Exchange 2003 error -- SMTP 550 .... is not currently permitted to relay
Exchange 2003 user in a small investment firm sends out a mass mailing to all investors (about 80 recipients) and gets back 4 failure notices. Focusing on one of the failures that says "550 <our mail server> is currently not permitted to relay". This particular investor is upset and wants to know why we can't send him anything when everyone else in the world has no trouble. Emails to him fail every time when they are composed new whether he is the only recipient or a CC. Oddly, replying to his emails works just fine.
I have run our mail server through all the tests on MXToolBox and the only warning I get is "5.476 seconds - Warning on Transaction time" after the smtp diag test. The blacklists are clean, reverse DNS works and our Reverse DNS matches the SMTP banner.
Also, when I run the Microsoft utility, SmtpDiag, using our user's address as the sender and the investor's email as the recipient, it passes every test and sends successfully.
Our Exchange 2003 server is on the same machine, so the are no external DNS servers set up in exchange. DNS forwarders are set to our ISP's DNS servers in DNS.
Not sure if it's significant, but we have Kaspersky Security 5.5 for Microsoft Exchange. We use Postini for incoming, but not for outgoing.
Questions: Is there anything else in the setup on our end that could cause this failure? Is there a better way than SmtpDiag to test sending without actually sending an email to this investor? He's not in a good mood, so I don't want to involve him.
I have run our mail server through all the tests on MXToolBox and the only warning I get is "5.476 seconds - Warning on Transaction time" after the smtp diag test. The blacklists are clean, reverse DNS works and our Reverse DNS matches the SMTP banner.
Also, when I run the Microsoft utility, SmtpDiag, using our user's address as the sender and the investor's email as the recipient, it passes every test and sends successfully.
Our Exchange 2003 server is on the same machine, so the are no external DNS servers set up in exchange. DNS forwarders are set to our ISP's DNS servers in DNS.
Not sure if it's significant, but we have Kaspersky Security 5.5 for Microsoft Exchange. We use Postini for incoming, but not for outgoing.
Questions: Is there anything else in the setup on our end that could cause this failure? Is there a better way than SmtpDiag to test sending without actually sending an email to this investor? He's not in a good mood, so I don't want to involve him.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have a look in the message header of a mail that he has sent in, to see if the mail is coming in from a different server compared to what you are seeing in his domain with nslookup.
Also replies are often not checked for spam because they are seen as originating from inside the system that sent them originally.
Also replies are often not checked for spam because they are seen as originating from inside the system that sent them originally.
ASKER
I'd like to keep this question open until I get back to the office on Monday and have a look at the message header.
Any update?
ASKER
MegaNuk3,
I couldn't tell anything from the header information. I decided to send a test email to the recipient in question from the user's account assuming he would not get it anyway and there would be no backlash.
The recipient emailed back that he received the test email and that he added a rule to his email client last week to allow such emails through. So, it was not a problem on our end. If only you could have heard how loudly he complained about not getting the investor updates we were sending him. But, hey, the customer's always right. Thanks for trying to help anyway. Can I give points for that?
I couldn't tell anything from the header information. I decided to send a test email to the recipient in question from the user's account assuming he would not get it anyway and there would be no backlash.
The recipient emailed back that he received the test email and that he added a rule to his email client last week to allow such emails through. So, it was not a problem on our end. If only you could have heard how loudly he complained about not getting the investor updates we were sending him. But, hey, the customer's always right. Thanks for trying to help anyway. Can I give points for that?
Yep, you can give points for helping ;-)
Just mark my post #29120119 as the solution; ;-)
"sounds like a configuration issue on the investors end"
"sounds like a configuration issue on the investors end"
ASKER
From the SMTP logs, all inbound emails come from Postini IP addresses. All outbound connect directly to the recipient's mail server IP address. From that I conclude that there is no smart host in between for outgoing.
For what it's worth, we have a front-end Exchange server that handles OWA. Our Watchguard firewall had a built in SMTP proxy that I eliminated weeks ago because it generated it's own SMTP banner that I could not alter to match the name of our mail server. When that was in place, we could easily get 15 failures out of 80. My guess is that some mail servers insist on a matching SMTP banner.
I have also had problems with recipients who use email forwarding services like Windows Live Hotmail Plus but I cannot tell if this recipient does because the user deleted the failure notices.
I am more inclined to wait for the next mass mailing rather than involve the recipient.
I can't understand why this recipient gets the emails when we are replying to his emails but not when we create new emails to him. That makes no sense.