Exchange 2010 - Relay Access Denied on sent messages
Hi all,
I recently got a new Fiber line in the office to replace our current provider. Upon testing, I have discovered a small problem with the mail system.
The configuration is as such: We have an Exchange 2010 server that sends out all our mail. For incoming mail ONLY, we use Microsoft Forefront (outgoing mail does not pass through forefront). The reverse DNS lookup on our external mail IP goes to mail.ourdomain.com which then points to Forefront. This has always been the case (the mechanics of the environment haven't changed, just the external IP address)
The problem is that now, we have people who cannot send email to recipients at ONE domain (they too are using Forefront for their MX record). They receive a Relay Access Denied error from our Exchange server. All emails to other domains are sending problem free. This issue did not exist prior to changing the ISP.
I have tried changing the reverse DNS to point to our external mail IP (no success) and I have telnetted into both my mail server and the recipient mail server and neither shows a Relay Access Denied when I type in the rcpt to: command.
Does anyone have any idea?
I recently got a new Fiber line in the office to replace our current provider. Upon testing, I have discovered a small problem with the mail system.
The configuration is as such: We have an Exchange 2010 server that sends out all our mail. For incoming mail ONLY, we use Microsoft Forefront (outgoing mail does not pass through forefront). The reverse DNS lookup on our external mail IP goes to mail.ourdomain.com which then points to Forefront. This has always been the case (the mechanics of the environment haven't changed, just the external IP address)
The problem is that now, we have people who cannot send email to recipients at ONE domain (they too are using Forefront for their MX record). They receive a Relay Access Denied error from our Exchange server. All emails to other domains are sending problem free. This issue did not exist prior to changing the ISP.
I have tried changing the reverse DNS to point to our external mail IP (no success) and I have telnetted into both my mail server and the recipient mail server and neither shows a Relay Access Denied when I type in the rcpt to: command.
Does anyone have any idea?
ShareefHuddle
Try to have the other company flush dns on Forefront server.
ASKER
In both cases, this is hosted Forefront. I do not believe you can flush DNS on the Microsoft servers. Am I wrong?
Well there really isn't a reason to use both Internet connections at the same time. Plus it is no fun to configure for overflow. Although you can use your verizon for local Internet and mpls only for MAN traffic and other sites internet. Yes connect the switches set your gateway for all devices to your 5510 and had route in 5510 to point all mpls traffic to your mpls router.
Yes, you are wrong, you can flush dns on Windows servers.
Although Forefront only inspects inbound mail in your setup, I assume the ip address that email is being received upon at your external router is also the same IP address that outbound mail leaves the external router?
How long ago did you change the external IP address and the 'A' record that relates to your mail MX record?
Although Forefront only inspects inbound mail in your setup, I assume the ip address that email is being received upon at your external router is also the same IP address that outbound mail leaves the external router?
How long ago did you change the external IP address and the 'A' record that relates to your mail MX record?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I guess I am missing something here - have I picked this up correctly?
In your opening post, your nslookup of your MX record resolves to mail.ourdomain.com - lets say this is 5.5.5.5
Performing a reverse lookup of 5.5.5.5 gives you mail.ourdomain.com
Traffic is moved from here (presumably the external IP of your external router) to the Forefront box and from there forwarded internally to the Exchange services.
Mail leaves your Exchange and directly goes to the external router - I assume does some form of NAT and leaves as 5.5.5.5 as the source address on route to wherever it is going?
In your opening post, your nslookup of your MX record resolves to mail.ourdomain.com - lets say this is 5.5.5.5
Performing a reverse lookup of 5.5.5.5 gives you mail.ourdomain.com
Traffic is moved from here (presumably the external IP of your external router) to the Forefront box and from there forwarded internally to the Exchange services.
Mail leaves your Exchange and directly goes to the external router - I assume does some form of NAT and leaves as 5.5.5.5 as the source address on route to wherever it is going?
ASKER
I was able to resolve the issue separately.
To clarify, Microsoft Forefront can be hosted inside a company's outer perimeter or it can be hosted by Microsoft at one of their facilities and a company just points their MX record to the Microsoft servers and they forward the mail to the company's mail server. That is the service I had been referring to.
Thanks everyone for your comments.
To clarify, Microsoft Forefront can be hosted inside a company's outer perimeter or it can be hosted by Microsoft at one of their facilities and a company just points their MX record to the Microsoft servers and they forward the mail to the company's mail server. That is the service I had been referring to.
Thanks everyone for your comments.