Can't email to external email addresses

Posted on 2011-02-23
Last Modified: 2012-05-11
Hello Experts!

Running SBS2003 with Exchange Server 2003.
Up until last week we had T1 voice an data Internet service with Integra Telecom.
Last week we added Comcast Business Class Internet Connection for connection speed.
Last Saturday I asked Integra to modify our MX Record to point to the new IP address given to us by Comcast.

I changed the settings in my firewall to reflect the new IP address.
I tested incoming mail and it worked but did not make sure emails were reaching external recipients (my bad).
On Tuesday morning I was informed that external recipients were not getting emails.
I looked on the queue and noticed there were a bunch of emails stucked there.
I was informed by Integra that I should ask Comcast to create a PTR to, this was done on Tuesday at about 11am and the said it will take 24 for the DNS Server to populate.
Today, Wednesday 6:00pm and I still have messages getting stuck in the queque.
I did tests on and everything seems to be OK.
Besides messages getting stuck in the queue, one of my users is receiving the following message when sending messages to a particular recipient.
The following recipient (s) could not be reached: on 2/23/2011 5:01pm
You do not have permission to send to this recipient. For assistance, contact your system administrator.
< #5.7.1 smtp;550 5.7.1 Unable to relay for>

I have absolutely no more ideas on how to resolve this issue.
Your help will be greatly appreciated.

Question by:ernestop
  • 6
  • 2
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34966180
Your configuration looks very RFC Compliant to me so there may be issues at the receiving end deliberately blocking you or expecting you to come in from your old IP not your new IP.  Some manually record your IP and if you stray from what they expect - they reject you.

As for the 5.7.1 error - that suggests a similar problem - the receiving server doesn't like you and you may need to contact them and get unblocked.

Author Comment

ID: 34966253
Alan, thanks for your prompt response!

My Server name is zinnserv01 and I am using a SonicWALL Email Security device, its name zinnserv03. Don't know why it is coming up on this report.
Before the change everything was working fine.
I am calling SonicWALL as we have support agreement with them. Will keep you posted.

Here is the report from

smtp:     smtp    
220 zinnserv03.zinncorp.local ESMTP SonicWALL (

 OK - resolves to
 Warning - Reverse DNS does not match SMTP Banner
 0 seconds - Good on Connection time
 Not an open relay.
 0.320 seconds - Good on Transaction time

Session Transcript:
250 zinnserv03.zinncorp.local [48 ms]
250 2.1.0 OK [48 ms]
550 5.7.1 Unable to relay for <> [48 ms]
221 2.0.0 Bye [48 ms]
reverse lookup smtp diag port scan blacklist

Reported by on Wednesday, February 23, 2011 at 5:35:21 PM (GMT-6)  (History)     mx    

Pref Hostname IP Address TTL  
10 24 hrs SMTP Test Blacklist Check
20 24 hrs SMTP Test Blacklist Check
dns lookup ns lookup mx lookup whois lookup

Reported by on Wednesday, February 23, 2011 at 5:34:52 PM (GMT-6)


Author Comment

ID: 34966625
Spoke with SonicWALL support.
zinnserv03 is a server that is running the email security software. It scans incoming mail before passsing it to the email server zinnserv01.

The line that concerns me from the mxtoolbox report is:
Warning - Reverse DNS does not match SMTP Banner
Don't know how to fix that.
Any suggestions?
thanks again in advance for all your input.
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

LVL 76

Expert Comment

by:Alan Hardisty
ID: 34967993
Okay - the Reverse DNS does not match SMTP Banner can be resolved by changing the FQDN on your server.  (I missed that - Sorry).

Open Up Exchange System Manager and expand Protocols> SMTP> Right-Click on SMTP Virtual Server and choose Properties.

On the Delivery Tab> Advanced Button, change the FQDN fom zinnserv03.zinncorp.local to

The rest of your configuration looks fine.

Author Comment

ID: 34970371

The FQDN has been there all along. That was one of the first things I double checked as per a post on the

So, that looks good. PrintScreen of FQDN
Was on the phone with Integra last night and they said everything looks good on their end (I have only talke to them and Comcast like 10 times!!!)

Author Comment

ID: 34970519
One more clarification piece:

zinnserv03 is a server running SonnicWALL mail security software.

Inbound email gets routed from my SonicWALL firewall to server "zinnserv03" where messages are scanned and then junked or sent to my SBS2003 Server "zinnserv01".

Inbound emails are reaching the Outlook clients. It is the outbound emails that are either queued up or rejected.


Accepted Solution

ernestop earned 0 total points
ID: 34973177

An old DNS entry from our previous provider in the virtual server properties.

Everything is working now!

Thanks Alan. I appreciate your input.

Author Closing Comment

ID: 35005298
Digged more into the properties of the virtual server.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data‚Ķ
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates‚Ķ

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question