Solved

Exchange 2010 - Relay Access Denied on sent messages

Posted on 2010-11-09
7
1,813 Views
Last Modified: 2012-05-10
Hi all,

I recently got a new Fiber line in the office to replace our current provider. Upon testing, I have discovered a small problem with the mail system.

The configuration is as such: We have an Exchange 2010 server that sends out all our mail. For incoming mail ONLY, we use Microsoft Forefront (outgoing mail does not pass through forefront). The reverse DNS lookup on our external mail IP goes to mail.ourdomain.com which then points to Forefront. This has always been the case (the mechanics of the environment haven't changed, just the external IP address)

The problem is that now, we have people who cannot send email to recipients at ONE domain (they too are using Forefront for their MX record). They receive a Relay Access Denied error from our Exchange server. All emails to other domains are sending problem free. This issue did not exist prior to changing the ISP.

I have tried changing the reverse DNS to point to our external mail IP (no success) and I have telnetted into both my mail server and the recipient mail server and neither shows a Relay Access Denied when I type in the rcpt to: command.

Does anyone have any idea?
0
Comment
Question by:ITCraig
  • 3
  • 2
  • 2
7 Comments
 
LVL 8

Expert Comment

by:ShareefHuddle
ID: 34093676
Try to have the other company flush dns on Forefront server.
0
 

Author Comment

by:ITCraig
ID: 34093757
In both cases, this is hosted Forefront. I do not believe you can flush DNS on the Microsoft servers. Am I wrong?
0
 
LVL 8

Expert Comment

by:ShareefHuddle
ID: 34093764
Well there really isn't a reason to use both Internet connections at the same time. Plus it is no fun to configure for overflow. Although you can use your verizon for local Internet and mpls only for MAN traffic and other sites internet. Yes connect the switches set your gateway for all devices to your 5510 and had route in 5510 to point all mpls traffic to your mpls router.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34095755
Yes, you are wrong, you can flush dns on Windows servers.

Although Forefront only inspects inbound mail in your setup, I assume the ip address that email is being received upon at your external router is also the same IP address that outbound mail leaves the external router?

How long ago did you change the external IP address and the 'A' record that relates to your mail MX record?
0
 

Accepted Solution

by:
ITCraig earned 0 total points
ID: 34095817
Thanks Keith. I know you can flush dns in Windows, but being a hosted service, I cannot flush the DNS on Microsoft's servers stored in a data facility who knows where.

I changed the DNS records more than a week ago. This problem only became apparent this week. Because this is running through Forefront, the MX on my domian never changed - since it points to the Forefront server (on which I changed the IP to deliver mail to).
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34095976
I guess I am missing something here - have I picked this up correctly?

In your opening post, your nslookup of your MX record resolves to mail.ourdomain.com - lets say this is 5.5.5.5
Performing a reverse lookup of 5.5.5.5 gives you mail.ourdomain.com

Traffic is moved from here (presumably the external IP of your external router) to the Forefront box and from there forwarded internally to the Exchange services.
Mail leaves your Exchange and directly goes to the external router - I assume does some form of NAT and leaves as 5.5.5.5 as the source address on route to wherever it is going?
0
 

Author Closing Comment

by:ITCraig
ID: 34740689
I was able to resolve the issue separately.

To clarify, Microsoft Forefront can be hosted inside a company's outer perimeter or it can be hosted by Microsoft at one of their facilities and a company just points their MX record to the Microsoft servers and they forward the mail to the company's mail server. That is the service I had been referring to.

Thanks everyone for your comments.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question