Exchange 2003 error -- SMTP 550 .... is not currently permitted to relay

Exchange 2003 user in a small investment firm sends out a mass mailing to all investors (about 80 recipients) and gets back 4 failure notices. Focusing on one of the failures that says "550 <our mail server> is currently not permitted to relay". This particular investor is upset and wants to know why we can't send him anything when everyone else in the world has no trouble. Emails to him fail every time when they are composed new whether he is the only recipient or a CC. Oddly, replying to his emails works just fine.
I have run our mail server through all the tests on MXToolBox and the only warning I get is "5.476 seconds - Warning on Transaction time" after the smtp diag test. The blacklists are clean, reverse DNS works and our Reverse DNS matches the SMTP banner.
Also, when I run the Microsoft utility, SmtpDiag, using our user's address as the sender and the investor's email as the recipient, it passes every test and sends successfully.
Our Exchange 2003 server is on the same machine, so the are no external DNS servers set up in exchange. DNS forwarders are set to our ISP's DNS servers in DNS.
Not sure if it's significant, but we have Kaspersky Security 5.5 for Microsoft Exchange. We use Postini for incoming, but not for outgoing.
Questions: Is there anything else in the setup on our end that could cause this failure? Is there a better way than SmtpDiag to test sending without actually sending an email to this investor? He's not in a good mood, so I don't want to involve him.
LVL 38
Tom BeckAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sounds like a configuration issue on the investors end... you are going to struggle to test this without getting him involved or one of his company's IT staff.

Your SMTP server is not set to forward all mail to a smart host is it?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tom BeckAuthor Commented:
MegaNuk3, thanks for your reply.
From the SMTP logs, all inbound emails come from Postini IP addresses. All outbound connect directly to the recipient's mail server IP address. From that I conclude that there is no smart host in between for outgoing.
For what it's worth, we have a front-end Exchange server that handles OWA. Our Watchguard firewall had a built in SMTP proxy that I eliminated weeks ago because it generated it's own SMTP banner that I could not alter to match the name of our mail server. When that was in place, we could easily get 15 failures out of 80. My guess is that some mail servers insist on a matching SMTP banner.
I have also had problems with recipients who use email forwarding services like Windows Live Hotmail Plus but I cannot tell if this recipient does because the user deleted the failure notices.
I am more inclined to wait for the next mass mailing rather than involve the recipient.
I can't understand why this recipient gets the emails when we are replying to his emails but not when we create new emails to him. That makes no sense.
Have a look in the message header of a mail that he has sent in, to see if the mail is coming in from a different server compared to what you are seeing in his domain with nslookup.

Also replies are often not checked for spam because they are seen as originating from inside the system that sent them originally.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tom BeckAuthor Commented:
I'd like to keep this question open until I get back to the office on Monday and have a look at the message header.
Any update?
Tom BeckAuthor Commented:
I couldn't tell anything from the header information. I decided to send a test email to the recipient in question from the user's account assuming he would not get it anyway and there would be no backlash.
The recipient emailed back that he received the test email and that he added a rule to his email client last week to allow such emails through. So, it was not a problem on our end. If only you could have heard how loudly he complained about not getting the investor updates we were sending him. But, hey, the customer's always right. Thanks for trying to help anyway. Can I give points for that?
Yep, you can give points for helping ;-)
Just mark my post #29120119 as the solution;   ;-)
"sounds like a configuration issue on the investors end"
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.