Exchange 2003 - 550 5.7.1 Unable to relay

Hello Experts!,  I have a scenario that I need some help with:
#5.7.1 smtp;550 5.7.1 Unable to relay
We have an exchange server 2003 sp2.   We have two email addresses for our users  username@domain.com and username@domain.net.  For the most part this has been working fine for the past couple of years.
Recently, we've been getting several external customers telling us that when they email us at the .net email address, they get a bounce back message, but they're able to send it to the .com email address with no problems.    (we've only gotten this complaint from a handful of external customers from various companies).  Here's what confuses me,  it's not all or none---most customers can send to the .net and the .com,....only a select few external customers.  at first, it thought it might be on the customers end, but now we're seeing several customers with the same issue---its looking more like its on our end. Any clues?
I've copied a bounce back message from one of the external customers:
Diagnostic information for administrators:
 
Generating server: 29smtp.domainA.com
 
Chris@domainB.net
#< #5.7.1 smtp;550 5.7.1 Unable to relay> #SMTP#
 
Original message headers:
 
Received: from 29caht1.domainA.com ([10.29.0.93]) by 29smtp.domainA.com
 with Microsoft SMTPSVC(6.0.3790.3959);   Mon, 8 Mar 2010 15:08:44 -0800
Received: from 29EXVIR1.domainA.com
 ([fe80:0000:0000:0000:2df2:c6b4:160.48.174.165]) by 29caht1.domainA.com
 ([10.29.0.93]) with mapi; Mon, 8 Mar 2010 15:08:39 -0800
From: Tim <timon@domain.com>
To: 'Chris' <Chris@domainB.net>
Date: Mon, 8 Mar 2010 15:08:39 -0800
Subject: Checking in . . .
Thread-Topic: Checking in . . .
Thread-Index: Acq/FEnfrA64GUU0Sp21tkPYkhBRNQ==
Message-ID: <AA6E520389BDED419C587D21F0CD9EEE3F9828056A@29EXVIR1.domainA.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
        boundary="_000_AA6E520389BDED419C587D21F0CD9EEE3F9828056A29EXVIR1simps_"
MIME-Version: 1.0
Return-Path: timon@domain.com
X-OriginalArrivalTime: 08 Mar 2010 23:08:44.0251 (UTC) FILETIME=[4CD132B0:01CABF14]
seven45Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

seven45Author Commented:
Thanks!
SteveCommented:
The unable to relay error would imply someone was trying to either send an email out through your mail server from another mail server or that the domain name on the outgoing email did not match the email servers domain. Do you have a reverse lookup for both domain names pointing back to your mail server?
Try http://www.mxtoolbox.com for quick lookups.
Alan HardistyCo-OwnerCommented:
You are welcome.
Can you please describe your environment a little more.
  • What sort of firewall do you have?  Anything Cisco involved?
  • Any Anti-Spam / Anti-Virus software on the server?
  • Is the problem restricted to the same sending domain (all users from this domain) or random domains / random users?
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

lukepdsilvaCommented:
make sure that your recepient policy in the 29smtp.domainA.com has domainb.net (if yes)
make sure the user has teh email address stamped for which we are getting the NDR (if yes)
using adsiedit tool
http://support.microsoft.com/kb/301386
check  (LM -- > SMtpSvc -- > 1 -- > Domain)
make sure that domainb.net is listed in there (if yes)
force replication between DC
Marius GunnerudSenior Systems EngineerCommented:
I had a similar issue with one of my clients. are the emails running off of the same server or do you have different servers for each domain?

there were two things i did to sort this issue (given that we only had one domain).

First
I had my ISP setup a reverse PTR for the domain.

Second
When you telnet to mail.domain.net 25 (or .com) what is stated at the top. It should say something like 220 "mail.domain.com" Microsoft Mail Service.....etc.

Now if it says something like 220 servername.domain.local.... then there is a problem as when remote servers try to contact you the server responds with the internal server name and not the public one. If this is the case here is what i did to resolve the issue:

For Exchange 2003 (not 100% sure but think this is where it is located)
1. Open System Manager
2. Expand Administrative Groups > First Administrative Group > Servers > server name > Protocols > SMTP
3. Right click Default SMTP Virtual Server
4. Select the Delivery Tab
5. Click Advanced
6. Make sure the correct FQDN is entered

For Exchange 2007
1. Open Exchange 2007 Console
2. Expand Server Configuration
3. Select Hub Transport
4. On the Receive Connectors Tab right click Default and choose properties
Change the FQDN on the General tab to the external name
5. Select Authentication tab
6. Unselect Exchange Server Authentication
7. Click Apply

Another possibility is that you need an SPF record configured as more and more servers are starting to require them. Take a look at this link to set this up: http://www.msexchange.org/articles/SPF-support-Exchange-freeware.html 

MAG

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MegaNuk3Commented:
In the NDR does it mention a server name next to the 5.7.1? Is it 29smtp.domainA.com ? is that your Exchange 2003 server?

Do you only have one E2k3 server that hosts both domains?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.