My exchange 2007 server HUB is blacklisted

Posted on 2012-03-16
Last Modified: 2012-04-05

I have 2 hub server in my exchange organisation.

I have configure 1 send connector in evry hub server to send email to Internet.

This send connector us DNS MX to route email.

I have configure a EHLO fqdn, this fqdn point to public adress used in my firewall.

i have only open smtp port 25 outgoing from my hub server.

Are this configuration is correct?

because now i am blacklisted in and i have 3 email domain refuse my email en send to my user reject message like this:

554 5.7.1 <n.commail@domai>: Relay access denied,

what i can do to resolve the problem??

Question by:cawasaki
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
LVL 17

Accepted Solution

Suraj earned 500 total points
ID: 37733203
The set up is correct.

first find out whats the connecting Ip of the problem server which is used to send mails out [black listed one]

- here is how you find

telnet 25

after ehlo it will also give you an ip address. [note it, thats the outbound ip used]

Go to and put in that ip in black list - it will tell you which all RBL have blocked you.

- now to resolve the issue or find out why the hub got black listed do this :
1. do you have any relay connector?
2 check queue viewer to see if there is any spams showing
3. take one of the message id of it and do message tracking - check from where is it coming? smtp submission or store?

let me know
monitor the queue

Author Comment

ID: 37737018
Hi xsam,

I have many receive connector, one of them is open relay, i have add many IP adress to authorize them to send email. Its for printers, and many other applications, it user this smtp connector to send email without authentification.

may be when this email pass to internet in my send connector, it keep a trace of internal open relay?

LVL 17

Expert Comment

ID: 37738876
Yes. so lets disable the relay connector and monitor.
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.


Author Comment

ID: 37739095
i cannot disable it because have many application use it.

it is possible to change this connector to accept only internal email relay and not rely to internet?

LVL 17

Expert Comment

ID: 37740647
Changing your connecting ip would resolve the issue but you need to find out why you were rejected.

Author Comment

ID: 37741314
I need to understand.

the open relay conenctor is a receive conenctor for fiew servers with IP autorisation.

if one of this server send email to internet, it pass first in this receive connector, after that it pass by my send connector to internet.

but, here its my users with authentification receive connector is receive access denied from this domain.

554 5.7.1 <>: Relay access denied

Author Comment

ID: 37741411

ok i see in my smtp queue many spam with source IP and without from adress!

Author Comment

ID: 37741445
I have check message tracking, the sender is my postmater adress!

Author Comment

ID: 37741501
Ok, if i have spam in my hub server, the reason is my incomin email antispam not do good job.

postmaster is configured to allow non-deliveyr reports==> SO i send spam!

Author Closing Comment

ID: 37810679

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question