Link to home
Start Free TrialLog in
Avatar of TrialWorks
TrialWorksFlag for United States of America

asked on

5.7.1 Unable to relay; Mailbox Unavailable; new domains; Exchange 2003

Hello Experts!

I have two Exchange 2003 Servers hosting mailboxes for about 40 domains.  I recently tried to add another domain and began having delivery problems.  After much troubleshooting I stepped back and setup a TEST account and domain (a completely different domain from the one we started) and noticed that the issues continued.    I rather not bore you guys with details and jump right to my last step that had left me scratching my head:

- If I OPEN Relay on both exchange servers, all mail delivery for new domains is successful.  If I CLOSE Relays on both exchange servers (as we want and have had for the past 5 years) delivery to the NEW domains fails with the errors below.

- I used http://www.testexchangeconnectivity. com to generate the error in the Code Snippet. I also have my NDR below to show you the issue.

- The problem occurs when mail is sent from any server EXCEPT internal (internal mail flows through fine).  

- Recipient Policies (obviously I hope) have the new domains in them and the changes propagate out.

- The last time we added a domain was about 3 months ago, and had no issues.  


Delivery to the following recipient failed permanently:

    test@testing.chiozzalaw.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.7.1 Unable to relay for test@testing.chiozzalaw.com (state 14).
Server returned status code 550 - Mailbox unavailable. The server response was: 5.7.1 Unable to relay for test@testing.chiozzalaw.com
Exception Details:
Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay for test@testing.chiozzalaw.com
Type: System.Net.Mail.SmtpFailedRecipientException
Stack Trace:
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()

Open in new window

Avatar of dexIT
dexIT
Flag of United States of America image

Has the server been patched recently?

Have you used the Best Practice Analyzer yet?
http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en
Avatar of TrialWorks

ASKER

Patches - yes, we do updates about 1ce per month. So that's something that has been on the back of my mind, but we're talking about 3 months worth of patches (or more) possibly.  So, feel l that's a gray area.

I have ran the BPA on these servers in the past few months before, but not for this issue. I'll run them right now and see what it turns out.    Here i thought I covered all the basics but that's one big one I missed.  I'll report back shortly.
I am running the BPA checks now, but wondered if you can answer one quasi-related question. We have been on a back/forth debate about a setting In exchange > SMTP > Virtual Server > Delivery > Advanced > FQDM.    Should that value, under the circumstnaces of having many domain names, be "server.domain.local"  or   "a-record.domain.com"   (local vs. public) ?    I know that the BPA will bring up that value but we could never settle the agreement on what choice is best; it seems that both work.  
So I ran the Exchange BPA and the Exchange Troubleshooter.  In BPA I did a basic health check and connectivity.   That was fine.  In Troubleshooter  I did several tests for Mail Flow.  One came back with a suggestion for error 5.7.1 (after actually picking it as the error) which I exhausted.  It does not apply here.  Then I went through and did mail flow tests, all of which successfully delivered mail - but we know that, because internally there are no problems.   All tests were successful and test messages arrived from the TroubleShooting assistant.  The problem continues from the outside.     The Exchange TA is now examining the tracking logs, but regardless of what it finds, the messages are returned almost instantly.    I did a manual track for the test email address and did not locate the failures on either server, they are bounced before the even enter the queues.  help... :(
"I am running the BPA checks now, but wondered if you can answer one quasi-related question. We have been on a back/forth debate about a setting In exchange > SMTP > Virtual Server > Delivery > Advanced > FQDM.    Should that value, under the circumstnaces of having many domain names, be "server.domain.local"  or   "a-record.domain.com"   (local vs. public) ?    I know that the BPA will bring up that value but we could never settle the agreement on what choice is best; it seems that both work.  "

I personally think .local is for best practice,  more anonymous.


How are your relay restrictions setup for this server?
In Delivery do you have anonymous access?
Relay blocks all access EXCEPT for list, and it allows anyone who successfully authenticates to relay. The really bizarre thing is only the new domain(s) added to the policy are subject to the problem, all the others move through. I don't get why swapping relay settings to "allow all except denied list" solves the issue but clearly that's not a solution we want.  And again, only newly added domains.  

Been working on the issue pretty much all day and still nowhere :(  
I did reboot my servers hoping that it may be the solution, but no go.
ASKER CERTIFIED SOLUTION
Avatar of TrialWorks
TrialWorks
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial