Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2010 - Relay Access Denied on sent messages

Posted on 2010-11-09
7
1,814 Views
Last Modified: 2012-05-10
Hi all,

I recently got a new Fiber line in the office to replace our current provider. Upon testing, I have discovered a small problem with the mail system.

The configuration is as such: We have an Exchange 2010 server that sends out all our mail. For incoming mail ONLY, we use Microsoft Forefront (outgoing mail does not pass through forefront). The reverse DNS lookup on our external mail IP goes to mail.ourdomain.com which then points to Forefront. This has always been the case (the mechanics of the environment haven't changed, just the external IP address)

The problem is that now, we have people who cannot send email to recipients at ONE domain (they too are using Forefront for their MX record). They receive a Relay Access Denied error from our Exchange server. All emails to other domains are sending problem free. This issue did not exist prior to changing the ISP.

I have tried changing the reverse DNS to point to our external mail IP (no success) and I have telnetted into both my mail server and the recipient mail server and neither shows a Relay Access Denied when I type in the rcpt to: command.

Does anyone have any idea?
0
Comment
Question by:ITCraig
  • 3
  • 2
  • 2
7 Comments
 
LVL 8

Expert Comment

by:ShareefHuddle
ID: 34093676
Try to have the other company flush dns on Forefront server.
0
 

Author Comment

by:ITCraig
ID: 34093757
In both cases, this is hosted Forefront. I do not believe you can flush DNS on the Microsoft servers. Am I wrong?
0
 
LVL 8

Expert Comment

by:ShareefHuddle
ID: 34093764
Well there really isn't a reason to use both Internet connections at the same time. Plus it is no fun to configure for overflow. Although you can use your verizon for local Internet and mpls only for MAN traffic and other sites internet. Yes connect the switches set your gateway for all devices to your 5510 and had route in 5510 to point all mpls traffic to your mpls router.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34095755
Yes, you are wrong, you can flush dns on Windows servers.

Although Forefront only inspects inbound mail in your setup, I assume the ip address that email is being received upon at your external router is also the same IP address that outbound mail leaves the external router?

How long ago did you change the external IP address and the 'A' record that relates to your mail MX record?
0
 

Accepted Solution

by:
ITCraig earned 0 total points
ID: 34095817
Thanks Keith. I know you can flush dns in Windows, but being a hosted service, I cannot flush the DNS on Microsoft's servers stored in a data facility who knows where.

I changed the DNS records more than a week ago. This problem only became apparent this week. Because this is running through Forefront, the MX on my domian never changed - since it points to the Forefront server (on which I changed the IP to deliver mail to).
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34095976
I guess I am missing something here - have I picked this up correctly?

In your opening post, your nslookup of your MX record resolves to mail.ourdomain.com - lets say this is 5.5.5.5
Performing a reverse lookup of 5.5.5.5 gives you mail.ourdomain.com

Traffic is moved from here (presumably the external IP of your external router) to the Forefront box and from there forwarded internally to the Exchange services.
Mail leaves your Exchange and directly goes to the external router - I assume does some form of NAT and leaves as 5.5.5.5 as the source address on route to wherever it is going?
0
 

Author Closing Comment

by:ITCraig
ID: 34740689
I was able to resolve the issue separately.

To clarify, Microsoft Forefront can be hosted inside a company's outer perimeter or it can be hosted by Microsoft at one of their facilities and a company just points their MX record to the Microsoft servers and they forward the mail to the company's mail server. That is the service I had been referring to.

Thanks everyone for your comments.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question