530 authentication required for only one site

ajdratch
ajdratch used Ask the Experts™
on
I have a client that can no longer send email to cbeyond. She gets an error back
Myclients.domain.com #5.5.0 smtp;530 Authentication required

My client has their own exchange server and they are using Outlook as an exchange client.

I telnet to cbeyond on port 25 from the mail server, enter helo command and then mail from:administrator@domain.com. I get back 530 authentication required

This only happens when sending to Cbeyond. Since the bounce back has my clients domain, they say it is not on their end.

According to the message logs in exchange
message routed and queued for remote deliuvery
started outbound transfer of message
non-delivered report (ndr) generated.

Since this is only a problem going to Cbeyond, I think it is on their end however they disagree.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Go to http://centralops.net/co/, click on their Email Dossier tool, type in the email address that is generating to NDR and test it there. (That will completely eliminate your client's server from the equation.) What results do you get?
- Eric

Author

Commented:
That works but I am not sure if that is a good test. Their MX record points to an extrenal spam filter, not their internal mail server

Commented:
Does the recipient have a cbeyond address or just use cbeyond's services? When you tested from the mail server, were you hitting the recipient's MX record server or trying to bypass the external spam filter? Is the server sending directly or through a smarthost?
- Eric
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
recipent has their own domain hosted at cbeyond.

The domains MX record is cbeyond server.

The spam filter is only for my clients incomming. That has nothing to do with the outgoing mail.

The server is sending directly out. They use Cypress and from what I was told cypress does not have a mail server they can sent through

Commented:
Okay, I have a clearer understanding of your client's setup. I'm trying to figure out what you mean by "Their MX record points to an extrenal spam filter, not their internal mail server ". Who's MX record, the recipient's?
Your client's Exchange server should look up the recipient's MX record via DNS, and then initiate a SMTP connection with that server. The centralops.net service imitates the first part of that connection. I was expecting the response there to mirror your results when you tested the connection manually using telnet, thereby providing you with proof to supply to Cbeyond that the problem isn't with your client's server. If the results differ, we'll need to try and figure out why.
- Eric

Author

Commented:
I was just pointing out that my clients MX record is not an issue since it doesn't even point to their mail server.

The problem proving this is that the bounce back has my clients mail server listed as the server sending this error message
Myclients.domain.com #5.5.0 smtp;530 Authentication required.

Cbeyond is trying to say this is an issue with the my client not authenticating with her own server. This is not the case. She can send to anyone else.

I believe the server is repling to the sender telling it that it can not connect to Cbeyond. I beleive it can't connect to Cbeyond because Cbeyond is rejecting the connection.  It would make more sense if the error message was from mail.cbeyond.net and easier to point the blame on Cbeyond servers.

Commented:
When you used the centralops.net tool, you put in the recipient's email address, right? If so, and that didn't return '530 authentication required', like your telnet test did, why not? Did you point telnet at the address that shows up as the recipient's MX record?
If the recipient's mail server is replying to your client's server with 530, then it should reply to centralops.net with 530 also. Once that happens, you have your proof to get past the Level 1 tech at Cbeyond that doesn't understand that the bounce will show "Myclients.domain.com #5.5.0 smtp;530 Authentication required" even though it is actually Cbeyond's server that is generating the bounce.
If you don't get the same results there, then we need to try and figure out why.
- Eric

Author

Commented:
Centralops does not reply with "530 autentication required"

I just did the exact same telnet from a different network and I do not get "530 autentication required"

This only happens when I telnet from that mail server. I will try to telnet from another computer on that network today.

My client is on Cypress network. I tried from another client's site that is on that network and it did not get that message either.

Commented:
Just a thought... One possibility is that DNS at the client's site resolves the address for the MX record incorrectly. You can use nslookup locally and at centralops to compare the two.
- Eric

Author

Commented:
It turns out Cbeyond uses Cisco filtering. Cisco lists my clients mail server as poor. They say they use spamcop for a blacklist server however my client is not on their blacklists. Not sure what I can do about it but I did find the source of the problem

I want to give points to equack for all the help and showing me the site centralops.net/co/ That will come in handy again.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial