Steve McAuliffe
asked on
New users can't recieve email from outside the organisation. Exchange 2007.
We have a situation where new mail users can be created within Exchange but cannot receive messages sent to them from outside the organisation. These same addresses work fine internally and can send email to the outside without any problems.
The issue also applies to mail aliases placed on users who have working exchange accounts. Messages sent to their alias from outside the organisation bounce back
External senders receive a similar error to the one below when sending too the new users/aliases:
Running a verification test on network-tools.com produces the following:
[Contacting mail.problemdomain.com [123.456.789.123]...]
[Connected]
220 mail.problemdomain.com incoming mail service ESMTP Wed, 25 Aug 2010 11:20:48 +1200
EHLO Network-Tools.com
250-mail.problemdomain.com
250-SIZE 52428800
250-PIPELINING
250 HELP
VRFY new.user
252 Administrative prohibition
RSET
250 Reset OK
EXPN new.user
550 Administrative prohibition
RSET
250 Reset OK
MAIL FROM:<admin@Network-Tools.
250 OK
RCPT TO:<new.user@problemdomain
550-Callout verification failed:
550 550 Unrouteable address
[Address has been rejected]
RSET
250 Reset OK
QUIT
221 MAIL.problemdomain.com closing connection
[Connection closed]
Additional information - I personally don't know when this began or how long this may have been happening for as I've just taken over on this. I suspect it has something to do with the recipient update policy, however the account in question, I understand, has been around for two weeks already.
The issue also applies to mail aliases placed on users who have working exchange accounts. Messages sent to their alias from outside the organisation bounce back
External senders receive a similar error to the one below when sending too the new users/aliases:
Delivery to the following recipient failed permanently:
new.user@problemdomain.com
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 Previous (cached) callout verification failure (state 14).
new.user@problemdomain.com
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 Previous (cached) callout verification failure (state 14).
Running a verification test on network-tools.com produces the following:
[Contacting mail.problemdomain.com [123.456.789.123]...]
[Connected]
220 mail.problemdomain.com incoming mail service ESMTP Wed, 25 Aug 2010 11:20:48 +1200
EHLO Network-Tools.com
250-mail.problemdomain.com
250-SIZE 52428800
250-PIPELINING
250 HELP
VRFY new.user
252 Administrative prohibition
RSET
250 Reset OK
EXPN new.user
550 Administrative prohibition
RSET
250 Reset OK
MAIL FROM:<admin@Network-Tools.
250 OK
RCPT TO:<new.user@problemdomain
550-Callout verification failed:
550 550 Unrouteable address
[Address has been rejected]
RSET
250 Reset OK
QUIT
221 MAIL.problemdomain.com closing connection
[Connection closed]
Additional information - I personally don't know when this began or how long this may have been happening for as I've just taken over on this. I suspect it has something to do with the recipient update policy, however the account in question, I understand, has been around for two weeks already.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is a domain verification error, verify the dns is setup correctly and the configuration is correct.
Also - check to see if you have Anonymous Access allowed on your default receive connector, Permission Groups.
ASKER
Thanks guys for the fast response.
@Alan - I don't believe they have an email appliance or are routing through a 3rd party
@grifs - If it was a DNS issue would it not be broken for the entire organisation? The network-tools verification would suggested the message is being rejected by the exchange server.
@Alan - I don't believe they have an email appliance or are routing through a 3rd party
@grifs - If it was a DNS issue would it not be broken for the entire organisation? The network-tools verification would suggested the message is being rejected by the exchange server.
Any thoughts on my last comment (heading to bed shortly)?
Alan
Alan
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Anon access is enabled on the default receive connector
Anti spam is a possibility, however other outside senders have sent messages to other users at problemdomain.com without being blocked. It only appears to be happening for new users
Anti spam is a possibility, however other outside senders have sent messages to other users at problemdomain.com without being blocked. It only appears to be happening for new users
Okay - please open Exchange Management Console> Recipient Configuration> Mailbox> New User> Properties> Mail Flow Settings> Message Delivery Restrictions> Properties.
Is Require that all senders are authenticated ticked? If so - it shouldn't be. Also check Accept Messages from is set to All senders and Reject is set to No Senders.
Is Require that all senders are authenticated ticked? If so - it shouldn't be. Also check Accept Messages from is set to All senders and Reject is set to No Senders.
ASKER
All of those settings which you have detailed above appear to be already correct.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This site has Forefront server security installed. I have gone through the four main tabs but can't see anything relating to blocking recipients
To save speculation and time - can you please either post your domain name (which I will obscure / delete for you or drop me an email to alan @ it-eye.co.uk).
This will hopefully make it much easier to resolve.
Many thanks
Alan
This will hopefully make it much easier to resolve.
Many thanks
Alan
ASKER
It turns out there was another level of security around their email which required manually allowing new user accounts to be received. Thanks all for your input.
ASKER
There was another level of email security in place which we weren't previously aware of.
What exactly did you have in place that needed tweaking?
Always good to know for future questions.
Thanks
Alan
Always good to know for future questions.
Thanks
Alan