Solved

New users can't recieve email from outside the organisation. Exchange 2007.

Posted on 2010-08-24
15
1,332 Views
Last Modified: 2012-05-10
We have a situation where new mail users can be created within Exchange but cannot receive messages sent to them from outside the organisation. These same addresses work fine internally and can send email to the outside without any problems.

The issue also applies to mail aliases placed on users who have working exchange accounts. Messages sent to their alias from outside the organisation bounce back

External senders receive a similar error to the one below when sending too the new users/aliases:

Delivery to the following recipient failed permanently:

    new.user@problemdomain.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 Previous (cached) callout verification failure (state 14).



Running a verification test on network-tools.com produces the following:

[Contacting mail.problemdomain.com [123.456.789.123]...]
[Connected]
220 mail.problemdomain.com incoming mail service ESMTP Wed, 25 Aug 2010 11:20:48 +1200
EHLO Network-Tools.com
250-mail.problemdomain.com Hello gateway2.network-tools.com [67.222.132.194]
250-SIZE 52428800
250-PIPELINING
250 HELP
VRFY new.user
252 Administrative prohibition
RSET
250 Reset OK
EXPN new.user
550 Administrative prohibition
RSET
250 Reset OK
MAIL FROM:<admin@Network-Tools.com>
250 OK
RCPT TO:<new.user@problemdomain.com>
550-Callout verification failed:
550 550 Unrouteable address
[Address has been rejected]
RSET
250 Reset OK
QUIT
221 MAIL.problemdomain.com closing connection
[Connection closed]


Additional information - I personally don't know when this began or how long this may have been happening for as I've just taken over on this. I suspect it has something to do with the recipient update policy, however the account in question, I understand, has been around for two weeks already.
0
Comment
Question by:Steve McAuliffe
15 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 334 total points
ID: 33517063
Do yo have a 3rd party receiving your emails before they pass them on to you or do you receive them directly?
Do you have a device such as a Barracuda appliance before your Exchage Server?
If yes - then the device / 3rd party needs to be updated with the new email address.
If no - I'll think up plan B!
0
 

Expert Comment

by:grifs71
ID: 33517072
This is a domain verification error, verify the dns is setup correctly and the configuration is correct.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33517091
Also - check to see if you have Anonymous Access allowed on your default receive connector, Permission Groups.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:Steve McAuliffe
ID: 33517100
Thanks guys for the fast response.

@Alan - I don't believe they have an email appliance or are routing through a 3rd party

@grifs - If it was a DNS issue would it not be broken for the entire organisation? The network-tools verification would suggested the message is being rejected by the exchange server.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33517156
Any thoughts on my last comment (heading to bed shortly)?
Alan
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 334 total points
ID: 33517177
The alternative is anti-spam software not configured correctly and it is blocking it.
0
 

Author Comment

by:Steve McAuliffe
ID: 33517199
Anon access is enabled on the default receive connector

Anti spam is a possibility, however other outside senders have sent messages to other users at problemdomain.com without being blocked. It only appears to be happening for new users
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33517221
Okay - please open Exchange Management Console> Recipient Configuration> Mailbox> New User> Properties> Mail Flow Settings> Message Delivery Restrictions> Properties.
Is Require that all senders are authenticated ticked?  If so - it shouldn't be.  Also check Accept Messages from is set to All senders and Reject is set to No Senders.
0
 

Author Comment

by:Steve McAuliffe
ID: 33517339
All of those settings which you have detailed above appear to be already correct.
0
 
LVL 23

Assisted Solution

by:Malli Boppe
Malli Boppe earned 166 total points
ID: 33517523
I have seen this issue with Anti spam software like Mail marshall where you need to add the user/email address in the mail marshall to accept the emails.
0
 

Author Comment

by:Steve McAuliffe
ID: 33517583
This site has Forefront server security installed. I have gone through the four main tabs but can't see anything relating to blocking recipients
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33518979
To save speculation and time - can you please either post your domain name (which I will obscure / delete for you or drop me an email to alan @ it-eye.co.uk).
This will hopefully make it much easier to resolve.
Many thanks
Alan
0
 

Author Comment

by:Steve McAuliffe
ID: 33525774
It turns out there was another level of security around their email which required manually allowing new user accounts to be received. Thanks all for your input.
0
 

Author Closing Comment

by:Steve McAuliffe
ID: 33525844
There was another level of email security in place which we weren't previously aware of.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33525930
What exactly did you have in place that needed tweaking?
Always good to know for future questions.
Thanks
Alan
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now