were all sending mail directly to the old mailboxes on the ISP's servers. When new users were created on the in house mailbox and people would send to them the messages would bounce back as undeliverable since that mailbox didn't live at the ISP.

We had to eventually threaten the ISP to make them completely remove the DNS entries on their servers so they would reflect the new MX records. Sounds like a similar situation if the ISP in common to both customers.

In any case, killing the MX records is the way to go....even if it was a failover it would queue or deliver the message. Sounds like a dead end server to me.

Let's see how the telnet test turns out.
Alan HardistyCo-OwnerAuthor Commented:
ISP has not changed yet renazonse - but won't be long.
Shaun - after working out that the ISP's server was a postfix server and requires <> around the addresses!  I got a relay access denied message - well wasn't that a surprise?
Both ISP servers resolve to the same IP address!
Time to kill those MX records.
Thanks guys.
Alan HardistyCo-OwnerAuthor Commented:
Thanks guys - appreciate the use of your grey cells to confirm that the ISP needs to be removed sooner rather than later!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.