Solved

5.7.1 Relay Access Denied when replying to an email

Posted on 2009-07-06
8
640 Views
Last Modified: 2012-08-14
Why do I get a NDR 5.7.1. Relay Access Denied message when replying to an email?  It does not happen all the time, only to some messages and is totally random.

My environment is Exchange 2003 Std on Windows 2003 Std.  Their environment is SBS 2003, whcih I manage!

Is it down to 3 MX records - primary pointing directly to their own server and 2 additional ones pointing to ISP's Mail Servers?

I am assuming the NDR messages are hitting the ISP mail servers and getting rejected.  Is this right?
0
Comment
Question by:Alan Hardisty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 24788746
Are you using the extra MX records as some sort of fail over in case the Exchange Server goes down? Can you actually send using the ISP's mail system if you were to log into it?

If you're using it as a fail over you need to have all of the same email addresses created at the ISP's servers or you'll get that message when that particular user doesn't live there. If you're not using it as a fail over you should remove the spare MX records.

Sounds like you've hit the nail on the head.
0
 
LVL 76

Author Comment

by:Alan Hardisty
ID: 24788869
The recipient has the multiple MX records on their domain and it is when replying to their emails, that I occasionally get a NDR.
One of their ex-members of staff tried to send an email to an existing employee and got an NDR today and seems to happen more often than not with them.
The ISP is setup as secondary and tertiary MX server but no accounts are setup on their server as far as I am aware - although we are about to switch from them as ISP as they recently upgraded their and my customer to ADSL2 without warning, the internet went down for 3 days and they tried to blame the relatively new router.  It was only when I pointed out to them that all was well until the upgrade and that this was the second mutual customer with a similar problem that they accepted they might have a problem and eventually fixed it.
As far as I am aware, the backup mail server only receive the email and then forward it on if the primary goes down.  his may not be the case though as I suspect and I think you are confirming.
I hope to take control of the domain in the next day or so so will strip the additional MX records away and see if that resolves the issue, which I think it will.
Watch this space.
Thanks
Alan
0
 
LVL 27

Accepted Solution

by:
shauncroucher earned 300 total points
ID: 24788909
Alan,

What happens if you try to send a test email to the three mail servers? Do they all accept mail for a valid recipient at the customers domain name? They should all accept mail at all times regardless of whether the server with the highest priority is accessible or not.

Sounds like you are on the right track to me

Shaun
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 27

Expert Comment

by:shauncroucher
ID: 24788913
Telnet test that is.
0
 
LVL 76

Author Comment

by:Alan Hardisty
ID: 24788962
I'm firing up a dos prompt!
0
 
LVL 30

Assisted Solution

by:Britt Thompson
Britt Thompson earned 200 total points
ID: 24788988
I see now...makes sense.

This ISP is common to both customers? I've seen this when a customer had an email service setup with an ISP and later moved to hosting their own mail. After "canceling" the service at the ISP other people who were using that ISP's DNS servers with that same service were all sending mail directly to the old mailboxes on the ISP's servers. When new users were created on the in house mailbox and people would send to them the messages would bounce back as undeliverable since that mailbox didn't live at the ISP.

We had to eventually threaten the ISP to make them completely remove the DNS entries on their servers so they would reflect the new MX records. Sounds like a similar situation if the ISP in common to both customers.

In any case, killing the MX records is the way to go....even if it was a failover it would queue or deliver the message. Sounds like a dead end server to me.

Let's see how the telnet test turns out.
0
 
LVL 76

Author Comment

by:Alan Hardisty
ID: 24789088
ISP has not changed yet renazonse - but won't be long.
Shaun - after working out that the ISP's server was a postfix server and requires <> around the addresses!  I got a relay access denied message - well wasn't that a surprise?
Both ISP servers resolve to the same IP address!
Time to kill those MX records.
Thanks guys.
0
 
LVL 76

Author Closing Comment

by:Alan Hardisty
ID: 31600323
Thanks guys - appreciate the use of your grey cells to confirm that the ISP needs to be removed sooner rather than later!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question